openSUSE-SU-2023:0031-1

Опубликовано: 23 янв. 2023

Источник: suse-cvrf

Описание

Security update for upx

upx was updated to fix the following issues:

CVE-2023-23457: Fixed a segmentation fault when processing malicious elf files (boo#1207122)

Update to release 4.0.1

Fix crash when a linux/armeb LZMA-packed binary unpacks itself.
Resolve 'CantPackException: bad ElfXX_Shdrs' with staticly-linked programs.
Resolve 'CantPackException: need DT_INIT;...' when attempting to re-compress an already packed binary.

Update to release 4.0

Add support for EFI files

Список пакетов

SUSE Package Hub 15 SP4

upx-4.0.1-bp154.4.3.1

openSUSE Leap 15.4

upx-4.0.1-bp154.4.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OY3PZTUNJBOAOSBB3625O5WLS7HRY73I/
E-Mail link for openSUSE-SU-2023:0031-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1207122
SUSE Bug 1207122
https://www.suse.com/security/cve/CVE-2023-23457/
SUSE CVE CVE-2023-23457 page

Описание

A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.

Затронутые продукты

SUSE Package Hub 15 SP4:upx-4.0.1-bp154.4.3.1

openSUSE Leap 15.4:upx-4.0.1-bp154.4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-23457.html
CVE-2023-23457
https://bugzilla.suse.com/1207122
SUSE Bug 1207122

openSUSE-SU-2023:0031-1

Описание

Список пакетов

SUSE Package Hub 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-23457

Описание

Затронутые продукты

Ссылки