SUSE: 2022:1277-1 moderate: dcraw | LinuxSecurity.com

   SUSE Security Update: Security update for dcraw
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:1277-1
Rating:             moderate
References:         #1056170 #1063798 #1084690 #1097973 #1097974 
                    #1117436 #1117512 #1117517 #1117622 #1117896 
                    #1189642 
Cross-References:   CVE-2017-13735 CVE-2017-14608 CVE-2018-19565
                    CVE-2018-19566 CVE-2018-19567 CVE-2018-19568
                    CVE-2018-19655 CVE-2018-5801 CVE-2018-5805
                    CVE-2018-5806 CVE-2021-3624
CVSS scores:
                    CVE-2017-13735 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2017-13735 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2017-14608 (NVD) : 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
                    CVE-2017-14608 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2018-19565 (NVD) : 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
                    CVE-2018-19565 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2018-19566 (NVD) : 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
                    CVE-2018-19566 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
                    CVE-2018-19567 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2018-19567 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2018-19568 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2018-19568 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2018-19655 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2018-19655 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2018-5801 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2018-5801 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2018-5805 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2018-5805 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2018-5806 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2018-5806 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3624 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:
                    openSUSE Leap 15.3
                    openSUSE Leap 15.4
______________________________________________________________________________

   An update that fixes 11 vulnerabilities is now available.

Description:

   This update for dcraw fixes the following issues:

   - CVE-2017-13735: Fixed a denial of service issue due to a floating point
     exception (bsc#1056170).
   - CVE-2017-14608: Fixed an invalid memory access that could lead to
     information disclosure or denial of service (bsc#1063798).
   - CVE-2018-19655: Fixed a buffer overflow that could lead to an
     application crash (bsc#1117896).
   - CVE-2018-5801: Fixed an invalid memory access that could lead to denial
     of service (bsc#1084690).
   - CVE-2018-5805: Fixed a buffer overflow that could lead to an application
     crash (bsc#1097973).
   - CVE-2018-5806: Fixed an invalid memory access that could lead to denial
     of service (bsc#1097974).
   - CVE-2018-19565: Fixed an invalid memory access that could lead to
     information disclosure or denial of service (bsc#1117622).
   - CVE-2018-19566: Fixed an invalid memory access that could lead to
     information disclosure or denial of service (bsc#1117517).
   - CVE-2018-19567: Fixed a denial of service issue due to a floating point
     exception (bsc#1117512).
   - CVE-2018-19568: Fixed a denial of service issue due to a floating point
     exception (bsc#1117436).
   - CVE-2021-3624: Fixed a buffer overflow that could lead to code execution
     or denial of service (bsc#1189642).

   Non-security fixes:

   - Updated to version 9.28.0.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2022-1277=1

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-1277=1



Package List:

   - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

      dcraw-9.28.0-150000.3.3.1
      dcraw-debuginfo-9.28.0-150000.3.3.1
      dcraw-debugsource-9.28.0-150000.3.3.1

   - openSUSE Leap 15.4 (noarch):

      dcraw-lang-9.28.0-150000.3.3.1

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      dcraw-9.28.0-150000.3.3.1
      dcraw-debuginfo-9.28.0-150000.3.3.1
      dcraw-debugsource-9.28.0-150000.3.3.1

   - openSUSE Leap 15.3 (noarch):

      dcraw-lang-9.28.0-150000.3.3.1


References:

   https://www.suse.com/security/cve/CVE-2017-13735.html
   https://www.suse.com/security/cve/CVE-2017-14608.html
   https://www.suse.com/security/cve/CVE-2018-19565.html
   https://www.suse.com/security/cve/CVE-2018-19566.html
   https://www.suse.com/security/cve/CVE-2018-19567.html
   https://www.suse.com/security/cve/CVE-2018-19568.html
   https://www.suse.com/security/cve/CVE-2018-19655.html
   https://www.suse.com/security/cve/CVE-2018-5801.html
   https://www.suse.com/security/cve/CVE-2018-5805.html
   https://www.suse.com/security/cve/CVE-2018-5806.html
   https://www.suse.com/security/cve/CVE-2021-3624.html
   https://bugzilla.suse.com/1056170
   https://bugzilla.suse.com/1063798
   https://bugzilla.suse.com/1084690
   https://bugzilla.suse.com/1097973
   https://bugzilla.suse.com/1097974
   https://bugzilla.suse.com/1117436
   https://bugzilla.suse.com/1117512
   https://bugzilla.suse.com/1117517
   https://bugzilla.suse.com/1117622
   https://bugzilla.suse.com/1117896
   https://bugzilla.suse.com/1189642

