pspp-1.4.1-2.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11199-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z pspp-1.4.1-2.3 on GA media These are all security issues fixed in the pspp-1.4.1-2.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11199 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-10791/ SUSE CVE CVE-2017-10791 page https://www.suse.com/security/cve/CVE-2017-10792/ SUSE CVE CVE-2017-10792 page https://www.suse.com/security/cve/CVE-2017-12958/ SUSE CVE CVE-2017-12958 page https://www.suse.com/security/cve/CVE-2017-12959/ SUSE CVE CVE-2017-12959 page https://www.suse.com/security/cve/CVE-2017-12961/ SUSE CVE CVE-2017-12961 page https://www.suse.com/security/cve/CVE-2018-20230/ SUSE CVE CVE-2018-20230 page https://www.suse.com/security/cve/CVE-2019-9211/ SUSE CVE CVE-2019-9211 page openSUSE Tumbleweed pspp-1.4.1-2.3 pspp-devel-1.4.1-2.3 pspp-devel-doc-1.4.1-2.3 pspp-doc-1.4.1-2.3 pspp-lang-1.4.1-2.3 pspp-1.4.1-2.3 as a component of openSUSE Tumbleweed pspp-devel-1.4.1-2.3 as a component of openSUSE Tumbleweed pspp-devel-doc-1.4.1-2.3 as a component of openSUSE Tumbleweed pspp-doc-1.4.1-2.3 as a component of openSUSE Tumbleweed pspp-lang-1.4.1-2.3 as a component of openSUSE Tumbleweed There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. CVE-2017-10791 openSUSE Tumbleweed:pspp-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-lang-1.4.1-2.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10791.html CVE-2017-10791 https://bugzilla.suse.com/1046998 SUSE Bug 1046998 There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. CVE-2017-10792 openSUSE Tumbleweed:pspp-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-lang-1.4.1-2.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10792.html CVE-2017-10792 https://bugzilla.suse.com/1046997 SUSE Bug 1046997 There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. CVE-2017-12958 openSUSE Tumbleweed:pspp-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-lang-1.4.1-2.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12958.html CVE-2017-12958 https://bugzilla.suse.com/1054585 SUSE Bug 1054585 There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack. CVE-2017-12959 openSUSE Tumbleweed:pspp-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-lang-1.4.1-2.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12959.html CVE-2017-12959 https://bugzilla.suse.com/1054588 SUSE Bug 1054588 There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. CVE-2017-12961 openSUSE Tumbleweed:pspp-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-lang-1.4.1-2.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12961.html CVE-2017-12961 https://bugzilla.suse.com/1054586 SUSE Bug 1054586 An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-20230 openSUSE Tumbleweed:pspp-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-lang-1.4.1-2.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20230.html CVE-2018-20230 https://bugzilla.suse.com/1120061 SUSE Bug 1120061 https://bugzilla.suse.com/1203128 SUSE Bug 1203128 There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. CVE-2019-9211 openSUSE Tumbleweed:pspp-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-1.4.1-2.3 openSUSE Tumbleweed:pspp-devel-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-doc-1.4.1-2.3 openSUSE Tumbleweed:pspp-lang-1.4.1-2.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9211.html CVE-2019-9211 https://bugzilla.suse.com/1127343 SUSE Bug 1127343