Security update for dcraw
Announcement ID: | SUSE-SU-2022:1749-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 11 vulnerabilities can now be installed.
Description:
This update for dcraw fixes the following issues:
- CVE-2017-13735: Fixed a denial of service issue due to a floating point exception (bsc#1056170).
- CVE-2017-14608: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1063798).
- CVE-2018-19655: Fixed a buffer overflow that could lead to an application crash (bsc#1117896).
- CVE-2018-5801: Fixed an invalid memory access that could lead to denial of service (bsc#1084690).
- CVE-2018-5805: Fixed a buffer overflow that could lead to an application crash (bsc#1097973).
- CVE-2018-5806: Fixed an invalid memory access that could lead to denial of service (bsc#1097974).
- CVE-2018-19565: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117622).
- CVE-2018-19566: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117517).
- CVE-2018-19567: Fixed a denial of service issue due to a floating point exception (bsc#1117512).
- CVE-2018-19568: Fixed a denial of service issue due to a floating point exception (bsc#1117436).
- CVE-2021-3624: Fixed a buffer overflow that could lead to code execution or denial of service (bsc#1189642).
Non-security fixes:
- Updated to version 9.28.0.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Software Development Kit 12 SP5
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1749=1
-
SUSE Linux Enterprise Workstation Extension 12 12-SP5
zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1749=1
Package List:
-
SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
- dcraw-debugsource-9.28.0-3.3.1
- dcraw-9.28.0-3.3.1
- dcraw-debuginfo-9.28.0-3.3.1
-
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
- dcraw-debugsource-9.28.0-3.3.1
- dcraw-9.28.0-3.3.1
- dcraw-debuginfo-9.28.0-3.3.1
-
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch)
- dcraw-lang-9.28.0-3.3.1
References:
- https://www.suse.com/security/cve/CVE-2017-13735.html
- https://www.suse.com/security/cve/CVE-2017-14608.html
- https://www.suse.com/security/cve/CVE-2018-19565.html
- https://www.suse.com/security/cve/CVE-2018-19566.html
- https://www.suse.com/security/cve/CVE-2018-19567.html
- https://www.suse.com/security/cve/CVE-2018-19568.html
- https://www.suse.com/security/cve/CVE-2018-19655.html
- https://www.suse.com/security/cve/CVE-2018-5801.html
- https://www.suse.com/security/cve/CVE-2018-5805.html
- https://www.suse.com/security/cve/CVE-2018-5806.html
- https://www.suse.com/security/cve/CVE-2021-3624.html
- https://bugzilla.suse.com/show_bug.cgi?id=1056170
- https://bugzilla.suse.com/show_bug.cgi?id=1063798
- https://bugzilla.suse.com/show_bug.cgi?id=1084690
- https://bugzilla.suse.com/show_bug.cgi?id=1097973
- https://bugzilla.suse.com/show_bug.cgi?id=1097974
- https://bugzilla.suse.com/show_bug.cgi?id=1117436
- https://bugzilla.suse.com/show_bug.cgi?id=1117512
- https://bugzilla.suse.com/show_bug.cgi?id=1117517
- https://bugzilla.suse.com/show_bug.cgi?id=1117622
- https://bugzilla.suse.com/show_bug.cgi?id=1117896
- https://bugzilla.suse.com/show_bug.cgi?id=1189642