Security update for libraw SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2286-1 Final 1 1 2018-08-09T20:50:28Z current 2018-08-09T20:50:28Z 2018-08-09T20:50:28Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libraw This update for libraw fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-5813: Fixed an error within the 'parse_minolta()' function (dcraw/dcraw.c) that could be exploited to trigger an infinite loop via a specially crafted file. This could be exploited to cause a DoS.(boo#1103200). - CVE-2018-5815: Fixed an integer overflow in the internal/dcraw_common.cpp:parse_qt() function, that could be exploited to cause an infinite loop via a specially crafted Apple QuickTime file. (boo#1103206) - CVE-2018-5810: Fixed an error within the rollei_load_raw() function (internal/dcraw_common.cpp) that could be exploited to cause a heap-based buffer overflow and subsequently cause a crash. (boo#1103353) - CVE-2018-5811: Fixed an error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) that could be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. (boo#1103359) - CVE-2018-5812: Fixed another error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) that could be exploited to trigger a NULL pointer dereference. (boo#1103360) - CVE-2018-5807: Fixed an error within the samsung_load_raw() function (internal/dcraw_common.cpp) that could be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. (boo#1103361) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00032.html E-Mail link for openSUSE-SU-2018:2286-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libraw-0.17.1-23.1 libraw-devel-0.17.1-23.1 libraw-devel-static-0.17.1-23.1 libraw-tools-0.17.1-23.1 libraw15-0.17.1-23.1 libraw-0.17.1-23.1 as a component of openSUSE Leap 42.3 libraw-devel-0.17.1-23.1 as a component of openSUSE Leap 42.3 libraw-devel-static-0.17.1-23.1 as a component of openSUSE Leap 42.3 libraw-tools-0.17.1-23.1 as a component of openSUSE Leap 42.3 libraw15-0.17.1-23.1 as a component of openSUSE Leap 42.3 An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. CVE-2018-5807 openSUSE Leap 42.3:libraw-0.17.1-23.1 openSUSE Leap 42.3:libraw-devel-0.17.1-23.1 openSUSE Leap 42.3:libraw-devel-static-0.17.1-23.1 openSUSE Leap 42.3:libraw-tools-0.17.1-23.1 openSUSE Leap 42.3:libraw15-0.17.1-23.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00032.html https://www.suse.com/security/cve/CVE-2018-5807.html CVE-2018-5807 https://bugzilla.suse.com/1103361 SUSE Bug 1103361 An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. CVE-2018-5810 openSUSE Leap 42.3:libraw-0.17.1-23.1 openSUSE Leap 42.3:libraw-devel-0.17.1-23.1 openSUSE Leap 42.3:libraw-devel-static-0.17.1-23.1 openSUSE Leap 42.3:libraw-tools-0.17.1-23.1 openSUSE Leap 42.3:libraw15-0.17.1-23.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00032.html https://www.suse.com/security/cve/CVE-2018-5810.html CVE-2018-5810 https://bugzilla.suse.com/1103353 SUSE Bug 1103353 https://bugzilla.suse.com/1118894 SUSE Bug 1118894 An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. CVE-2018-5811 openSUSE Leap 42.3:libraw-0.17.1-23.1 openSUSE Leap 42.3:libraw-devel-0.17.1-23.1 openSUSE Leap 42.3:libraw-devel-static-0.17.1-23.1 openSUSE Leap 42.3:libraw-tools-0.17.1-23.1 openSUSE Leap 42.3:libraw15-0.17.1-23.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00032.html https://www.suse.com/security/cve/CVE-2018-5811.html CVE-2018-5811 https://bugzilla.suse.com/1103359 SUSE Bug 1103359 An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference. CVE-2018-5812 openSUSE Leap 42.3:libraw-0.17.1-23.1 openSUSE Leap 42.3:libraw-devel-0.17.1-23.1 openSUSE Leap 42.3:libraw-devel-static-0.17.1-23.1 openSUSE Leap 42.3:libraw-tools-0.17.1-23.1 openSUSE Leap 42.3:libraw15-0.17.1-23.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00032.html https://www.suse.com/security/cve/CVE-2018-5812.html CVE-2018-5812 https://bugzilla.suse.com/1103360 SUSE Bug 1103360 An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file. CVE-2018-5813 openSUSE Leap 42.3:libraw-0.17.1-23.1 openSUSE Leap 42.3:libraw-devel-0.17.1-23.1 openSUSE Leap 42.3:libraw-devel-static-0.17.1-23.1 openSUSE Leap 42.3:libraw-tools-0.17.1-23.1 openSUSE Leap 42.3:libraw15-0.17.1-23.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00032.html https://www.suse.com/security/cve/CVE-2018-5813.html CVE-2018-5813 https://bugzilla.suse.com/1103200 SUSE Bug 1103200 An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. CVE-2018-5815 openSUSE Leap 42.3:libraw-0.17.1-23.1 openSUSE Leap 42.3:libraw-devel-0.17.1-23.1 openSUSE Leap 42.3:libraw-devel-static-0.17.1-23.1 openSUSE Leap 42.3:libraw-tools-0.17.1-23.1 openSUSE Leap 42.3:libraw15-0.17.1-23.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00032.html https://www.suse.com/security/cve/CVE-2018-5815.html CVE-2018-5815 https://bugzilla.suse.com/1103206 SUSE Bug 1103206