An update that fixes 11 vulnerabilities is now available.
Description:
This update for dcraw fixes the following issues:
- CVE-2017-13735: Fixed a denial of service issue due to a floating point
exception (bsc#1056170).
- CVE-2017-14608: Fixed an invalid memory access that could lead to
information disclosure or denial of service (bsc#1063798).
- CVE-2018-19655: Fixed a buffer overflow that could lead to an
application crash (bsc#1117896).
- CVE-2018-5801: Fixed an invalid memory access that could lead to denial
of service (bsc#1084690).
- CVE-2018-5805: Fixed a buffer overflow that could lead to an application
crash (bsc#1097973).
- CVE-2018-5806: Fixed an invalid memory access that could lead to denial
of service (bsc#1097974).
- CVE-2018-19565: Fixed an invalid memory access that could lead to
information disclosure or denial of service (bsc#1117622).
- CVE-2018-19566: Fixed an invalid memory access that could lead to
information disclosure or denial of service (bsc#1117517).
- CVE-2018-19567: Fixed a denial of service issue due to a floating point
exception (bsc#1117512).
- CVE-2018-19568: Fixed a denial of service issue due to a floating point
exception (bsc#1117436).
- CVE-2021-3624: Fixed a buffer overflow that could lead to code execution
or denial of service (bsc#1189642).
Non-security fixes:
- Updated to version 9.28.0.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: