[SUSE-SU-2017:1989-1] Security update for libical
Severity
Moderate
Affected Packages
16
CVEs
3
Security update for libical
This update for libical fixes the following issues:
Security issues fixed:
- CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free)
via a crafted ics file. (bsc#986639)
- CVE-2016-5827: The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers
to cause a denial of service (out-of-bounds heap read) via a crafted string to the
icalparser_parse_string function. (bsc#986631)
- CVE-2016-9584: libical allows remote attackers to cause a denial of service (use-after-free) and
possibly read heap memory via a crafted ics file. (bsc#1015964)
Bug fixes:
- libical crashes while parsing timezones (bsc#1044995)
- ID
- SUSE-SU-2017:1989-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2017/suse-su-20171989-1/
- Published
-
2017-07-28T08:44:03
(7 years ago) - Modified
-
2017-07-28T08:44:03
(7 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
ELSA-2019-0269
GLSA-201904-02
MFSA-2019-03
openSUSE-SU-2019:0249-1
RHSA-2019:0269
USN-3897-1| Source | # ID | Name | URL |
|---|---|---|---|
| Suse | SUSE ratings |
|
|
| Suse | URL of this CSAF notice |
|
|
| Suse | URL for SUSE-SU-2017:1989-1 |
|
|
| Suse | E-Mail link for SUSE-SU-2017:1989-1 |
|
|
| Bugzilla | SUSE Bug 1015964 |
|
|
| Bugzilla | SUSE Bug 1044995 |
|
|
| Bugzilla | SUSE Bug 986631 |
|
|
| Bugzilla | SUSE Bug 986639 |
|
|
| CVE | SUSE CVE CVE-2016-5824 page |
|
|
| CVE | SUSE CVE CVE-2016-5827 page |
|
|
| CVE | SUSE CVE CVE-2016-9584 page |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/suse/libical1?arch=x86_64&distro=sles-12&sp=3 | suse |
 libical1
|
< 1.0.1-16.3.1 | sles-12 | x86_64 | |
| Affected | pkg:rpm/suse/libical1?arch=x86_64&distro=sles-12&sp=2 | suse |
libical1
|
< 1.0.1-16.3.1 | sles-12 | x86_64 | |
| Affected | pkg:rpm/suse/libical1?arch=x86_64&distro=sled-12&sp=3 | suse |
libical1
|
< 1.0.1-16.3.1 | sled-12 | x86_64 | |
| Affected | pkg:rpm/suse/libical1?arch=x86_64&distro=sled-12&sp=2 | suse |
libical1
|
< 1.0.1-16.3.1 | sled-12 | x86_64 | |
| Affected | pkg:rpm/suse/libical1?arch=s390x&distro=sles-12&sp=3 | suse |
libical1
|
< 1.0.1-16.3.1 | sles-12 | s390x | |
| Affected | pkg:rpm/suse/libical1?arch=s390x&distro=sles-12&sp=2 | suse |
libical1
|
< 1.0.1-16.3.1 | sles-12 | s390x | |
| Affected | pkg:rpm/suse/libical1?arch=ppc64le&distro=sles-12&sp=3 | suse |
libical1
|
< 1.0.1-16.3.1 | sles-12 | ppc64le | |
| Affected | pkg:rpm/suse/libical1?arch=ppc64le&distro=sles-12&sp=2 | suse |
libical1
|
< 1.0.1-16.3.1 | sles-12 | ppc64le | |
| Affected | pkg:rpm/suse/libical1?arch=aarch64&distro=sles-12&sp=3 | suse |
libical1
|
< 1.0.1-16.3.1 | sles-12 | aarch64 | |
| Affected | pkg:rpm/suse/libical1?arch=aarch64&distro=sles-12&sp=2 | suse |
libical1
|
< 1.0.1-16.3.1 | sles-12 | aarch64 | |
| Affected | pkg:rpm/suse/libical1-32bit?arch=x86_64&distro=sles-12&sp=3 | suse |
libical1-32bit
|
< 1.0.1-16.3.1 | sles-12 | x86_64 | |
| Affected | pkg:rpm/suse/libical1-32bit?arch=x86_64&distro=sles-12&sp=2 | suse |
libical1-32bit
|
< 1.0.1-16.3.1 | sles-12 | x86_64 | |
| Affected | pkg:rpm/suse/libical1-32bit?arch=x86_64&distro=sled-12&sp=3 | suse |
libical1-32bit
|
< 1.0.1-16.3.1 | sled-12 | x86_64 | |
| Affected | pkg:rpm/suse/libical1-32bit?arch=x86_64&distro=sled-12&sp=2 | suse |
libical1-32bit
|
< 1.0.1-16.3.1 | sled-12 | x86_64 | |
| Affected | pkg:rpm/suse/libical1-32bit?arch=s390x&distro=sles-12&sp=3 | suse |
libical1-32bit
|
< 1.0.1-16.3.1 | sles-12 | s390x | |
| Affected | pkg:rpm/suse/libical1-32bit?arch=s390x&distro=sles-12&sp=2 | suse |
libical1-32bit
|
< 1.0.1-16.3.1 | sles-12 | s390x |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |