Security update for freexl
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2017:2539-1
Final
1
1
2017-09-21T06:52:21Z
current
2017-09-21T06:52:21Z
2017-09-21T06:52:21Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for freexl
This update for freexl to version 1.0.4 fixes several issues.
These security issues were fixed:
- CVE-2017-2924: Prevent heap-based buffer overflow in the read_legacy_biff function (bsc#1058433).
- CVE-2017-2923: Prevent heap-based buffer overflow in the read_biff_next_record function (bsc#1058431).
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
openSUSE-2017-1082
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
E-Mail link for openSUSE-SU-2017:2539-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1058431
SUSE Bug 1058431
https://bugzilla.suse.com/1058433
SUSE Bug 1058433
https://www.suse.com/security/cve/CVE-2017-2923/
SUSE CVE CVE-2017-2923 page
https://www.suse.com/security/cve/CVE-2017-2924/
SUSE CVE CVE-2017-2924 page
SUSE Package Hub 12
freexl-devel-1.0.4-5.1
libfreexl1-1.0.4-5.1
freexl-devel-1.0.4-5.1 as a component of SUSE Package Hub 12
libfreexl1-1.0.4-5.1 as a component of SUSE Package Hub 12
An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
CVE-2017-2923
SUSE Package Hub 12:freexl-devel-1.0.4-5.1
SUSE Package Hub 12:libfreexl1-1.0.4-5.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/security/cve/CVE-2017-2923.html
CVE-2017-2923
https://bugzilla.suse.com/1058431
SUSE Bug 1058431
An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
CVE-2017-2924
SUSE Package Hub 12:freexl-devel-1.0.4-5.1
SUSE Package Hub 12:libfreexl1-1.0.4-5.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/security/cve/CVE-2017-2924.html
CVE-2017-2924
https://bugzilla.suse.com/1058433
SUSE Bug 1058433