Security update for uriparser (low)

2019-02-13T21:12:44
ID OPENSUSE-SU-2019:0171-1
Type suse
Reporter Suse
Modified 2019-02-13T21:12:44

Description

This update for uriparser fixes the following issues:

Security issues fixed:

  • CVE-2018-20721: Fixed an out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address (bsc#1122193).
  • CVE-2018-19198: Fixed an out-of-bounds write that was possible via the uriComposeQuery or uriComposeQueryEx function (bsc#1115722).
  • CVE-2018-19199: Fixed an integer overflow caused by an unchecked multiplication via the uriComposeQuery or uriComposeQueryEx function (bsc#1115723).
  • CVE-2018-19200: Fixed a operation attempted on NULL input via a uriResetUri* function (bsc#1115724).

This update was imported from the SUSE:SLE-15:Update update project. This update was imported from the openSUSE:Leap:15.0:Update update project.