libXcursor-devel-1.2.0-1.9 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10919-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libXcursor-devel-1.2.0-1.9 on GA media These are all security issues fixed in the libXcursor-devel-1.2.0-1.9 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10919 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-16612/ SUSE CVE CVE-2017-16612 page openSUSE Tumbleweed libXcursor-devel-1.2.0-1.9 libXcursor-devel-32bit-1.2.0-1.9 libXcursor1-1.2.0-1.9 libXcursor1-32bit-1.2.0-1.9 libXcursor-devel-1.2.0-1.9 as a component of openSUSE Tumbleweed libXcursor-devel-32bit-1.2.0-1.9 as a component of openSUSE Tumbleweed libXcursor1-1.2.0-1.9 as a component of openSUSE Tumbleweed libXcursor1-32bit-1.2.0-1.9 as a component of openSUSE Tumbleweed libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0. CVE-2017-16612 openSUSE Tumbleweed:libXcursor-devel-1.2.0-1.9 openSUSE Tumbleweed:libXcursor-devel-32bit-1.2.0-1.9 openSUSE Tumbleweed:libXcursor1-1.2.0-1.9 openSUSE Tumbleweed:libXcursor1-32bit-1.2.0-1.9 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-16612.html CVE-2017-16612 https://bugzilla.suse.com/1065386 SUSE Bug 1065386 https://bugzilla.suse.com/1159415 SUSE Bug 1159415