Security update for links SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0853-1 Final 1 1 2018-03-30T09:12:03Z current 2018-03-30T09:12:03Z 2018-03-30T09:12:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for links This update for links to version 2.15 fixes the following issues: - CVE-2017-11114: Buffer over-read vulnerability in case of corrupted UTF-8 data (boo#1051448) This update also contains a number of upstream improvements: - Rewrite google docs URLs to the download link, so that the file can be viewed in external viewer - Improved handling of compressed connections and content - various other bug fixes and improvements The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-03/msg00115.html E-Mail link for openSUSE-SU-2018:0853-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 links-2.15-7.3.1 links-2.15-7.3.1 as a component of openSUSE Leap 42.3 The put_chars function in html_r.c in Twibright Links 2.14 allows remote attackers to cause a denial of service (buffer over-read) via a crafted HTML file. CVE-2017-11114 openSUSE Leap 42.3:links-2.15-7.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-03/msg00115.html https://www.suse.com/security/cve/CVE-2017-11114.html CVE-2017-11114 https://bugzilla.suse.com/1051448 SUSE Bug 1051448