Security update for cfitsio SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1038-1 Final 1 1 2018-04-20T16:40:08Z current 2018-04-20T16:40:08Z 2018-04-20T16:40:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for cfitsio This update for cfitsio fixes the following issues: Security issues fixed: - CVE-2018-1000166: Unsafe use of sprintf() can allow a remote unauthenticated attacker to execute arbitrary code (boo#1088590) This update to version 3.430 also contains a number of upstream bug fixes. The following tracked packaging changes are included: - boo#1082318: package licence text as license, not as documentation The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00062.html E-Mail link for openSUSE-SU-2018:1038-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 cfitsio-3.430-4.3.1 cfitsio-devel-3.430-4.3.1 cfitsio-devel-doc-3.430-4.3.1 libcfitsio5-3.430-4.3.1 cfitsio-3.430-4.3.1 as a component of openSUSE Leap 42.3 cfitsio-devel-3.430-4.3.1 as a component of openSUSE Leap 42.3 cfitsio-devel-doc-3.430-4.3.1 as a component of openSUSE Leap 42.3 libcfitsio5-3.430-4.3.1 as a component of openSUSE Leap 42.3 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3848 and CVE-2018-3849. Reason: This candidate is a reservation duplicate of CVE-2018-3848 and CVE-2018-3849. Notes: All CVE users should reference CVE-2018-3848 and CVE-2018-3849 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2018-1000166 openSUSE Leap 42.3:cfitsio-3.430-4.3.1 openSUSE Leap 42.3:cfitsio-devel-3.430-4.3.1 openSUSE Leap 42.3:cfitsio-devel-doc-3.430-4.3.1 openSUSE Leap 42.3:libcfitsio5-3.430-4.3.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00062.html https://www.suse.com/security/cve/CVE-2018-1000166.html CVE-2018-1000166 https://bugzilla.suse.com/1088590 SUSE Bug 1088590