SUSE: 2022:1277-1 moderate: dcraw

April 20, 2022
An update that fixes 11 vulnerabilities is now available

Summary

This update for dcraw fixes the following issues: - CVE-2017-13735: Fixed a denial of service issue due to a floating point exception (bsc#1056170). - CVE-2017-14608: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1063798). - CVE-2018-19655: Fixed a buffer overflow that could lead to an application crash (bsc#1117896). - CVE-2018-5801: Fixed an invalid memory access that could lead to denial of service (bsc#1084690). - CVE-2018-5805: Fixed a buffer overflow that could lead to an application crash (bsc#1097973). - CVE-2018-5806: Fixed an invalid memory access that could lead to denial of service (bsc#1097974). - CVE-2018-19565: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117622). - CVE-2018-19566: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117517). - CVE-2018-19567: Fixed a denial of service issue due to a floating point exception (bsc#1117512). - CVE-2018-19568: Fixed a denial of service issue due to a floating point exception (bsc#1117436). - CVE-2021-3624: Fixed a buffer overflow that could lead to code execution or denial of service (bsc#1189642). Non-security fixes: - Updated to version 9.28.0. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1277=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1277=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dcraw-9.28.0-150000.3.3.1 dcraw-debuginfo-9.28.0-150000.3.3.1 dcraw-debugsource-9.28.0-150000.3.3.1 - openSUSE Leap 15.4 (noarch): dcraw-lang-9.28.0-150000.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dcraw-9.28.0-150000.3.3.1 dcraw-debuginfo-9.28.0-150000.3.3.1 dcraw-debugsource-9.28.0-150000.3.3.1 - openSUSE Leap 15.3 (noarch): dcraw-lang-9.28.0-150000.3.3.1

References

#1056170 #1063798 #1084690 #1097973 #1097974

#1117436 #1117512 #1117517 #1117622 #1117896

#1189642

Cross- CVE-2017-13735 CVE-2017-14608 CVE-2018-19565

CVE-2018-19566 CVE-2018-19567 CVE-2018-19568

CVE-2018-19655 CVE-2018-5801 CVE-2018-5805

CVE-2018-5806 CVE-2021-3624

CVSS scores:

CVE-2017-13735 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2017-13735 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2017-14608 (NVD) : 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVE-2017-14608 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-19565 (NVD) : 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CVE-2018-19565 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-19566 (NVD) : 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CVE-2018-19566 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CVE-2018-19567 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-19567 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-19568 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-19568 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-19655 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2018-19655 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-5801 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-5801 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-5805 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2018-5805 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2018-5806 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-5806 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-3624 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

openSUSE Leap 15.3

openSUSE Leap 15.4

https://www.suse.com/security/cve/CVE-2017-13735.html

https://www.suse.com/security/cve/CVE-2017-14608.html

https://www.suse.com/security/cve/CVE-2018-19565.html

https://www.suse.com/security/cve/CVE-2018-19566.html

https://www.suse.com/security/cve/CVE-2018-19567.html

https://www.suse.com/security/cve/CVE-2018-19568.html

https://www.suse.com/security/cve/CVE-2018-19655.html

https://www.suse.com/security/cve/CVE-2018-5801.html

https://www.suse.com/security/cve/CVE-2018-5805.html

https://www.suse.com/security/cve/CVE-2018-5806.html

https://www.suse.com/security/cve/CVE-2021-3624.html

https://bugzilla.suse.com/1056170

https://bugzilla.suse.com/1063798

https://bugzilla.suse.com/1084690

https://bugzilla.suse.com/1097973

https://bugzilla.suse.com/1097974

https://bugzilla.suse.com/1117436

https://bugzilla.suse.com/1117512

https://bugzilla.suse.com/1117517

https://bugzilla.suse.com/1117622

https://bugzilla.suse.com/1117896

https://bugzilla.suse.com/1189642

Severity
Announcement ID: SUSE-SU-2022:1277-1
Rating: moderate

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.