Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in ledger
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in ledger
ID: openSUSE-SU-2019:1779-1
Distribution: SUSE
Plattformen: SUSE openSUSE Leap 15.0, SUSE openSUSE Leap 15.1
Datum: So, 21. Juli 2019, 16:17
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12482
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12481
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2807
Applikationen: Ledger

Originalnachricht

   openSUSE Security Update: Security update for ledger
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1779-1
Rating: moderate
References: #1052478 #1052484 #1105084
Cross-References: CVE-2017-12481 CVE-2017-12482 CVE-2017-2807
CVE-2017-2808
Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for ledger fixes the following issues:

ledger was updated to 3.1.3:

+ Properly reject postings with a comment right after the flag (bug #1753)
+ Make sorting order of lot information deterministic (bug #1747)
+ Fix bug in tag value parsing (bug #1702)
+ Remove the org command, which was always a hack to begin with (bug #1706)
+ Provide Docker information in README
+ Various small documentation improvements

This also includes the update to 3.1.2:

+ Increase maximum length for regex from 255 to 4095 (bug #981)
+ Initialize periods from from/since clause rather than earliest
transaction date (bug #1159)
+ Check balance assertions against the amount after the posting (bug #1147)
+ Allow balance assertions with multiple posts to same account (bug #1187)
+ Fix period duration of "every X days" and similar statements (bug
#370)
+ Make option --force-color not require --color anymore (bug #1109)
+ Add quoted_rfc4180 to allow CVS output with RFC 4180 compliant quoting.
+ Add support for --prepend-format in accounts command
+ Fix handling of edge cases in trim function (bug #520)
+ Fix auto xact posts not getting applied to account total during journal
parse (bug #552)
+ Transfer null_post flags to generated postings
+ Fix segfault when using --market with --group-by
+ Use amount_width variable for budget report
+ Keep pending items in budgets until the last day they apply
+ Fix bug where .total used in value expressions breaks totals
+ Make automated transactions work with assertions (bug #1127)
+ Improve parsing of date tokens (bug #1626)
+ Don't attempt to invert a value if it's already zero (bug #1703)
+ Do not parse user-specified init-file twice
+ Fix parsing issue of effective dates (bug #1722, TALOS-2017-0303,
CVE-2017-2807)
+ Fix use-after-free issue with deferred postings (bug #1723,
TALOS-2017-0304, CVE-2017-2808)
+ Fix possible stack overflow in option parsing routine (bug #1222,
CVE-2017-12481)
+ Fix possible stack overflow in date parsing routine (bug #1224,
CVE-2017-12482)
+ Fix use-after-free when using --gain (bug #541)
+ Python: Removed double quotes from Unicode values.
+ Python: Ensure that parse errors produce useful RuntimeErrors
+ Python: Expose journal expand_aliases
+ Python: Expose journal_t::register_account
+ Improve bash completion
+ Emacs Lisp files have been moved to https://github.com/ledger/ledger-mode
+ Various documentation improvements


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1779=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1779=1



Package List:

- openSUSE Leap 15.1 (x86_64):

ledger-3.1.3-lp151.3.3.1
ledger-debuginfo-3.1.3-lp151.3.3.1
ledger-debugsource-3.1.3-lp151.3.3.1

- openSUSE Leap 15.0 (x86_64):

ledger-3.1.3-lp150.2.3.1
ledger-debuginfo-3.1.3-lp150.2.3.1
ledger-debugsource-3.1.3-lp150.2.3.1


References:

https://www.suse.com/security/cve/CVE-2017-12481.html
https://www.suse.com/security/cve/CVE-2017-12482.html
https://www.suse.com/security/cve/CVE-2017-2807.html
https://www.suse.com/security/cve/CVE-2017-2808.html
https://bugzilla.suse.com/1052478
https://bugzilla.suse.com/1052484
https://bugzilla.suse.com/1105084

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung