openSUSE Security Update : lhasa (openSUSE-2016-454)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for lhasa to 0.3.1 fixes the following issues :

These security issues were fixed :

- CVE-2016-2347: Integer underflow vulnerability in the
code for doing LZH level 3 header decodes (boo#973790)[

These non-security issues were fixed :

- PMarc -pm1- archives that contain truncated compressed
data (the decompressed length is longer than what can be
read from the compressed data) now decompress as
intended. Certain archives in the wild make the
assumption that this can be done.

- LArc -lz5- archives that make use of the initial history
buffer now decompress correctly.

- The tests no longer use predictable temporary paths.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=973790

Solution :

Update the affected lhasa packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 90523 ()

Bugtraq ID:

CVE ID: CVE-2016-2347

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now