Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2019:2452-1 Moderate: djvulibre Resource Exhaustion and DoS

suse
Calendar Grey September 24, 2019
Dist Suse Esm H88
SUSE Security Patch addresses multiple vulnerabilities in libxml2. Apply the suggested updates to enhance your system's security.
An update that fixes four vulnerabilities is now available

Summary

This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2019-15142: Fixed heap-based buffer over-read (bsc#1146702). - CVE-2019-15143: Fixed resource exhaustion caused by corrupted image files (bsc#1146569). - CVE-2019-15144: Fixed denial-of-service caused by crafted PBM image files (bsc#1146571). - CVE-2019-15145: Fixed out-of-bounds read caused by corrupted JB2 image files (bsc#1146572). - Fixed segfault when libtiff encounters corrupted TIFF (upstream issue #295). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15:

Topics%20covered

Topics Covered

security advisory moderate denial of service SUSE resource exhaustion djvulibre

References

#1146569 #1146571 #1146572 #1146702

Cross- CVE-2019-15142 CVE-2019-15143 CVE-2019-15144

CVE-2019-15145

Affected Products:

SUSE Linux Enterprise Module for Packagehub Subpackages 15

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Desktop Applications 15-SP1

SUSE Linux Enterprise Module for Desktop Applications 15

https://www.suse.com/security/cve/CVE-2019-15142.html

https://www.suse.com/security/cve/CVE-2019-15143.html

https://www.suse.com/security/cve/CVE-2019-15144.html

https://www.suse.com/security/cve/CVE-2019-15145.html

https://bugzilla.suse.com/1146569

https://bugzilla.suse.com/1146571

Announcement ID: SUSE-SU-2019:2452-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate denial of service SUSE resource exhaustion djvulibre

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here