[SUSE-SU-2017:1989-1] Security update for libical
Severity
Moderate
Affected Packages
16
CVEs
3
Security update for libical
This update for libical fixes the following issues:
Security issues fixed:
- CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free)
via a crafted ics file. (bsc#986639)
- CVE-2016-5827: The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers
to cause a denial of service (out-of-bounds heap read) via a crafted string to the
icalparser_parse_string function. (bsc#986631)
- CVE-2016-9584: libical allows remote attackers to cause a denial of service (use-after-free) and
possibly read heap memory via a crafted ics file. (bsc#1015964)
Bug fixes:
- libical crashes while parsing timezones (bsc#1044995)
- ID
- SUSE-SU-2017:1989-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2017/suse-su-20171989-1/
- Published
-
2017-07-28T08:44:03
(7 years ago) - Modified
-
2017-07-28T08:44:03
(7 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Suse | SUSE ratings | https://www.suse.com/support/security/rating/ | |
Suse | URL of this CSAF notice | https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1989-1.json | |
Suse | URL for SUSE-SU-2017:1989-1 | https://www.suse.com/support/update/announcement/2017/suse-su-20171989-1/ | |
Suse | E-Mail link for SUSE-SU-2017:1989-1 | https://lists.suse.com/pipermail/sle-security-updates/2017-July/003072.html | |
Bugzilla | SUSE Bug 1015964 | https://bugzilla.suse.com/1015964 | |
Bugzilla | SUSE Bug 1044995 | https://bugzilla.suse.com/1044995 | |
Bugzilla | SUSE Bug 986631 | https://bugzilla.suse.com/986631 | |
Bugzilla | SUSE Bug 986639 | https://bugzilla.suse.com/986639 | |
CVE | SUSE CVE CVE-2016-5824 page | https://www.suse.com/security/cve/CVE-2016-5824/ | |
CVE | SUSE CVE CVE-2016-5827 page | https://www.suse.com/security/cve/CVE-2016-5827/ | |
CVE | SUSE CVE CVE-2016-9584 page | https://www.suse.com/security/cve/CVE-2016-9584/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/libical1?arch=x86_64&distro=sles-12&sp=3 | suse | libical1 | < 1.0.1-16.3.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/libical1?arch=x86_64&distro=sles-12&sp=2 | suse | libical1 | < 1.0.1-16.3.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/libical1?arch=x86_64&distro=sled-12&sp=3 | suse | libical1 | < 1.0.1-16.3.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/libical1?arch=x86_64&distro=sled-12&sp=2 | suse | libical1 | < 1.0.1-16.3.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/libical1?arch=s390x&distro=sles-12&sp=3 | suse | libical1 | < 1.0.1-16.3.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/libical1?arch=s390x&distro=sles-12&sp=2 | suse | libical1 | < 1.0.1-16.3.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/libical1?arch=ppc64le&distro=sles-12&sp=3 | suse | libical1 | < 1.0.1-16.3.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/libical1?arch=ppc64le&distro=sles-12&sp=2 | suse | libical1 | < 1.0.1-16.3.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/libical1?arch=aarch64&distro=sles-12&sp=3 | suse | libical1 | < 1.0.1-16.3.1 | sles-12 | aarch64 | |
Affected | pkg:rpm/suse/libical1?arch=aarch64&distro=sles-12&sp=2 | suse | libical1 | < 1.0.1-16.3.1 | sles-12 | aarch64 | |
Affected | pkg:rpm/suse/libical1-32bit?arch=x86_64&distro=sles-12&sp=3 | suse | libical1-32bit | < 1.0.1-16.3.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/libical1-32bit?arch=x86_64&distro=sles-12&sp=2 | suse | libical1-32bit | < 1.0.1-16.3.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/libical1-32bit?arch=x86_64&distro=sled-12&sp=3 | suse | libical1-32bit | < 1.0.1-16.3.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/libical1-32bit?arch=x86_64&distro=sled-12&sp=2 | suse | libical1-32bit | < 1.0.1-16.3.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/libical1-32bit?arch=s390x&distro=sles-12&sp=3 | suse | libical1-32bit | < 1.0.1-16.3.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/libical1-32bit?arch=s390x&distro=sles-12&sp=2 | suse | libical1-32bit | < 1.0.1-16.3.1 | sles-12 | s390x |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |