Security update for icoutils SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0168-1 Final 1 1 2017-01-16T19:36:18Z current 2017-01-16T19:36:18Z 2017-01-16T19:36:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for icoutils This update for icoutils to version 0.31.1 fixes the following issues: - CVE-2017-5208: An integer overflow allows maliciously crafted files to cause DoS or code execution (boo#1018756). - CVE-2017-5331: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). - CVE-2017-5332: Missing out of bounds checks in extract_group_icon_cursor_resource allow for DoS or code execution (boo#1018756). - CVE-2017-5333: Incorrect out of bounds checks in check_offset allow for DoS or code execution (boo#1018756). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html E-Mail link for openSUSE-SU-2017:0168-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 icoutils-0.31.1-4.3.1 icoutils-debuginfo-0.31.1-4.3.1 icoutils-debugsource-0.31.1-4.3.1 icoutils-0.31.1-4.3.1 as a component of openSUSE 13.2 icoutils-debuginfo-0.31.1-4.3.1 as a component of openSUSE 13.2 icoutils-debugsource-0.31.1-4.3.1 as a component of openSUSE 13.2 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2017-5208 openSUSE 13.2:icoutils-0.31.1-4.3.1 openSUSE 13.2:icoutils-debuginfo-0.31.1-4.3.1 openSUSE 13.2:icoutils-debugsource-0.31.1-4.3.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html https://www.suse.com/security/cve/CVE-2017-5208.html CVE-2017-5208 https://bugzilla.suse.com/1018756 SUSE Bug 1018756 https://bugzilla.suse.com/1019328 SUSE Bug 1019328 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2017-5331 openSUSE 13.2:icoutils-0.31.1-4.3.1 openSUSE 13.2:icoutils-debuginfo-0.31.1-4.3.1 openSUSE 13.2:icoutils-debugsource-0.31.1-4.3.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html https://www.suse.com/security/cve/CVE-2017-5331.html CVE-2017-5331 https://bugzilla.suse.com/1018756 SUSE Bug 1018756 https://bugzilla.suse.com/1019328 SUSE Bug 1019328 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2017-5332 openSUSE 13.2:icoutils-0.31.1-4.3.1 openSUSE 13.2:icoutils-debuginfo-0.31.1-4.3.1 openSUSE 13.2:icoutils-debugsource-0.31.1-4.3.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html https://www.suse.com/security/cve/CVE-2017-5332.html CVE-2017-5332 https://bugzilla.suse.com/1018756 SUSE Bug 1018756 https://bugzilla.suse.com/1019328 SUSE Bug 1019328 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2017-5333 openSUSE 13.2:icoutils-0.31.1-4.3.1 openSUSE 13.2:icoutils-debuginfo-0.31.1-4.3.1 openSUSE 13.2:icoutils-debugsource-0.31.1-4.3.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html https://www.suse.com/security/cve/CVE-2017-5333.html CVE-2017-5333 https://bugzilla.suse.com/1018756 SUSE Bug 1018756 https://bugzilla.suse.com/1019328 SUSE Bug 1019328