cscope-15.9-1.9 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10705-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z cscope-15.9-1.9 on GA media These are all security issues fixed in the cscope-15.9-1.9 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10705 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2004-2541/ SUSE CVE CVE-2004-2541 page https://www.suse.com/security/cve/CVE-2006-4262/ SUSE CVE CVE-2006-4262 page openSUSE Tumbleweed cscope-15.9-1.9 cscope-15.9-1.9 as a component of openSUSE Tumbleweed Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target. CVE-2004-2541 openSUSE Tumbleweed:cscope-15.9-1.9 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2004-2541.html CVE-2004-2541 https://bugzilla.suse.com/177568 SUSE Bug 177568 Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument. CVE-2006-4262 openSUSE Tumbleweed:cscope-15.9-1.9 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-4262.html CVE-2006-4262 https://bugzilla.suse.com/200534 SUSE Bug 200534