openSUSE alert openSUSE-SU-2017:2539-1 (freexl)

From:
    	     
 
opensuse-security@opensuse.org 
To:
    	     
 
opensuse-updates@opensuse.org 
Subject:
    	     
 
openSUSE-SU-2017:2539-1: Security update for freexl 
Date:
    	     
 
Thu, 21 Sep 2017 12:08:06 +0200 (CEST)
Message-ID:
    	     
 
<20170921100806.D81C3FC9C@maintenance.suse.de>
   openSUSE Security Update: Security update for freexl
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:2539-1
Rating:             low
References:         #1058431 #1058433 
Cross-References:   CVE-2017-2923 CVE-2017-2924
Affected Products:
                    SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for freexl to version 1.0.4 fixes several issues.

   These security issues were fixed:

   - CVE-2017-2924: Prevent heap-based buffer overflow in the
     read_legacy_biff function (bsc#1058433).
   - CVE-2017-2923: Prevent heap-based buffer overflow in the
     read_biff_next_record function (bsc#1058431).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Package Hub for SUSE Linux Enterprise 12:

      zypper in -t patch openSUSE-2017-1082=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

      freexl-debugsource-1.0.4-5.1
      freexl-devel-1.0.4-5.1
      libfreexl1-1.0.4-5.1
      libfreexl1-debuginfo-1.0.4-5.1


References:

   https://www.suse.com/security/cve/CVE-2017-2923.html
   https://www.suse.com/security/cve/CVE-2017-2924.html
   https://bugzilla.suse.com/1058431
   https://bugzilla.suse.com/1058433