SUSE Security Update: Security update for libofx
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:2045-1
Rating: important
References: #1058673 #1060437 #1061964
Cross-References: CVE-2017-14731 CVE-2017-2816 CVE-2017-2920
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for libofx fixes the following issues:
Security issues fixed:
- CVE-2017-2816: Fix an exploitable buffer overflow vulnerability in the
tag parsing functionality (bsc#1058673).
- CVE-2017-2920: Fix a buffer overflow vulnerability in
sanitize_proprietary_tags in lib/ofx_preproc.cpp (bsc#1061964).
- CVE-2017-14731: Fix remote denial of service via a crafted file in
ofx_proc_file in ofx_preproc.cpp (bsc#1060437).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-libofx-13701=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-libofx-13701=1
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):
libofx-0.9.0-3.7.1
libofx-devel-0.9.0-3.7.1
libofx4-0.9.0-3.7.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
libofx-debuginfo-0.9.0-3.7.1
libofx-debugsource-0.9.0-3.7.1
References:
https://www.suse.com/security/cve/CVE-2017-14731.html
https://www.suse.com/security/cve/CVE-2017-2816.html
https://www.suse.com/security/cve/CVE-2017-2920.html
https://bugzilla.suse.com/1058673
https://bugzilla.suse.com/1060437
https://bugzilla.suse.com/1061964
SUSE: 2018:2045-1 important: libofx
July 24, 2018
An update that fixes three vulnerabilities is now available
Summary
This update for libofx fixes the following issues: Security issues fixed: - CVE-2017-2816: Fix an exploitable buffer overflow vulnerability in the tag parsing functionality (bsc#1058673). - CVE-2017-2920: Fix a buffer overflow vulnerability in sanitize_proprietary_tags in lib/ofx_preproc.cpp (bsc#1061964). - CVE-2017-14731: Fix remote denial of service via a crafted file in ofx_proc_file in ofx_preproc.cpp (bsc#1060437). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libofx-13701=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libofx-13701=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libofx-0.9.0-3.7.1 libofx-devel-0.9.0-3.7.1 libofx4-0.9.0-3.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): libofx-debuginfo-0.9.0-3.7.1 libofx-debugsource-0.9.0-3.7.1
References
#1058673 #1060437 #1061964
Cross- CVE-2017-14731 CVE-2017-2816 CVE-2017-2920
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
https://www.suse.com/security/cve/CVE-2017-14731.html
https://www.suse.com/security/cve/CVE-2017-2816.html
https://www.suse.com/security/cve/CVE-2017-2920.html
https://bugzilla.suse.com/1058673
https://bugzilla.suse.com/1060437
https://bugzilla.suse.com/1061964
Severity
Announcement ID: SUSE-SU-2018:2045-1
Rating: important
News
HOWTOs
Features
About Us
Powered By
