Security update for libredwg SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:0147-1 Final 1 1 2024-05-29T16:41:07Z current 2024-05-29T16:41:07Z 2024-05-29T16:41:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libredwg This update for libredwg fixes the following issues: Update to tag 0.12.5.6924: - CVE-2023-26157: Fixed out-of-bound read involving section->num_pages in decode_r2007.c (boo#1218473) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2024-147 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WJZKASYCXFRWLMBF4XUIYV5ZN2WMSZYO/ E-Mail link for openSUSE-SU-2024:0147-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1218473 SUSE Bug 1218473 https://www.suse.com/security/cve/CVE-2023-26157/ SUSE CVE CVE-2023-26157 page SUSE Package Hub 15 SP5 openSUSE Leap 15.5 libredwg-devel-0.12.5.6924-bp155.3.6.1 libredwg-tools-0.12.5.6924-bp155.3.6.1 libredwg0-0.12.5.6924-bp155.3.6.1 libredwg-devel-0.12.5.6924-bp155.3.6.1 as a component of SUSE Package Hub 15 SP5 libredwg-tools-0.12.5.6924-bp155.3.6.1 as a component of SUSE Package Hub 15 SP5 libredwg0-0.12.5.6924-bp155.3.6.1 as a component of SUSE Package Hub 15 SP5 libredwg-devel-0.12.5.6924-bp155.3.6.1 as a component of openSUSE Leap 15.5 libredwg-tools-0.12.5.6924-bp155.3.6.1 as a component of openSUSE Leap 15.5 libredwg0-0.12.5.6924-bp155.3.6.1 as a component of openSUSE Leap 15.5 Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c. CVE-2023-26157 SUSE Package Hub 15 SP5:libredwg-devel-0.12.5.6924-bp155.3.6.1 SUSE Package Hub 15 SP5:libredwg-tools-0.12.5.6924-bp155.3.6.1 SUSE Package Hub 15 SP5:libredwg0-0.12.5.6924-bp155.3.6.1 openSUSE Leap 15.5:libredwg-devel-0.12.5.6924-bp155.3.6.1 openSUSE Leap 15.5:libredwg-tools-0.12.5.6924-bp155.3.6.1 openSUSE Leap 15.5:libredwg0-0.12.5.6924-bp155.3.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WJZKASYCXFRWLMBF4XUIYV5ZN2WMSZYO/ https://www.suse.com/security/cve/CVE-2023-26157.html CVE-2023-26157 https://bugzilla.suse.com/1218473 SUSE Bug 1218473