Lucene search

K
suseSuseOPENSUSE-SU-2021:1458-1
HistoryNov 07, 2021 - 12:00 a.m.

Security update for transfig (important)

2021-11-0700:00:00
lists.opensuse.org
6

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.3%

An update that fixes 12 vulnerabilities is now available.

Description:

This update for transfig fixes the following issues:

Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021)

  • bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline
    function in genepic.c.
  • bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects
    function in read.c.
  • bsc#1190617, CVE-2020-21531: global buffer overflow in the
    conv_pattern_index function in gencgm.c.
  • bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont
    function in genepic.c.
  • bsc#1190612, CVE-2020-21533: stack buffer overflow in the
    read_textobject function in read.c.
  • bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line
    function in read.c.
  • bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start
    function in gencgm.c.
  • bsc#1192019, CVE-2021-32280: NULL pointer dereference in
    compute_closed_spline() in trans_spline.c

This update was imported from the SUSE:SLE-15:Update update project. This
update was imported from the openSUSE:Leap:15.2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Backports SLE-15-SP2:

    zypper in -t patch openSUSE-2021-1458=1

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.3%