Upstream information

CVE-2014-2892 at MITRE

Description

Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 874723 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libmms0 >= 0.6.2-15.8
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libmms0
SUSE Linux Enterprise Desktop 12 SP1
  • libmms0 >= 0.6.2-15.8
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libmms0
SUSE Linux Enterprise Desktop 12 SP2
  • libmms0 >= 0.6.2-15.8
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libmms0
SUSE Linux Enterprise Desktop 12 SP3
  • libmms0 >= 0.6.2-15.8
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA libmms0
SUSE Linux Enterprise Module for Desktop Applications 15
  • libmms-devel >= 0.6.4-1.24
  • libmms0 >= 0.6.4-1.24
Patchnames:
SUSE Linux Enterprise Module for Desktop Applications 15 GA libmms-devel
SUSE Linux Enterprise Server 12
  • libmms0 >= 0.6.2-15.8
Patchnames:
SUSE Linux Enterprise Server 12 GA libmms0
SUSE Linux Enterprise Server 12 SP1
  • libmms0 >= 0.6.2-15.8
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libmms0
SUSE Linux Enterprise Server 12 SP2
  • libmms0 >= 0.6.2-15.8
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libmms0
SUSE Linux Enterprise Server 12 SP3
  • libmms0 >= 0.6.2-15.8
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA libmms0
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libmms0 >= 0.6.2-15.8
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libmms0
SUSE Linux Enterprise Software Development Kit 12
  • libmms-devel >= 0.6.2-15.8
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libmms-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libmms-devel >= 0.6.2-15.8
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libmms-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libmms-devel >= 0.6.2-15.8
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libmms-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • libmms-devel >= 0.6.2-15.8
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libmms-devel
openSUSE 12.3
  • libmms >= 0.6.2-10.4.1
  • libmms-debugsource >= 0.6.2-10.4.1
  • libmms-devel >= 0.6.2-10.4.1
  • libmms0 >= 0.6.2-10.4.1
  • libmms0-32bit >= 0.6.2-10.4.1
  • libmms0-debuginfo >= 0.6.2-10.4.1
  • libmms0-debuginfo-32bit >= 0.6.2-10.4.1
Patchnames:
openSUSE-2014-327
openSUSE 13.1
  • libmms >= 0.6.2-13.4.1
  • libmms-debugsource >= 0.6.2-13.4.1
  • libmms-devel >= 0.6.2-13.4.1
  • libmms0 >= 0.6.2-13.4.1
  • libmms0-32bit >= 0.6.2-13.4.1
  • libmms0-debuginfo >= 0.6.2-13.4.1
  • libmms0-debuginfo-32bit >= 0.6.2-13.4.1
Patchnames:
openSUSE-2014-327
openSUSE Leap 15.0
  • libmms0 >= 0.6.4-lp150.1.7
Patchnames:
openSUSE Leap 15.0 GA libmms0
openSUSE Leap 42.1
  • libmms-devel >= 0.6.4-3.1
  • libmms0 >= 0.6.4-3.1
Patchnames:
openSUSE Leap 42.1 GA libmms-devel
openSUSE Leap 42.2
  • libmms-devel >= 0.6.4-4.4
  • libmms0 >= 0.6.4-4.4
Patchnames:
openSUSE Leap 42.2 GA libmms-devel
openSUSE Leap 42.3
  • libmms-devel >= 0.6.4-6.3
  • libmms0 >= 0.6.4-6.3
Patchnames:
openSUSE Leap 42.3 GA libmms-devel
openSUSE Tumbleweed
  • libmms-devel >= 0.6.4-4.5
  • libmms0 >= 0.6.4-4.5
  • libmms0-32bit >= 0.6.4-4.5
Patchnames:
openSUSE Tumbleweed GA libmms-devel