openSUSE Security Update: Security update for abcm2ps
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:0100-1
Rating:             moderate
References:         #1197355 
Cross-References:   CVE-2021-32434 CVE-2021-32435 CVE-2021-32436
                   
CVSS scores:
                    CVE-2021-32434 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-32435 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-32436 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:
                    openSUSE Backports SLE-15-SP3
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for abcm2ps fixes the following issues:

   Update to 8.14.13:

   * fix: don't start/stop slurs above/below decorations
   * fix: crash when too many notes in a grace note sequence (#102)
   * fix: crash when too big value in M: (#103)
   * fix: loop or crash when too big width of y (space) (#104)
   * fix: bad font definition with SVG output when spaces in font name
   * fix: bad check of note length again (#106)
   * fix: handle %%staffscale at the global level (#108)
   * fix: bad vertical offset of lyrics when mysic line starts with empty
     staves

   Update to 8.14.12:

   Fixes:

   * crash when "%%break 1" and no measure bar in the tune
   * crash when duplicated voice ending on %%staves with repeat variant
   * crash when voice duplication with symbols without width
   * crash or bad output when null value in %%scale
   * problem when only bars in 2 voices followed %%staves of the second voice
     only
   * crash when tuplet error in grace note sequence
   * crash when grace note with empty tuplet
   * crash when many broken rhythms after a single grace note
   * access outside the deco array when error in U:
   * crash when !xstem! with no note in the previous voice
   * crash on tuplet without any note/rest
   * crash when grace notes at end of line and voice overlay
   * crash when !trem2! at start of a grace note sequence
   * crash when wrong duration in 2 voice overlays and bad ties
   * crash when accidental without a note at start of line after K:
     (CVE-2021-32435)
   * array overflow when wrong duration in voice overlay (CVE-2021-32434,
     CVE-2021-32436)
   * loss of left margin after first page since previous commit
   * no respect of %%leftmargin with -E or -g
   * bad placement of chord symbols when in a music line with only invisible
     rests

   Syntax:

   * Accept and remove one or two '%'s at start of all %%beginxxx lines

   Generation:

   * Move the CSS from XHTML to SVG

   Update to 8.14.11:

   * fix: error "'staffwidth' too small" when generating sample3.abc

   Update to 8.14.10:

   * fix: bad glyph when defined by SVG containing 'v' in
   * fix: bad check of note length since commit 191fa55
   * fix: memory corruption when error in %%staves/%%score
   * fix: crash when too big note duration
   * fix: crash when staff width too small

   Update to 8.14.9:

   * fix: bad natural accidental when %%MIDI temperamentequal

   Update to 8.14.8:

   * fix: no respect the width in %%staffbreak
   * fix: don't draw a staff when only %%staffbreak inside
   * fix: bad repeat bracket when continued on next line, line starting by a
     bar
   * fix: bad tuplet bracket again when at end of a voice overlay sequence
   * fix: bad tuplet bracket when at end of a voice overlay sequence
   * handle '%%MIDI temperamentequal '
   * accept '^1' and '_1' as microtone accidentals


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP3:

      zypper in -t patch openSUSE-2022-100=1



Package List:

   - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):

      abcm2ps-8.14.13-bp153.2.3.1


References:

   https://www.suse.com/security/cve/CVE-2021-32434.html
   https://www.suse.com/security/cve/CVE-2021-32435.html
   https://www.suse.com/security/cve/CVE-2021-32436.html
   https://bugzilla.suse.com/1197355

openSUSE: 2022:0100-1 moderate: abcm2ps

March 31, 2022
An update that fixes three vulnerabilities is now available

Description

This update for abcm2ps fixes the following issues: Update to 8.14.13: * fix: don't start/stop slurs above/below decorations * fix: crash when too many notes in a grace note sequence (#102) * fix: crash when too big value in M: (#103) * fix: loop or crash when too big width of y (space) (#104) * fix: bad font definition with SVG output when spaces in font name * fix: bad check of note length again (#106) * fix: handle %%staffscale at the global level (#108) * fix: bad vertical offset of lyrics when mysic line starts with empty staves Update to 8.14.12: Fixes: * crash when "%%break 1" and no measure bar in the tune * crash when duplicated voice ending on %%staves with repeat variant * crash when voice duplication with symbols without width * crash or bad output when null value in %%scale * problem when only bars in 2 voices followed %%staves of the second voice only * crash when tuplet error in grace note sequence * crash when grace note with empty tuplet * crash when many broken rhythms after a single grace note * access outside the deco array when error in U: * crash when !xstem! with no note in the previous voice * crash on tuplet without any note/rest * crash when grace notes at end of line and voice overlay * crash when !trem2! at start of a grace note sequence * crash when wrong duration in 2 voice overlays and bad ties * crash when accidental without a note at start of line after K: (CVE-2021-32435) * array overflow when wrong duration in voice overlay (CVE-2021-32434, CVE-2021-32436) * loss of left margin after first page since previous commit * no respect of %%leftmargin with -E or -g * bad placement of chord symbols when in a music line with only invisible rests Syntax: * Accept and remove one or two '%'s at start of all %%beginxxx lines Generation: * Move the CSS from XHTML to SVG Update to 8.14.11: * fix: error "'staffwidth' too small" when generating sample3.abc Update to 8.14.10: * fix: bad glyph when defined by SVG containing 'v' in * fix: bad check of note length since commit 191fa55 * fix: memory corruption when error in %%staves/%%score * fix: crash when too big note duration * fix: crash when staff width too small Update to 8.14.9: * fix: bad natural accidental when %%MIDI temperamentequal Update to 8.14.8: * fix: no respect the width in %%staffbreak * fix: don't draw a staff when only %%staffbreak inside * fix: bad repeat bracket when continued on next line, line starting by a bar * fix: bad tuplet bracket again when at end of a voice overlay sequence * fix: bad tuplet bracket when at end of a voice overlay sequence * handle '%%MIDI temperamentequal ' * accept '^1' and '_1' as microtone accidentals

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-100=1


Package List

- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): abcm2ps-8.14.13-bp153.2.3.1


References

https://www.suse.com/security/cve/CVE-2021-32434.html https://www.suse.com/security/cve/CVE-2021-32435.html https://www.suse.com/security/cve/CVE-2021-32436.html https://bugzilla.suse.com/1197355


Severity
Announcement ID: openSUSE-SU-2022:0100-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP3 .

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved