Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 517
Alerts This Week
Warning Icon 1 517

SUSE 12-SP3: SUSE-SU-2018:3545-1 Moderate lcms2 Buffer Overflow

suse
Calendar Grey October 29, 2018
Dist Suse Esm H88
The latest lcms2 update addresses two security flaws in SUSE Linux Enterprise that could compromise image handling integrity.
An update that solves two vulnerabilities and has two fixes is now available

Summary

This update for lcms2 fixes the following security issues: - CVE-2016-10165: The Type_MLU_Read function allowed remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggered an out-of-bounds heap read (bsc#1021364). - CVE-2018-16435: A integer overflow was fixed in the AllocateDataSet function in cmscgats.c, that could lead to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. (bsc#1108813) - Ensure that LUT stages match channel count (bsc#1026649). - sanitize input and output channels on MPE profiles (bsc#1026650). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

#1021364 #1026649 #1026650 #1108813

Cross- CVE-2016-10165 CVE-2018-16435

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Desktop 12-SP3

https://www.suse.com/security/cve/CVE-2016-10165.html

https://www.suse.com/security/cve/CVE-2018-16435.html

https://bugzilla.suse.com/1021364

https://bugzilla.suse.com/1026649

https://bugzilla.suse.com/1026650

https://bugzilla.suse.com/1108813

Announcement ID: SUSE-SU-2018:3545-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.