Security update for uriparser

SUSE Security Update: Security update for uriparser
Announcement ID: SUSE-SU-2019:0228-1
Rating: low
References: #1115722 #1115723 #1115724 #1122193
Cross-References: CVE-2018-19198 CVE-2018-19199 CVE-2018-19200 CVE-2018-20721
Affected Products:
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

An update that fixes four vulnerabilities is now available.

Description:

This update for uriparser fixes the following issues:
Security issues fixed:

  • CVE-2018-20721: Fixed an out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address (bsc#1122193).
  • CVE-2018-19198: Fixed an out-of-bounds write that was possible via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115722).
  • CVE-2018-19199: Fixed an integer overflow caused by an unchecked multiplication via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115723).
  • CVE-2018-19200: Fixed a operation attempted on NULL input via a uriResetUri* function (bsc#1115724).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-228=1

Package List:

  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64):
    • liburiparser1-0.8.5-3.5.1
    • liburiparser1-debuginfo-0.8.5-3.5.1
    • uriparser-0.8.5-3.5.1
    • uriparser-debuginfo-0.8.5-3.5.1
    • uriparser-debugsource-0.8.5-3.5.1
    • uriparser-devel-0.8.5-3.5.1

References: