libraw-devel-0.17.2-1.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10156 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libraw-devel-0.17.2-1.4 on GA media These are all security issues fixed in the libraw-devel-0.17.2-1.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10156 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10156 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2013-2126/ SUSE CVE CVE-2013-2126 page https://www.suse.com/security/cve/CVE-2013-2127/ SUSE CVE CVE-2013-2127 page https://www.suse.com/security/cve/CVE-2015-8367/ SUSE CVE CVE-2015-8367 page openSUSE Tumbleweed libraw-devel-0.17.2-1.4 libraw-devel-static-0.17.2-1.4 libraw-tools-0.17.2-1.4 libraw15-0.17.2-1.4 libraw-devel-0.17.2-1.4 as a component of openSUSE Tumbleweed libraw-devel-static-0.17.2-1.4 as a component of openSUSE Tumbleweed libraw-tools-0.17.2-1.4 as a component of openSUSE Tumbleweed libraw15-0.17.2-1.4 as a component of openSUSE Tumbleweed Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file. CVE-2013-2126 openSUSE Tumbleweed:libraw-devel-0.17.2-1.4 openSUSE Tumbleweed:libraw-devel-static-0.17.2-1.4 openSUSE Tumbleweed:libraw-tools-0.17.2-1.4 openSUSE Tumbleweed:libraw15-0.17.2-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2126.html CVE-2013-2126 https://bugzilla.suse.com/822665 SUSE Bug 822665 https://bugzilla.suse.com/823113 SUSE Bug 823113 https://bugzilla.suse.com/823114 SUSE Bug 823114 Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. CVE-2013-2127 openSUSE Tumbleweed:libraw-devel-0.17.2-1.4 openSUSE Tumbleweed:libraw-devel-static-0.17.2-1.4 openSUSE Tumbleweed:libraw-tools-0.17.2-1.4 openSUSE Tumbleweed:libraw15-0.17.2-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2127.html CVE-2013-2127 https://bugzilla.suse.com/822665 SUSE Bug 822665 The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. CVE-2015-8367 openSUSE Tumbleweed:libraw-devel-0.17.2-1.4 openSUSE Tumbleweed:libraw-devel-static-0.17.2-1.4 openSUSE Tumbleweed:libraw-tools-0.17.2-1.4 openSUSE Tumbleweed:libraw15-0.17.2-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8367.html CVE-2015-8367 https://bugzilla.suse.com/1006704 SUSE Bug 1006704 https://bugzilla.suse.com/1006717 SUSE Bug 1006717 https://bugzilla.suse.com/957517 SUSE Bug 957517