An update that fixes four vulnerabilities is now available.
Description:
This update for icoutils to version 0.31.1 fixes the following issues:
- CVE-2017-5208: An integer overflow allows maliciously crafted files to cause DoS or code execution (boo#1018756). - CVE-2017-5331: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). - CVE-2017-5332: Missing out of bounds checks in extract_group_icon_cursor_resource allow for DoS or code execution (boo#1018756). - CVE-2017-5333: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2017-103=1
To bring your system up-to-date, use "zypper patch".