Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

openSUSE Leap 15.2: 2021:1439-1 Important: Buffer Overflows in Transfig

opensuse
Calendar Grey November 2, 2021
Dist Opensuse Esm H88
Urgent Arch Linux upgrade tackles 15 vulnerabilities in libpng, advising users to apply fixes for enhanced protection.
An update that fixes 12 vulnerabilities is now available

Description

This update for transfig fixes the following issues:

Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021)

- bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline

function in genepic.c.

- bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects

function in read.c.

- bsc#1190617, CVE-2020-21531: global buffer overflow in the

conv_pattern_index function in gencgm.c.

- bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont

function in genepic.c.

- bsc#1190612, CVE-2020-21533: stack buffer overflow in the

read_textobject function in read.c.

- bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line

function in read.c.

- bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start

function in gencgm.c.

- bsc#1192019, CVE-2021-32280: NULL pointer dereference in

compute_closed_spline() in trans_spline.c

This update was imported from the...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory buffer overflow important update openSUSE transfig

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-1439=1

Package List

- openSUSE Leap 15.2 (x86_64):

transfig-3.2.8b-lp152.6.9.1

transfig-debuginfo-3.2.8b-lp152.6.9.1

transfig-debugsource-3.2.8b-lp152.6.9.1

References

https://www.suse.com/security/cve/CVE-2020-21529.html

https://www.suse.com/security/cve/CVE-2020-21530.html

https://www.suse.com/security/cve/CVE-2020-21531.html

https://www.suse.com/security/cve/CVE-2020-21532.html

https://www.suse.com/security/cve/CVE-2020-21533.html

https://www.suse.com/security/cve/CVE-2020-21534.html

https://www.suse.com/security/cve/CVE-2020-21535.html

https://www.suse.com/security/cve/CVE-2020-21680.html

https://www.suse.com/security/cve/CVE-2020-21681.html

https://www.suse.com/security/cve/CVE-2020-21682.html

https://www.suse.com/security/cve/CVE-2020-21683.html

https://www.suse.com/security/cve/CVE-2021-32280.html

https://bugzilla.suse.com/1189325

https://bugzilla.suse.com/1189343

https://bugzilla.suse.com/1189345

https://bugzilla.suse.com/1189346

https://bugzilla.suse.com/1190607

https://bugzilla.suse.com/1190611

https://bugzilla.suse.com/1190612

https://bugzilla.suse.com/1190615

https://bugzilla.suse.com/1190616

https://bugzilla.suse.com/1190617

https://bugzilla.suse.com/1190618

h...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:1439-1
Rating: important
Affected Products: openSUSE Leap 15.2 .

Topics%20covered

Topics Covered

security advisory buffer overflow important update openSUSE transfig

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here