Mailinglist Archive: opensuse-updates (117 mails)

< Previous Next >
openSUSE-SU-2016:1029-1: moderate: Security update for lhasa
openSUSE Security Update: Security update for lhasa
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1029-1
Rating: moderate
References: #973790
Cross-References: CVE-2016-2347
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for lhasa to 0.3.1 fixes the following issues:

These security issues were fixed:
* CVE-2016-2347: Integer underflow vulnerability in the code for doing LZH
level 3 header decodes (boo#973790)[

These non-security issues were fixed:
* PMarc -pm1- archives that contain truncated compressed data (the
decompressed length is longer than what can be read from the compressed
data) now decompress as intended. Certain archives in the wild make the
assumption that this can be done.
* LArc -lz5- archives that make use of the initial history buffer now
decompress correctly.
* The tests no longer use predictable temporary paths.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-455=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.1 (i586 x86_64):

lhasa-0.3.1-10.1
lhasa-debuginfo-0.3.1-10.1
lhasa-debugsource-0.3.1-10.1
lhasa-devel-0.3.1-10.1
liblhasa0-0.3.1-10.1
liblhasa0-debuginfo-0.3.1-10.1


References:

https://www.suse.com/security/cve/CVE-2016-2347.html
https://bugzilla.suse.com/973790


< Previous Next >
This Thread
  • No further messages