SUSE-SU-2023:4948-1

Details

This update for zbar fixes the following issues:

CVE-2023-40889: Fixed heap-based buffer overflow in the qr_reader_match_centers function (bsc#1214770).
CVE-2023-40890: Fixed stack-based buffer overflow in the lookup_sequence function (bsc#1214771).

Affected Packages

libzbar0

SUSE Linux Enterprise Module for Desktop Applications 15 SP5SUSE Linux Enterprise Real Time 15 SP4openSUSE Leap 15.4openSUSE Leap 15.5

Fixed in:

0.23.1-150300.3.3.1

zbar

SUSE Linux Enterprise Module for Desktop Applications 15 SP5SUSE Linux Enterprise Module for Package Hub 15 SP5SUSE Linux Enterprise Real Time 15 SP4openSUSE Leap 15.4openSUSE Leap 15.5

Fixed in:

0.23.1-150300.3.3.1

libzbar-devel

SUSE Linux Enterprise Module for Package Hub 15 SP5openSUSE Leap 15.4openSUSE Leap 15.5

Fixed in:

0.23.1-150300.3.3.1

libzbarqt-devel

SUSE Linux Enterprise Module for Package Hub 15 SP5openSUSE Leap 15.4openSUSE Leap 15.5

Fixed in:

0.23.1-150300.3.3.1

libzbarqt0

SUSE Linux Enterprise Module for Package Hub 15 SP5openSUSE Leap 15.4openSUSE Leap 15.5