Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in djvulibre
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in djvulibre
ID: SUSE-SU-2019:2452-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Module for Desktop Applications 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Packagehub Subpackages 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Desktop Applications 15-SP1
Datum: Di, 24. September 2019, 22:30
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15144
Applikationen: DjVuLibre

Originalnachricht


SUSE Security Update: Security update for djvulibre
______________________________________________________________________________

Announcement ID: SUSE-SU-2019:2452-1
Rating: moderate
References: #1146569 #1146571 #1146572 #1146702
Cross-References: CVE-2019-15142 CVE-2019-15143 CVE-2019-15144
CVE-2019-15145
Affected Products:
SUSE Linux Enterprise Module for Packagehub Subpackages 15
SUSE Linux Enterprise Module for Open Buildservice
Development Tools 15-SP1
SUSE Linux Enterprise Module for Open Buildservice
Development Tools 15
SUSE Linux Enterprise Module for Desktop Applications
15-SP1
SUSE Linux Enterprise Module for Desktop Applications 15
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for djvulibre fixes the following issues:

Security issues fixed:

- CVE-2019-15142: Fixed heap-based buffer over-read (bsc#1146702).
- CVE-2019-15143: Fixed resource exhaustion caused by corrupted image
files (bsc#1146569).
- CVE-2019-15144: Fixed denial-of-service caused by crafted PBM image
files (bsc#1146571).
- CVE-2019-15145: Fixed out-of-bounds read caused by corrupted JB2 image
files (bsc#1146572).
- Fixed segfault when libtiff encounters corrupted TIFF (upstream issue
#295).


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Module for Packagehub Subpackages 15:

zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2452=1

- SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1:

zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2452=1

- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:

zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2452=1

- SUSE Linux Enterprise Module for Desktop Applications 15-SP1:

zypper in -t patch
SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2452=1

- SUSE Linux Enterprise Module for Desktop Applications 15:

zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2452=1



Package List:

- SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64
ppc64le s390x x86_64):

djvulibre-3.5.27-3.3.1
djvulibre-debuginfo-3.5.27-3.3.1
djvulibre-debugsource-3.5.27-3.3.1

- SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1 (aarch64 ppc64le s390x x86_64):

djvulibre-3.5.27-3.3.1
djvulibre-debuginfo-3.5.27-3.3.1
djvulibre-debugsource-3.5.27-3.3.1
djvulibre-doc-3.5.27-3.3.1

- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
(aarch64 ppc64le s390x x86_64):

djvulibre-3.5.27-3.3.1
djvulibre-debuginfo-3.5.27-3.3.1
djvulibre-debugsource-3.5.27-3.3.1
djvulibre-doc-3.5.27-3.3.1

- SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64
ppc64le s390x x86_64):

djvulibre-debuginfo-3.5.27-3.3.1
djvulibre-debugsource-3.5.27-3.3.1
libdjvulibre-devel-3.5.27-3.3.1
libdjvulibre21-3.5.27-3.3.1
libdjvulibre21-debuginfo-3.5.27-3.3.1

- SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le
s390x x86_64):

djvulibre-debuginfo-3.5.27-3.3.1
djvulibre-debugsource-3.5.27-3.3.1
libdjvulibre-devel-3.5.27-3.3.1
libdjvulibre21-3.5.27-3.3.1
libdjvulibre21-debuginfo-3.5.27-3.3.1


References:

https://www.suse.com/security/cve/CVE-2019-15142.html
https://www.suse.com/security/cve/CVE-2019-15143.html
https://www.suse.com/security/cve/CVE-2019-15144.html
https://www.suse.com/security/cve/CVE-2019-15145.html
https://bugzilla.suse.com/1146569
https://bugzilla.suse.com/1146571
https://bugzilla.suse.com/1146572
https://bugzilla.suse.com/1146702

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung