Security update for libmatroska, mkvtoolnix SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:3819-1 Final 1 1 2018-11-20T16:19:23Z current 2018-11-20T16:19:23Z 2018-11-20T16:19:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libmatroska, mkvtoolnix This update for libmatroska, mkvtoolnix fixes the following issues: Security issue fixed: - CVE-2018-4022: Fixed use-after-free vulnerability that existed in the way MKV (matroska) file format was handled (bsc#1113709). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00030.html E-Mail link for openSUSE-SU-2018:3819-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub for SUSE Linux Enterprise 15 mkvtoolnix-28.2.0-bp150.2.3.1 mkvtoolnix-gui-28.2.0-bp150.2.3.1 mkvtoolnix-28.2.0-bp150.2.3.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 mkvtoolnix-gui-28.2.0-bp150.2.3.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user. CVE-2018-4022 SUSE Package Hub for SUSE Linux Enterprise 15:mkvtoolnix-28.2.0-bp150.2.3.1 SUSE Package Hub for SUSE Linux Enterprise 15:mkvtoolnix-gui-28.2.0-bp150.2.3.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00030.html https://www.suse.com/security/cve/CVE-2018-4022.html CVE-2018-4022 https://bugzilla.suse.com/1113709 SUSE Bug 1113709