SuSE Local Security Checks : openSUSE: Security Advisory for libraw (openSUSE-SU-2019:0094-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.852261

Kategorie: SuSE Local Security Checks

Titel: openSUSE: Security Advisory for libraw (openSUSE-SU-2019:0094-1)

Zusammenfassung: The remote host is missing an update for the 'libraw'; package(s) announced via the openSUSE-SU-2019:0094-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libraw'
package(s) announced via the openSUSE-SU-2019:0094-1 advisory.

Vulnerability Insight:
This update for libraw fixes the following issues:

Security issues fixed:

- CVE-2018-20337: Fixed a stack-based buffer overflow in the
parse_makernote function of dcraw_common.cpp (bsc#1120519)

- CVE-2018-20365: Fixed a heap-based buffer overflow in the raw2image
function of libraw_cxx.cpp (bsc#1120500)

- CVE-2018-20364: Fixed a NULL pointer dereference in the copy_bayer
function of libraw_cxx.cpp (bsc#1120499)

- CVE-2018-20363: Fixed a NULL pointer dereference in the raw2image
function of libraw_cxx.cpp (bsc#1120498)

- CVE-2018-5817: Fixed an infinite loop in the unpacked_load_raw function
of dcraw_common.cpp (bsc#1120515)

- CVE-2018-5818: Fixed an infinite loop in the parse_rollei function of
dcraw_common.cpp (bsc#1120516)

- CVE-2018-5819: Fixed a denial of service in the parse_sinar_ia function
of dcraw_common.cpp (bsc#1120517)

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-94=1

Affected Software/OS:
libraw on openSUSE Leap 15.0.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-5817
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/
https://www.libraw.org/news/libraw-0-19-2-release
https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html
https://usn.ubuntu.com/3989-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-5818
Common Vulnerability Exposure (CVE) ID: CVE-2018-5819

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.852261
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for libraw (openSUSE-SU-2019:0094-1)
Zusammenfassung:	The remote host is missing an update for the 'libraw'; package(s) announced via the openSUSE-SU-2019:0094-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libraw' package(s) announced via the openSUSE-SU-2019:0094-1 advisory. Vulnerability Insight: This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-20337: Fixed a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (bsc#1120519) - CVE-2018-20365: Fixed a heap-based buffer overflow in the raw2image function of libraw_cxx.cpp (bsc#1120500) - CVE-2018-20364: Fixed a NULL pointer dereference in the copy_bayer function of libraw_cxx.cpp (bsc#1120499) - CVE-2018-20363: Fixed a NULL pointer dereference in the raw2image function of libraw_cxx.cpp (bsc#1120498) - CVE-2018-5817: Fixed an infinite loop in the unpacked_load_raw function of dcraw_common.cpp (bsc#1120515) - CVE-2018-5818: Fixed an infinite loop in the parse_rollei function of dcraw_common.cpp (bsc#1120516) - CVE-2018-5819: Fixed a denial of service in the parse_sinar_ia function of dcraw_common.cpp (bsc#1120517) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-94=1 Affected Software/OS: libraw on openSUSE Leap 15.0. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-5817 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/ https://www.libraw.org/news/libraw-0-19-2-release https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html https://usn.ubuntu.com/3989-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5818 Common Vulnerability Exposure (CVE) ID: CVE-2018-5819
Copyright	Copyright (C) 2019 Greenbone Networks GmbH