Fedora 28: 2019-3cf892a8d1 High: FreeXL Heap Corruption Vulnerability

FreeXL is a library to extract valid data

from within an Excel spreadsheet (.xls)

Design goals:

* simple and lightweight

* stable, robust and efficient

* easily and universally portable

* completely ignore any GUI-related oddity

Fixes several heap-buffer-overflows, see related Bugzilla tickets!

[ 1 ] Bug #1547892 - heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record of FreeXL 1.0.4

https://bugzilla.redhat.com/show_bug.cgi?id=1547892

[ 2 ] Bug #1547889 - heap-buffer-overflow in freexl.c:383 parse_unicode_string of FreeXL 1.0.4

https://bugzilla.redhat.com/show_bug.cgi?id=1547889

[ 3 ] Bug #1547885 - heap-buffer-overflow in freexl.c:1866 parse_SST of FreeXL 1.0.4

https://bugzilla.redhat.com/show_bug.cgi?id=1547885

[ 4 ] Bug #1547883 - heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST

https://bugzilla.redhat.com/show_bug.cgi?id=1547883

[ 5 ] Bug #1547879 - heap-buffer-overflow in freexl::destroy_cell of FreeXL 1.0.4

https://bugzilla.redhat.com/show_bug.cgi?id=1547879

su -c 'dnf upgrade freexl' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org