openSUSE Security Update : libraw (openSUSE-2019-8)
High Nessus Plugin ID 121089
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for libraw fixes the following issues :
The following security vulnerabilities were addressed :
- CVE-2018-5813: Fixed an error within the 'parse_minolta()' function (dcraw/dcraw.c) that could be exploited to trigger an infinite loop via a specially crafted file. This could be exploited to cause a DoS.(boo#1103200).
- CVE-2018-5815: Fixed an integer overflow in the internal/dcraw_common.cpp:parse_qt() function, that could be exploited to cause an infinite loop via a specially crafted Apple QuickTime file. (boo#1103206)
- CVE-2018-5804,CVE-2018-5816: Fixed a type confusion error in the identify function (bsc#1097975)
This update was imported from the SUSE:SLE-15:Update update project.
SolutionUpdate the affected libraw packages.