Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

openSUSE 15.3: 2021:3584-1 Critical: Transfig Buffer Overflow Fix

opensuse
Calendar Grey October 29, 2021
Dist Opensuse Esm H88
The latest transfig update addresses a dozen vulnerabilities, prominently featuring critical buffer overflows, aimed at strengthening security measures for openSUSE.
An update that fixes 12 vulnerabilities is now available

Description

This update for transfig fixes the following issues:

Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021)

- bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline

function in genepic.c.

- bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects

function in read.c.

- bsc#1190617, CVE-2020-21531: global buffer overflow in the

conv_pattern_index function in gencgm.c.

- bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont

function in genepic.c.

- bsc#1190612, CVE-2020-21533: stack buffer overflow in the

read_textobject function in read.c.

- bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line

function in read.c.

- bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start

function in gencgm.c.

- bsc#1192019, CVE-2021-32280: NULL pointer dereference in

compute_closed_spline() in trans_spline.c

Topics%20covered

Topics Covered

security advisory buffer overflow important update openSUSE transfig

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2021-3584=1

Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

transfig-3.2.8b-4.15.1

transfig-debuginfo-3.2.8b-4.15.1

transfig-debugsource-3.2.8b-4.15.1

References

https://www.suse.com/security/cve/CVE-2020-21529.html

https://www.suse.com/security/cve/CVE-2020-21530.html

https://www.suse.com/security/cve/CVE-2020-21531.html

https://www.suse.com/security/cve/CVE-2020-21532.html

https://www.suse.com/security/cve/CVE-2020-21533.html

https://www.suse.com/security/cve/CVE-2020-21534.html

https://www.suse.com/security/cve/CVE-2020-21535.html

https://www.suse.com/security/cve/CVE-2020-21680.html

https://www.suse.com/security/cve/CVE-2020-21681.html

https://www.suse.com/security/cve/CVE-2020-21682.html

https://www.suse.com/security/cve/CVE-2020-21683.html

https://www.suse.com/security/cve/CVE-2021-32280.html

https://bugzilla.suse.com/1189325

https://bugzilla.suse.com/1189343

https://bugzilla.suse.com/1189345

https://bugzilla.suse.com/1189346

https://bugzilla.suse.com/1190607

https://bugzilla.suse.com/1190611

https://bugzilla.suse.com/1190612

https://bugzilla.suse.com/1190615

https://bugzilla.suse.com/1190616

https://bugzilla.suse.com/1190617

https://bugzilla.suse.com/1190618

h...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:3584-1
Rating: important
Affected Products: openSUSE Leap 15.3 .

Topics%20covered

Topics Covered

security advisory buffer overflow important update openSUSE transfig

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here