Security update for libraw SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2848-1 Final 1 1 2017-10-25T07:20:52Z current 2017-10-25T07:20:52Z 2017-10-25T07:20:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libraw This update for libraw fixes the following issues: Changes in libraw: * CVE-2017-14608: An out of bounds read in the kodak_65000_load_raw function could lead to an information leak. [boo#1063798] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-10/msg00089.html E-Mail link for openSUSE-SU-2017:2848-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 libraw-0.17.1-14.1 libraw-devel-0.17.1-14.1 libraw-devel-static-0.17.1-14.1 libraw-tools-0.17.1-14.1 libraw15-0.17.1-14.1 libraw-0.17.1-14.1 as a component of openSUSE Leap 42.2 libraw-devel-0.17.1-14.1 as a component of openSUSE Leap 42.2 libraw-devel-static-0.17.1-14.1 as a component of openSUSE Leap 42.2 libraw-tools-0.17.1-14.1 as a component of openSUSE Leap 42.2 libraw15-0.17.1-14.1 as a component of openSUSE Leap 42.2 libraw-0.17.1-14.1 as a component of openSUSE Leap 42.3 libraw-devel-0.17.1-14.1 as a component of openSUSE Leap 42.3 libraw-devel-static-0.17.1-14.1 as a component of openSUSE Leap 42.3 libraw-tools-0.17.1-14.1 as a component of openSUSE Leap 42.3 libraw15-0.17.1-14.1 as a component of openSUSE Leap 42.3 In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. CVE-2017-14608 openSUSE Leap 42.2:libraw-0.17.1-14.1 openSUSE Leap 42.2:libraw-devel-0.17.1-14.1 openSUSE Leap 42.2:libraw-devel-static-0.17.1-14.1 openSUSE Leap 42.2:libraw-tools-0.17.1-14.1 openSUSE Leap 42.2:libraw15-0.17.1-14.1 openSUSE Leap 42.3:libraw-0.17.1-14.1 openSUSE Leap 42.3:libraw-devel-0.17.1-14.1 openSUSE Leap 42.3:libraw-devel-static-0.17.1-14.1 openSUSE Leap 42.3:libraw-tools-0.17.1-14.1 openSUSE Leap 42.3:libraw15-0.17.1-14.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-10/msg00089.html https://www.suse.com/security/cve/CVE-2017-14608.html CVE-2017-14608 https://bugzilla.suse.com/1063798 SUSE Bug 1063798