Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 618
Alerts This Week
Warning Icon 1 618

openSUSE: 2021:0895-1 Important: htmldoc Buffer Overflow

opensuse
Calendar Grey June 18, 2021
Dist Opensuse Esm H88
openSUSE Security Update resolves htmldoc vulnerability with critical fix. Maintain security by applying current patches.
An update that fixes one vulnerability is now available

Description

This update for htmldoc fixes the following issues:

Update to version 1.9.12

* Fixed buffer-overflow CVE-2021-20308 ( boo#1184424 )

* Fixed a crash bug with "data:" URIs and EPUB output

* Fixed several other crash bugs

* Fixed JPEG error handling

* Fixed some minor issues

* Removed the bundled libjpeg, libpng, and zlib.

update to 1.9.11:

- Added high-resolution desktop icons for Linux.

- Updated the internal HTTP library to fix truncation of redirection URLs

- Fixed a regression in the handling of character entities for UTF-8 input

- The `--numbered` option did not work when the table-of-contents was

disabled

- Updated local zlib to v1.2.11.

- Updated local libpng to v1.6.37.

- Fixed packaging issues on macOS and Windows

- Now ignore sRGB profile errors in PNG files

- The GUI would crash when saving

- Page comments are now allowed in `pre` text

update to 1.9.9:

- Added support for a `HTMLDOC.filename` META...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2021-895=1

Package List

- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

htmldoc-1.9.12-bp151.4.3.1

References

https://www.suse.com/security/cve/CVE-2021-20308.html

https://bugzilla.suse.com/1184424

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:0895-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP1 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.