openSUSE-SU-2025:0147-1

Опубликовано: 09 мая 2025

Источник: suse-cvrf

Описание

Security update for mozjs102

This update for mozjs102 fixes the following issue:

CVE-2024-56431: avoid negative shift in huffdec.c (bsc#1234837).

Список пакетов

SUSE Package Hub 15 SP6

libmozjs-102-0-102.15.1-bp156.3.3.1

mozjs102-102.15.1-bp156.3.3.1

mozjs102-devel-102.15.1-bp156.3.3.1

openSUSE Leap 15.6

libmozjs-102-0-102.15.1-bp156.3.3.1

mozjs102-102.15.1-bp156.3.3.1

mozjs102-devel-102.15.1-bp156.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3WCFOTADKX35CGXEBFG7GRNA56ZXL5MJ/
E-Mail link for openSUSE-SU-2025:0147-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1234837
SUSE Bug 1234837
https://www.suse.com/security/cve/CVE-2024-56431/
SUSE CVE CVE-2024-56431 page

Описание

** DISPUTED ** oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.

Затронутые продукты

SUSE Package Hub 15 SP6:libmozjs-102-0-102.15.1-bp156.3.3.1

SUSE Package Hub 15 SP6:mozjs102-102.15.1-bp156.3.3.1

SUSE Package Hub 15 SP6:mozjs102-devel-102.15.1-bp156.3.3.1

openSUSE Leap 15.6:libmozjs-102-0-102.15.1-bp156.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-56431.html
CVE-2024-56431
https://bugzilla.suse.com/1234836
SUSE Bug 1234836

openSUSE-SU-2025:0147-1

Описание

Список пакетов

SUSE Package Hub 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-56431

Описание

Затронутые продукты

Ссылки