Security update for freexl (important)

2018-03-01T15:09:07
ID OPENSUSE-SU-2018:0570-1
Type suse
Reporter Suse
Modified 2018-03-01T15:09:07

Description

This update for freexl fixes the following issues:

freexl was updated to version 1.0.5:

  • No changelog provided by upstream
  • Various heapoverflows in 1.0.4 have been fixed:

    • CVE-2018-7439: heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record (boo#1082774)
    • CVE-2018-7438: heap-buffer-overflow in freexl.c:383 parse_unicode_string (boo#1082775)
    • CVE-2018-7437: heap-buffer-overflow in freexl.c:1866 parse_SST(boo#1082776)
    • CVE-2018-7436: heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST (boo#1082777)
    • CVE-2018-7435: heap-buffer-overflow in freexl::destroy_cell (boo#1082778)