Security update for brotli SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:01762-1 Final 1 1 2025-05-29T20:55:26Z current 2025-05-29T20:55:26Z 2025-05-29T20:55:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for brotli This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1762,SUSE-SUSE-MicroOS-5.1-2025-1762 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202501762-1/ Link for SUSE-SU-2025:01762-1 https://lists.suse.com/pipermail/sle-updates/2025-May/039454.html E-Mail link for SUSE-SU-2025:01762-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1175825 SUSE Bug 1175825 https://www.suse.com/security/cve/CVE-2020-8927/ SUSE CVE CVE-2020-8927 page SUSE Linux Enterprise Micro 5.1 libbrotlicommon1-1.0.7-3.3.1 libbrotlidec1-1.0.7-3.3.1 libbrotlicommon1-1.0.7-3.3.1 as a component of SUSE Linux Enterprise Micro 5.1 libbrotlidec1-1.0.7-3.3.1 as a component of SUSE Linux Enterprise Micro 5.1 A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. CVE-2020-8927 SUSE Linux Enterprise Micro 5.1:libbrotlicommon1-1.0.7-3.3.1 SUSE Linux Enterprise Micro 5.1:libbrotlidec1-1.0.7-3.3.1 moderate 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501762-1/ https://www.suse.com/security/cve/CVE-2020-8927.html CVE-2020-8927 https://bugzilla.suse.com/1175825 SUSE Bug 1175825