LogoopenSUSE Build Service > Request 144547
Sign Up | Log In

Request 144547 (accepted)

- Add plib-1.8.5-CVE-2011-4620.patch (bnc#738207) and
  plib-1.8.5-CVE-2012-4552.patch (bnc#787305)

Submit package openSUSE:Evergreen:11.2:Test / plib (revision 3) to package openSUSE:Evergreen:11.2 / plib

[-] [+] Changed plib.changes
[-] [+] Changed plib.spec ^
[-] [+] Added plib-1.8.5-CVE-2011-4620.patch ^
[-] [+] Added plib-1.8.5-CVE-2012-4552.patch ^

Mentioned Issues (4)

CVE-2011-4620
Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a craft
CVE-2012-4552
Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.
boo#738207 Virtual SUSE Security Team _security_team Closed
VUL-0: plib: ulSetError() buffer overflow
boo#787305 Virtual SUSE Security Team _security_team Closed
VUL-1: CVE-2012-4552: plib: stack-based buffer overflow ssg/ssgParser.cxx

There's nothing to be done right now

Request History

Stefan Lijewski lijews created request almost 4 years ago
- Add plib-1.8.5-CVE-2011-4620.patch (bnc#738207) and
  plib-1.8.5-CVE-2012-4552.patch (bnc#787305)
Stefan Lijewski lijews Request got accepted almost 4 years ago
- Add plib-1.8.5-CVE-2011-4620.patch (bnc#738207) and
  plib-1.8.5-CVE-2012-4552.patch (bnc#787305)

Comments for request 144547 (0)