SUSE Package Hub - openSUSE-2018-217

Update Info

openSUSE-2018-217

Security update for freexl

Type: security

Severity: important

Issued: 2018-03-01

Description:

This update for freexl fixes the following issues:

freexl was updated to version 1.0.5:

* No changelog provided by upstream
* Various heapoverflows in 1.0.4 have been fixed:

    * CVE-2018-7439: heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record (boo#1082774)
    * CVE-2018-7438: heap-buffer-overflow in freexl.c:383 parse_unicode_string (boo#1082775)
    * CVE-2018-7437: heap-buffer-overflow in freexl.c:1866 parse_SST(boo#1082776)
    * CVE-2018-7436: heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST (boo#1082777)
    * CVE-2018-7435: heap-buffer-overflow in freexl::destroy_cell (boo#1082778)

References

CVE: CVE-2018-7439
CVE: CVE-2018-7438
CVE: CVE-2018-7437
CVE: CVE-2018-7436
CVE: CVE-2018-7435
Bugzilla: 1082778 VUL-0: CVE-2018-7435: freexl: heap-buffer-overflow in freexl::destroy_cell
Bugzilla: 1082777 VUL-0: CVE-2018-7436: freexl: heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST
Bugzilla: 1082776 VUL-0: CVE-2018-7437: freexl: heap-buffer-overflow in freexl.c:1866 parse_SST
Bugzilla: 1082775 VUL-0: CVE-2018-7438: freexl: heap-buffer-overflow in freexl.c:383 parse_unicode_string
Bugzilla: 1082774 VUL-0: CVE-2018-7439: freexl: heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record

Packages

freexl-1.0.5-8.1