SUSE: 2019:1645-1 Moderate: Netpbm Denial of Service Fix
suse
June 21, 2019
An update that solves three vulnerabilities and has one errata is now available
Summary
This update for netpbm fixes the following issues: Security issues fixed: - CVE-2018-8975: The pm_mallocarray2 function allowed remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file (bsc#1086777). - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - create netpbm-vulnerable subpackage and move pstopnm there (bsc#1136936) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4:
Topics Covered
References
#1024288 #1024291 #1086777 #1136936
Cross- CVE-2017-2579 CVE-2017-2580 CVE-2018-8975
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP4
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Desktop 12-SP4
SUSE Linux Enterprise Desktop 12-SP3
https://www.suse.com/security/cve/CVE-2017-2579.html
https://www.suse.com/security/cve/CVE-2017-2580.html
https://www.suse.com/security/cve/CVE-2018-8975.html
https://bugzilla.suse.com/1024288
https://bugzilla.suse.com/1024291
https://bugzilla.suse.com/1086777
https://bugzilla.suse.com/1136936
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2019:1645-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!