SUSE-SU-2017:2300-1
Vulnerability Summary
Timeline
Description
Security update for libraw This update for libraw fixes the following issues: - CVE-2015-3885: A specially crafted raw image file could have caused a Denial of Service through an integer overflow. (bsc#930683) - CVE-2015-8367: The function phase_one_correct() did not handle memory object initialization correctly, which may have caused some other problems. (bsc#957517) - CVE-2017-6886: memory corruption in parse_tiff_ifd() func (internal/dcraw_common.cpp) could lead to Denial of service (bsc#1039380) - CVE-2017-6889: integer overflow error within the 'foveon_load_camf()' function (dcraw_foveon.c) could lead to Denial of service (bsc#1039210) - CVE-2017-6890: boundary error within the 'foveon_load_camf()' function (dcraw_foveon.c) (bsc#1039209)
Affected Systems
- suse•libraw&distro=SUSE Linux Enterprise Desktop 12 SP2
< 0.15.4-9.2
- suse•libraw&distro=SUSE Linux Enterprise Desktop 12 SP3
< 0.15.4-9.2
- suse•libraw&distro=SUSE Linux Enterprise Software Development Kit 12 SP2
< 0.15.4-9.2
- suse•libraw&distro=SUSE Linux Enterprise Software Development Kit 12 SP3
< 0.15.4-9.2
- suse•libraw&distro=SUSE Linux Enterprise Workstation Extension 12 SP2
< 0.15.4-9.2
- suse•libraw&distro=SUSE Linux Enterprise Workstation Extension 12 SP3
< 0.15.4-9.2
References (14)
- https://www.suse.com/support/update/announcement/2017/suse-su-20172300-1/
- https://bugzilla.suse.com/1039209
- https://bugzilla.suse.com/1039210
- https://bugzilla.suse.com/1039379
- https://bugzilla.suse.com/1039380
- https://bugzilla.suse.com/930683
- https://bugzilla.suse.com/957517
- https://www.suse.com/security/cve/CVE-2015-3885
- https://www.suse.com/security/cve/CVE-2015-8367
- https://www.suse.com/security/cve/CVE-2017-6886
- https://www.suse.com/security/cve/CVE-2017-6887
- https://www.suse.com/security/cve/CVE-2017-6889
- https://www.suse.com/security/cve/CVE-2017-6890
- https://www.suse.com/security/cve/CVE-2017-6899