
   SUSE Security Update: Security update for dcraw
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:1277-1
Rating:             moderate
References:         #1056170 #1063798 #1084690 #1097973 #1097974 
                    #1117436 #1117512 #1117517 #1117622 #1117896 
                    #1189642 
Cross-References:   CVE-2017-13735 CVE-2017-14608 CVE-2018-19565
                    CVE-2018-19566 CVE-2018-19567 CVE-2018-19568
                    CVE-2018-19655 CVE-2018-5801 CVE-2018-5805
                    CVE-2018-5806 CVE-2021-3624
CVSS scores:
                    CVE-2017-13735 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2017-13735 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2017-14608 (NVD) : 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
                    CVE-2017-14608 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2018-19565 (NVD) : 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
                    CVE-2018-19565 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2018-19566 (NVD) : 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
                    CVE-2018-19566 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
                    CVE-2018-19567 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2018-19567 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2018-19568 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2018-19568 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2018-19655 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2018-19655 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2018-5801 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2018-5801 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2018-5805 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2018-5805 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2018-5806 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2018-5806 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3624 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:
                    openSUSE Leap 15.3
                    openSUSE Leap 15.4
______________________________________________________________________________

   An update that fixes 11 vulnerabilities is now available.

Description:

   This update for dcraw fixes the following issues:

   - CVE-2017-13735: Fixed a denial of service issue due to a floating point
     exception (bsc#1056170).
   - CVE-2017-14608: Fixed an invalid memory access that could lead to
     information disclosure or denial of service (bsc#1063798).
   - CVE-2018-19655: Fixed a buffer overflow that could lead to an
     application crash (bsc#1117896).
   - CVE-2018-5801: Fixed an invalid memory access that could lead to denial
     of service (bsc#1084690).
   - CVE-2018-5805: Fixed a buffer overflow that could lead to an application
     crash (bsc#1097973).
   - CVE-2018-5806: Fixed an invalid memory access that could lead to denial
     of service (bsc#1097974).
   - CVE-2018-19565: Fixed an invalid memory access that could lead to
     information disclosure or denial of service (bsc#1117622).
   - CVE-2018-19566: Fixed an invalid memory access that could lead to
     information disclosure or denial of service (bsc#1117517).
   - CVE-2018-19567: Fixed a denial of service issue due to a floating point
     exception (bsc#1117512).
   - CVE-2018-19568: Fixed a denial of service issue due to a floating point
     exception (bsc#1117436).
   - CVE-2021-3624: Fixed a buffer overflow that could lead to code execution
     or denial of service (bsc#1189642).

   Non-security fixes:

   - Updated to version 9.28.0.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2022-1277=1

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-1277=1



Package List:

   - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

      dcraw-9.28.0-150000.3.3.1
      dcraw-debuginfo-9.28.0-150000.3.3.1
      dcraw-debugsource-9.28.0-150000.3.3.1

   - openSUSE Leap 15.4 (noarch):

      dcraw-lang-9.28.0-150000.3.3.1

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      dcraw-9.28.0-150000.3.3.1
      dcraw-debuginfo-9.28.0-150000.3.3.1
      dcraw-debugsource-9.28.0-150000.3.3.1

   - openSUSE Leap 15.3 (noarch):

      dcraw-lang-9.28.0-150000.3.3.1


References:

   https://www.suse.com/security/cve/CVE-2017-13735.html
   https://www.suse.com/security/cve/CVE-2017-14608.html
   https://www.suse.com/security/cve/CVE-2018-19565.html
   https://www.suse.com/security/cve/CVE-2018-19566.html
   https://www.suse.com/security/cve/CVE-2018-19567.html
   https://www.suse.com/security/cve/CVE-2018-19568.html
   https://www.suse.com/security/cve/CVE-2018-19655.html
   https://www.suse.com/security/cve/CVE-2018-5801.html
   https://www.suse.com/security/cve/CVE-2018-5805.html
   https://www.suse.com/security/cve/CVE-2018-5806.html
   https://www.suse.com/security/cve/CVE-2021-3624.html
   https://bugzilla.suse.com/1056170
   https://bugzilla.suse.com/1063798
   https://bugzilla.suse.com/1084690
   https://bugzilla.suse.com/1097973
   https://bugzilla.suse.com/1097974
   https://bugzilla.suse.com/1117436
   https://bugzilla.suse.com/1117512
   https://bugzilla.suse.com/1117517
   https://bugzilla.suse.com/1117622
   https://bugzilla.suse.com/1117896
   https://bugzilla.suse.com/1189642

