liburiparser1-0.9.5-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11488-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z liburiparser1-0.9.5-1.2 on GA media These are all security issues fixed in the liburiparser1-0.9.5-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11488 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-19198/ SUSE CVE CVE-2018-19198 page https://www.suse.com/security/cve/CVE-2018-19199/ SUSE CVE CVE-2018-19199 page https://www.suse.com/security/cve/CVE-2018-19200/ SUSE CVE CVE-2018-19200 page https://www.suse.com/security/cve/CVE-2018-20721/ SUSE CVE CVE-2018-20721 page openSUSE Tumbleweed liburiparser1-0.9.5-1.2 liburiparser1-32bit-0.9.5-1.2 uriparser-0.9.5-1.2 uriparser-devel-0.9.5-1.2 uriparser-doc-0.9.5-1.2 liburiparser1-0.9.5-1.2 as a component of openSUSE Tumbleweed liburiparser1-32bit-0.9.5-1.2 as a component of openSUSE Tumbleweed uriparser-0.9.5-1.2 as a component of openSUSE Tumbleweed uriparser-devel-0.9.5-1.2 as a component of openSUSE Tumbleweed uriparser-doc-0.9.5-1.2 as a component of openSUSE Tumbleweed An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts. CVE-2018-19198 openSUSE Tumbleweed:liburiparser1-0.9.5-1.2 openSUSE Tumbleweed:liburiparser1-32bit-0.9.5-1.2 openSUSE Tumbleweed:uriparser-0.9.5-1.2 openSUSE Tumbleweed:uriparser-devel-0.9.5-1.2 openSUSE Tumbleweed:uriparser-doc-0.9.5-1.2 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-19198.html CVE-2018-19198 https://bugzilla.suse.com/1115722 SUSE Bug 1115722 An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. CVE-2018-19199 openSUSE Tumbleweed:liburiparser1-0.9.5-1.2 openSUSE Tumbleweed:liburiparser1-32bit-0.9.5-1.2 openSUSE Tumbleweed:uriparser-0.9.5-1.2 openSUSE Tumbleweed:uriparser-devel-0.9.5-1.2 openSUSE Tumbleweed:uriparser-doc-0.9.5-1.2 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-19199.html CVE-2018-19199 https://bugzilla.suse.com/1115723 SUSE Bug 1115723 An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. CVE-2018-19200 openSUSE Tumbleweed:liburiparser1-0.9.5-1.2 openSUSE Tumbleweed:liburiparser1-32bit-0.9.5-1.2 openSUSE Tumbleweed:uriparser-0.9.5-1.2 openSUSE Tumbleweed:uriparser-devel-0.9.5-1.2 openSUSE Tumbleweed:uriparser-doc-0.9.5-1.2 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-19200.html CVE-2018-19200 https://bugzilla.suse.com/1115724 SUSE Bug 1115724 URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address. CVE-2018-20721 openSUSE Tumbleweed:liburiparser1-0.9.5-1.2 openSUSE Tumbleweed:liburiparser1-32bit-0.9.5-1.2 openSUSE Tumbleweed:uriparser-0.9.5-1.2 openSUSE Tumbleweed:uriparser-devel-0.9.5-1.2 openSUSE Tumbleweed:uriparser-doc-0.9.5-1.2 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20721.html CVE-2018-20721 https://bugzilla.suse.com/1122193 SUSE Bug 1122193