Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

SUSE: 2019:1640-1 Critical: lcms2 Code Injection Vulnerability

suse
Calendar Grey September 6, 2017
Dist Suse Esm H88
New patches targeting urgent gdk-pixbuf vulnerabilities have been released for SUSE systems, bolstering security protocols.
An update that solves 5 vulnerabilities and has one errata An update that solves 5 vulnerabilities and has one errata An update that solves 5 vulnerabilities and has one errata is ...

Summary

This update for gdk-pixbuf fixes the following issues: - CVE-2017-2862: JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability (bsc#1048289) - CVE-2017-2870: tiff_image_parse Code Execution Vulnerability (bsc#1048544) - CVE-2017-6313: A dangerous integer underflow in io-icns.c (bsc#1027024) - CVE-2017-6314: Infinite loop in io-tiff.c (bsc#1027025) - CVE-2017-6312: Out-of-bounds read on io-ico.c (bsc#1027026) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1471=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1471=1

References

#1027024 #1027025 #1027026 #1048289 #1048544

#1049877

Cross- CVE-2017-2862 CVE-2017-2870 CVE-2017-6312

CVE-2017-6313 CVE-2017-6314

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Software Development Kit 12-SP2

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Server 12-SP2

SUSE Linux Enterprise Desktop 12-SP3

SUSE Linux Enterprise Desktop 12-SP2

https://www.suse.com/security/cve/CVE-2017-2862.html

https://www.suse.com/security/cve/CVE-2017-2870.html

https://www.suse.com/security/cve/CVE-2017-6312.html

https://www.suse.com/security/cve/CVE-2017-6313.html

https://www.suse.com/security/cve/CVE-2017-6314.html

https://bugzilla.suse.com/1027024

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:2381-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.