Security update for libofx
This update for libofx fixes the following issues:
The following security vulnerabilities have been addressed:
- CVE-2017-2920: Fixed an exploitable buffer overflow in the tag parsing
functionality, which could result in an out of bounds write and could be
triggered via a specially crafted OFX file (boo#1061964)
- CVE-2017-2816: Fixed another buffer overflow in the tag parsing functionality,
which could result in an stack overflow and could be triggered
via a specially crafted OFX file (boo#1058673)
-
Submitted by
Qiang Zheng (zhengqiang)
Fixed bugs
bnc#1061964
VUL-0: CVE-2017-2920: libofx: buffer overflow vulnerability in sanitize_proprietary_tags in lib/ofx_preproc.cpp
bnc#1058673
VUL-0: CVE-2017-2816: libofx: An exploitable buffer overflow vulnerability exists in the tag parsingfunctionality of LibOFX 0.9.11. A specially crafted OFX file can cause a writeout of bounds resulting in a buffer overflow on the stack. A
