SUSE-SU-2022:1476-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2022:1476-1

MEDIUM5.3

Security update for libcaca

Published Apr 29, 2022

Modified 4 years ago

Fix available

Details

Description of the patch:

This update for libcaca fixes the following issues:

CVE-2022-0856: Fixed a divide by zero issue which could be exploited to cause an application crash (bsc#1197028).

Affected Packages

libcaca-devel

SUSE Enterprise Storage 7.1SUSE Linux Enterprise Desktop 15 SP3SUSE Linux Enterprise High Performance Computing 15 SP3SUSE Linux Enterprise Module for Basesystem 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

0.99.beta19.git20171003-150200.11.6.1

libcaca0

SUSE Enterprise Storage 7.1SUSE Linux Enterprise Desktop 15 SP3SUSE Linux Enterprise High Performance Computing 15 SP3SUSE Linux Enterprise Module for Basesystem 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

0.99.beta19.git20171003-150200.11.6.1

libcaca0-plugins

SUSE Enterprise Storage 7.1SUSE Linux Enterprise Desktop 15 SP3SUSE Linux Enterprise High Performance Computing 15 SP3SUSE Linux Enterprise Module for Basesystem 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

0.99.beta19.git20171003-150200.11.6.1

caca-utils

openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

0.99.beta19.git20171003-150200.11.6.1

libcaca-ruby

openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

0.99.beta19.git20171003-150200.11.6.1

libcaca0-32bit

openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

0.99.beta19.git20171003-150200.11.6.1

libcaca0-plugins-32bit

openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

0.99.beta19.git20171003-150200.11.6.1

python3-caca

openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

0.99.beta19.git20171003-150200.11.6.1

References

https://bugzilla.suse.com/1197028

https://lists.suse.com/pipermail/sle-security-updates/2022-April/010901.html

https://www.suse.com/security/cve/CVE-2022-0856/

https://www.suse.com/support/security/rating/

https://www.suse.com/support/update/announcement/2022/suse-su-20221476-1/

CVSS Analysis

CVSS v3.1

5.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.3/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Upstream

Ecosystems(12)

SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Real Time 15 SP2

Timeline

PublishedApr 29, 2022

ModifiedApr 29, 2022