SUSE: 2022:1277-1 moderate: dcraw

April 20, 2022

An update that fixes 11 vulnerabilities is now available

Summary

This update for dcraw fixes the following issues: - CVE-2017-13735: Fixed a denial of service issue due to a floating point exception (bsc#1056170). - CVE-2017-14608: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1063798). - CVE-2018-19655: Fixed a buffer overflow that could lead to an application crash (bsc#1117896). - CVE-2018-5801: Fixed an invalid memory access that could lead to denial of service (bsc#1084690). - CVE-2018-5805: Fixed a buffer overflow that could lead to an application crash (bsc#1097973). - CVE-2018-5806: Fixed an invalid memory access that could lead to denial of service (bsc#1097974). - CVE-2018-19565: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117622). - CVE-2018-19566: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117517). - CVE-2018-19567: Fixed a denial of service issue due to a floating point exception (bsc#1117512). - CVE-2018-19568: Fixed a denial of service issue due to a floating point exception (bsc#1117436). - CVE-2021-3624: Fixed a buffer overflow that could lead to code execution or denial of service (bsc#1189642). Non-security fixes: - Updated to version 9.28.0. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1277=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1277=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dcraw-9.28.0-150000.3.3.1 dcraw-debuginfo-9.28.0-150000.3.3.1 dcraw-debugsource-9.28.0-150000.3.3.1 - openSUSE Leap 15.4 (noarch): dcraw-lang-9.28.0-150000.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dcraw-9.28.0-150000.3.3.1 dcraw-debuginfo-9.28.0-150000.3.3.1 dcraw-debugsource-9.28.0-150000.3.3.1 - openSUSE Leap 15.3 (noarch): dcraw-lang-9.28.0-150000.3.3.1

References

#1056170 #1063798 #1084690 #1097973 #1097974

#1117436 #1117512 #1117517 #1117622 #1117896

#1189642

Cross- CVE-2017-13735 CVE-2017-14608 CVE-2018-19565

CVE-2018-19566 CVE-2018-19567 CVE-2018-19568

CVE-2018-19655 CVE-2018-5801 CVE-2018-5805

CVE-2018-5806 CVE-2021-3624

CVSS scores:

CVE-2017-13735 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2017-13735 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2017-14608 (NVD) : 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVE-2017-14608 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-19565 (NVD) : 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CVE-2018-19565 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-19566 (NVD) : 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CVE-2018-19566 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CVE-2018-19567 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-19567 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-19568 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-19568 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-19655 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2018-19655 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-5801 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-5801 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-5805 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2018-5805 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2018-5806 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-5806 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-3624 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

openSUSE Leap 15.3

openSUSE Leap 15.4

https://www.suse.com/security/cve/CVE-2017-13735.html

https://www.suse.com/security/cve/CVE-2017-14608.html

https://www.suse.com/security/cve/CVE-2018-19565.html

https://www.suse.com/security/cve/CVE-2018-19566.html

https://www.suse.com/security/cve/CVE-2018-19567.html

https://www.suse.com/security/cve/CVE-2018-19568.html

https://www.suse.com/security/cve/CVE-2018-19655.html

https://www.suse.com/security/cve/CVE-2018-5801.html

https://www.suse.com/security/cve/CVE-2018-5805.html

https://www.suse.com/security/cve/CVE-2018-5806.html

https://www.suse.com/security/cve/CVE-2021-3624.html

https://bugzilla.suse.com/1056170

https://bugzilla.suse.com/1063798

https://bugzilla.suse.com/1084690

https://bugzilla.suse.com/1097973

https://bugzilla.suse.com/1097974

https://bugzilla.suse.com/1117436

https://bugzilla.suse.com/1117512

https://bugzilla.suse.com/1117517

https://bugzilla.suse.com/1117622

https://bugzilla.suse.com/1117896

https://bugzilla.suse.com/1189642

Severity

Announcement ID: SUSE-SU-2022:1277-1

Rating: moderate

What Are You Looking For?

SUSE: 2022:1277-1 moderate: dcraw

Summary

References

Security Highlights from KubeCon + CloudNativeCon 2023

Kubernetes Security on AWS: A Practical Guide

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management

A Complete Guide to Torrenting Safely in 2024

Cloud Security Basics for Small Businesses

Scanning and Defending Networks with Nmap

CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

What Are You Looking For?

SUSE: 2022:1277-1 moderate: dcraw

Summary

References

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By