SUSE Security Update: Security update for libraw
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:3343-1
Rating: low
References: #1084688 #1084690 #1084691 #1103200 #1103353
Cross-References: CVE-2018-5800 CVE-2018-5801 CVE-2018-5802
CVE-2018-5810 CVE-2018-5813
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for libraw fixes the following issues:
Security issues fixed:
- CVE-2018-5800: Fixed heap-based buffer overflow in
LibRaw::kodak_ycbcr_load_raw function (bsc#1084691).
- CVE-2018-5801: Fixed NULL pointer dereference in LibRaw::unpack function
(bsc#1084690).
- CVE-2018-5802: Fixed out-of-bounds read in kodak_radc_load_raw function
(bsc#1084688).
- CVE-2018-5813: Fixed infinite loop in the parse_minolta function
(bsc#1103200)
- CVE-2018-5810: Fixed a heap-based buffer overflow in rollei_load_raw
(bsc#1103353)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP3:
zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2402=1
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2402=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2402=1
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):
libraw-debugsource-0.15.4-21.1
libraw9-0.15.4-21.1
libraw9-debuginfo-0.15.4-21.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
libraw-debugsource-0.15.4-21.1
libraw-devel-0.15.4-21.1
libraw-devel-static-0.15.4-21.1
libraw9-0.15.4-21.1
libraw9-debuginfo-0.15.4-21.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
libraw-debugsource-0.15.4-21.1
libraw9-0.15.4-21.1
libraw9-debuginfo-0.15.4-21.1
References:
https://www.suse.com/security/cve/CVE-2018-5800.html
https://www.suse.com/security/cve/CVE-2018-5801.html
https://www.suse.com/security/cve/CVE-2018-5802.html
https://www.suse.com/security/cve/CVE-2018-5810.html
https://www.suse.com/security/cve/CVE-2018-5813.html
https://bugzilla.suse.com/1084688
https://bugzilla.suse.com/1084690
https://bugzilla.suse.com/1084691
https://bugzilla.suse.com/1103200
https://bugzilla.suse.com/1103353
_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
SUSE: 2018:3343-1 libraw
October 23, 2018
An update that fixes 5 vulnerabilities is now available
Summary
This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-5800: Fixed heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function (bsc#1084691). - CVE-2018-5801: Fixed NULL pointer dereference in LibRaw::unpack function (bsc#1084690). - CVE-2018-5802: Fixed out-of-bounds read in kodak_radc_load_raw function (bsc#1084688). - CVE-2018-5813: Fixed infinite loop in the parse_minolta function (bsc#1103200) - CVE-2018-5810: Fixed a heap-based buffer overflow in rollei_load_raw (bsc#1103353) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2402=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2402=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2402=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libraw-debugsource-0.15.4-21.1 libraw9-0.15.4-21.1 libraw9-debuginfo-0.15.4-21.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libraw-debugsource-0.15.4-21.1 libraw-devel-0.15.4-21.1 libraw-devel-static-0.15.4-21.1 libraw9-0.15.4-21.1 libraw9-debuginfo-0.15.4-21.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libraw-debugsource-0.15.4-21.1 libraw9-0.15.4-21.1 libraw9-debuginfo-0.15.4-21.1
References
#1084688 #1084690 #1084691 #1103200 #1103353
Cross- CVE-2018-5800 CVE-2018-5801 CVE-2018-5802
CVE-2018-5810 CVE-2018-5813
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
https://www.suse.com/security/cve/CVE-2018-5800.html
https://www.suse.com/security/cve/CVE-2018-5801.html
https://www.suse.com/security/cve/CVE-2018-5802.html
https://www.suse.com/security/cve/CVE-2018-5810.html
https://www.suse.com/security/cve/CVE-2018-5813.html
https://bugzilla.suse.com/1084688
https://bugzilla.suse.com/1084690
https://bugzilla.suse.com/1084691
https://bugzilla.suse.com/1103200
https://bugzilla.suse.com/1103353
Severity
Announcement ID: SUSE-SU-2018:3343-1
Rating: low
News
HOWTOs
Features
About Us
Powered By
