Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 501
Alerts This Week
Warning Icon 1 501

openSUSE 13.2: 2015:0807-1 Important: DirectFB Denial Of Service

opensuse
Calendar Grey April 30, 2015
Dist Opensuse Esm H88
A significant patch for openSUSE rectifies multiple security flaws in DirectFB, mitigating risks of possible buffer overflow attacks and system instability.
An update that fixes two vulnerabilities is now available.

Description

DirectFB was updated to fix two security issues.

The following vulnerabilities were fixed:

* CVE-2014-2977: Multiple integer signedness errors could allow remote

attackers to cause a denial of service (crash) and possibly execute

arbitrary code via the Voodoo interface, which triggers a stack-based

buffer overflow.

* CVE-2014-2978: Remote attackers could cause a denial of service (crash)

and possibly execute arbitrary code via the Voodoo interface, which

triggers an out-of-bounds write.

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-340=1

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-340=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

DirectFB-1.7.5-3.3.1

DirectFB-Mesa-1.7.5-3.3.1

DirectFB-Mesa-debuginfo-1.7.5-3.3.1

DirectFB-debuginfo-1.7.5-3.3.1

DirectFB-debugsource-1.7.5-3.3.1

DirectFB-devel-1.7.5-3.3.1

DirectFB-doc-1.7.5-3.3.1

DirectFB-libSDL-1.7.5-3.3.1

DirectFB-libSDL-debuginfo-1.7.5-3.3.1

DirectFB-libvncclient-1.7.5-3.3.1

DirectFB-libvncclient-debuginfo-1.7.5-3.3.1

lib++dfb-1_7-5-1.7.5-3.3.1

lib++dfb-1_7-5-debuginfo-1.7.5-3.3.1

lib++dfb-devel-1.7.5-3.3.1

libdirectfb-1_7-5-1.7.5-3.3.1

libdirectfb-1_7-5-debuginfo-1.7.5-3.3.1

- openSUSE 13.2 (x86_64):

DirectFB-devel-32bit-1.7.5-3.3.1

libdirectfb-1_7-5-32bit-1.7.5-3.3.1

libdirectfb-1_7-5-debuginfo-32bit-1.7.5-3.3.1

- openSUSE 13.1 (i586 x86_64):

DirectFB-1.6.3-4.3.1

DirectFB-Mesa-1.6.3-4.3.1

DirectFB-Mesa-debuginfo-1.6.3-4.3.1

DirectFB-debuginfo-1.6.3-4.3.1

DirectFB-debugsource-1.6.3-4.3.1

DirectFB-devel-1.6.3-4.3.1

DirectFB-doc-1.6.3-4.3.1

DirectFB-libSDL-1.6.3-4.3.1

DirectFB-libSDL-debuginfo-1.6.3-4.3.1

DirectFB-libvncclient-1.6.3-4.3.1

DirectFB-libvncclient-debu...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2014-2977.html

https://www.suse.com/security/cve/CVE-2014-2978.html

https://bugzilla.suse.com/878345

https://bugzilla.suse.com/878349

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2015:0807-1
Rating: important
Affected Products: openSUSE 13.2 openSUSE 13.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.