SUSE: 2020:4503-1 Critical: libpng Security Flaw and Memory Leak

suse

September 26, 2018

An update that solves three vulnerabilities and has one errata is now available

Summary

This update for glibc fixes the following security issues: - CVE-2017-15670: Prevent off-by-one error that lead to a heap-based buffer overflow in the glob function, related to the processing of home directories using the ~ operator followed by a long string (bsc#1064583) - CVE-2017-15804: The glob function contained a buffer overflow during unescaping of user names with the ~ operator (bsc#1064580) - CVE-2015-5180: res_query in libresolv allowed remote attackers to cause a denial of service (NULL pointer dereference and process crash) (bsc#941234). This non-security issue was fixed: - Fix inaccuracies in casin, cacos, casinh, cacosh (bsc#1058774) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics Covered

security advisory denial of service buffer overflow patch important glibc suse

References

#1058774 #1064580 #1064583 #941234

Cross- CVE-2015-5180 CVE-2017-15670 CVE-2017-15804

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2015-5180.html

https://www.suse.com/security/cve/CVE-2017-15670.html

https://www.suse.com/security/cve/CVE-2017-15804.html

https://bugzilla.suse.com/1058774

https://bugzilla.suse.com/1064580

https://bugzilla.suse.com/1064583

https://bugzilla.suse.com/941234

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2018:2883-1

Rating: important

Topics Covered

security advisory denial of service buffer overflow patch important glibc suse

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2020:4503-1 Critical: libpng Security Flaw and Memory Leak

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2020:4503-1 Critical: libpng Security Flaw and Memory Leak

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!