openSUSE-SU-2018:0569-1

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2018:0569-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2018:0569-1

Related

Published

2018-03-01T08:28:24Z

Modified

2018-03-01T08:28:24Z

Summary

Security update for freexl

Details

This update for freexl fixes the following issues:

freexl was updated to version 1.0.5:

No changelog provided by upstream
Various heapoverflows in 1.0.4 have been fixed:
- CVE-2018-7439: heap-buffer-overflow in freexl.c:3912 readminibiffnextrecord (boo#1082774)
- CVE-2018-7438: heap-buffer-overflow in freexl.c:383 parseunicodestring (boo#1082775)
- CVE-2018-7437: heap-buffer-overflow in freexl.c:1866 parse_SST(boo#1082776)
- CVE-2018-7436: heap-buffer-overflow in freexl.c:1805 parseSST parseSST (boo#1082777)
- CVE-2018-7435: heap-buffer-overflow in freexl::destroy_cell (boo#1082778)

References

Affected packages

SUSE:Package Hub 12 / freexl

Package

Name: freexl
Purl: pkg:rpm/suse/freexl&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.5-8.1

Ecosystem specific

{
    "binaries": [
        {
            "libfreexl1": "1.0.5-8.1",
            "freexl-devel": "1.0.5-8.1"
        }
    ]
}