Security update for unixODBC SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2978-1 Final 1 1 2024-08-20T09:07:09Z current 2024-08-20T09:07:09Z 2024-08-20T09:07:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for unixODBC This update for unixODBC fixes the following issues: - CVE-2024-1013: Fixed out of bounds stack write due to pointer-to-integer types conversion on 64-bit architectures (bsc#1228143) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-2978,SUSE-SLE-SDK-12-SP5-2024-2978,SUSE-SLE-SERVER-12-SP5-2024-2978 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242978-1/ Link for SUSE-SU-2024:2978-1 https://lists.suse.com/pipermail/sle-updates/2024-August/036648.html E-Mail link for SUSE-SU-2024:2978-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1228143 SUSE Bug 1228143 https://www.suse.com/security/cve/CVE-2024-1013/ SUSE CVE CVE-2024-1013 page SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 libodbc2-2.3.9-7.16.1 libodbc2-32bit-2.3.9-7.16.1 libodbc2-64bit-2.3.9-7.16.1 unixODBC-2.3.9-7.16.1 unixODBC-32bit-2.3.9-7.16.1 unixODBC-64bit-2.3.9-7.16.1 unixODBC-devel-2.3.9-7.16.1 unixODBC-devel-32bit-2.3.9-7.16.1 unixODBC-devel-64bit-2.3.9-7.16.1 libodbc2-2.3.9-7.16.1 as a component of SUSE Linux Enterprise Server 12 SP5 libodbc2-32bit-2.3.9-7.16.1 as a component of SUSE Linux Enterprise Server 12 SP5 unixODBC-2.3.9-7.16.1 as a component of SUSE Linux Enterprise Server 12 SP5 unixODBC-32bit-2.3.9-7.16.1 as a component of SUSE Linux Enterprise Server 12 SP5 libodbc2-2.3.9-7.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libodbc2-32bit-2.3.9-7.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 unixODBC-2.3.9-7.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 unixODBC-32bit-2.3.9-7.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 unixODBC-devel-2.3.9-7.16.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. CVE-2024-1013 SUSE Linux Enterprise Server 12 SP5:libodbc2-2.3.9-7.16.1 SUSE Linux Enterprise Server 12 SP5:libodbc2-32bit-2.3.9-7.16.1 SUSE Linux Enterprise Server 12 SP5:unixODBC-2.3.9-7.16.1 SUSE Linux Enterprise Server 12 SP5:unixODBC-32bit-2.3.9-7.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libodbc2-2.3.9-7.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libodbc2-32bit-2.3.9-7.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:unixODBC-2.3.9-7.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:unixODBC-32bit-2.3.9-7.16.1 SUSE Linux Enterprise Software Development Kit 12 SP5:unixODBC-devel-2.3.9-7.16.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242978-1/ https://www.suse.com/security/cve/CVE-2024-1013.html CVE-2024-1013 https://bugzilla.suse.com/1228143 SUSE Bug 1228143