openSUSE Security Update : netpbm (openSUSE-2017-742)
Medium Nessus Plugin ID 101135
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for netpbm fixes the following issues :
Security bugs :
- CVE-2017-2586: A NULL pointer dereference in stringToUint function could lead to a denial of service (abort) problem when processing malformed images.
- CVE-2017-2581: A out-of-bounds write in writeRasterPbm() could be used by attackers to crash the decoder or potentially execute code. [bsc#1024287]
- CVE-2017-2587: A insufficient size check of memory allocation in createCanvas() function could be used for a denial of service attack (memory exhaustion) [bsc#1024294]
This update was imported from the SUSE:SLE-12:Update update project.
SolutionUpdate the affected netpbm packages.