SUSE-SU-2019:1645-1

Details

This update for netpbm fixes the following issues:

Security issues fixed:

CVE-2018-8975: The pm_mallocarray2 function allowed remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file (bsc#1086777).
CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288).
CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291).
create netpbm-vulnerable subpackage and move pstopnm there (bsc#1136936)

Affected Packages

libnetpbm11

SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP3SUSE Linux Enterprise Server 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP3

Fixed in:

10.66.3-8.7.2

libnetpbm11-32bit

SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP3SUSE Linux Enterprise Server 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP3

Fixed in:

10.66.3-8.7.2

netpbm

SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP3SUSE Linux Enterprise Server 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP3

Fixed in:

10.66.3-8.7.2

libnetpbm-devel

SUSE Linux Enterprise Software Development Kit 12 SP3SUSE Linux Enterprise Software Development Kit 12 SP4

Fixed in:

10.66.3-8.7.2

References

REPORT

https://bugzilla.suse.com/1024288

REPORT

https://bugzilla.suse.com/1024291

REPORT