Security update for libraw SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2638-1 Final 1 1 2017-10-03T16:18:32Z current 2017-10-03T16:18:32Z 2017-10-03T16:18:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libraw This update for libraw fixes the following issues: Security issue fixed: * CVE-2017-14265: A stack based buffer overflow in the xtrans_interpolate function was fixed. [boo#1060163] * CVE-2017-13735: A floating point exception in the kodak_radc_load_raw function was fixed which could have lead to aborts of programs using libraw on reading malicious files. [bsc#1060321] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-10/msg00007.html E-Mail link for openSUSE-SU-2017:2638-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 libraw-0.17.1-11.1 libraw-devel-0.17.1-11.1 libraw-devel-static-0.17.1-11.1 libraw-tools-0.17.1-11.1 libraw15-0.17.1-11.1 libraw-0.17.1-11.1 as a component of openSUSE Leap 42.2 libraw-devel-0.17.1-11.1 as a component of openSUSE Leap 42.2 libraw-devel-static-0.17.1-11.1 as a component of openSUSE Leap 42.2 libraw-tools-0.17.1-11.1 as a component of openSUSE Leap 42.2 libraw15-0.17.1-11.1 as a component of openSUSE Leap 42.2 libraw-0.17.1-11.1 as a component of openSUSE Leap 42.3 libraw-devel-0.17.1-11.1 as a component of openSUSE Leap 42.3 libraw-devel-static-0.17.1-11.1 as a component of openSUSE Leap 42.3 libraw-tools-0.17.1-11.1 as a component of openSUSE Leap 42.3 libraw15-0.17.1-11.1 as a component of openSUSE Leap 42.3 There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. CVE-2017-13735 openSUSE Leap 42.2:libraw-0.17.1-11.1 openSUSE Leap 42.2:libraw-devel-0.17.1-11.1 openSUSE Leap 42.2:libraw-devel-static-0.17.1-11.1 openSUSE Leap 42.2:libraw-tools-0.17.1-11.1 openSUSE Leap 42.2:libraw15-0.17.1-11.1 openSUSE Leap 42.3:libraw-0.17.1-11.1 openSUSE Leap 42.3:libraw-devel-0.17.1-11.1 openSUSE Leap 42.3:libraw-devel-static-0.17.1-11.1 openSUSE Leap 42.3:libraw-tools-0.17.1-11.1 openSUSE Leap 42.3:libraw15-0.17.1-11.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-10/msg00007.html https://www.suse.com/security/cve/CVE-2017-13735.html CVE-2017-13735 https://bugzilla.suse.com/1056170 SUSE Bug 1056170 https://bugzilla.suse.com/1060321 SUSE Bug 1060321 A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. CVE-2017-14265 openSUSE Leap 42.2:libraw-0.17.1-11.1 openSUSE Leap 42.2:libraw-devel-0.17.1-11.1 openSUSE Leap 42.2:libraw-devel-static-0.17.1-11.1 openSUSE Leap 42.2:libraw-tools-0.17.1-11.1 openSUSE Leap 42.2:libraw15-0.17.1-11.1 openSUSE Leap 42.3:libraw-0.17.1-11.1 openSUSE Leap 42.3:libraw-devel-0.17.1-11.1 openSUSE Leap 42.3:libraw-devel-static-0.17.1-11.1 openSUSE Leap 42.3:libraw-tools-0.17.1-11.1 openSUSE Leap 42.3:libraw15-0.17.1-11.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-10/msg00007.html https://www.suse.com/security/cve/CVE-2017-14265.html CVE-2017-14265 https://bugzilla.suse.com/1060163 SUSE Bug 1060163 https://bugzilla.suse.com/1084688 SUSE Bug 1084688 https://bugzilla.suse.com/1084690 SUSE Bug 1084690 https://bugzilla.suse.com/1084691 SUSE Bug 1084691