Security update for libXcursor SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0504-1 Final 1 1 2018-02-21T07:31:34Z current 2018-02-21T07:31:34Z 2018-02-21T07:31:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libXcursor This update for libXcursor fixes the following issues: * CVE-2017-16612: It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. (boo#1065386) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-02/msg00087.html E-Mail link for openSUSE-SU-2018:0504-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libXcursor-1.1.14-10.3.1 libXcursor-devel-1.1.14-10.3.1 libXcursor-devel-32bit-1.1.14-10.3.1 libXcursor1-1.1.14-10.3.1 libXcursor1-32bit-1.1.14-10.3.1 libXcursor-1.1.14-10.3.1 as a component of openSUSE Leap 42.3 libXcursor-devel-1.1.14-10.3.1 as a component of openSUSE Leap 42.3 libXcursor-devel-32bit-1.1.14-10.3.1 as a component of openSUSE Leap 42.3 libXcursor1-1.1.14-10.3.1 as a component of openSUSE Leap 42.3 libXcursor1-32bit-1.1.14-10.3.1 as a component of openSUSE Leap 42.3 libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0. CVE-2017-16612 openSUSE Leap 42.3:libXcursor-1.1.14-10.3.1 openSUSE Leap 42.3:libXcursor-devel-1.1.14-10.3.1 openSUSE Leap 42.3:libXcursor-devel-32bit-1.1.14-10.3.1 openSUSE Leap 42.3:libXcursor1-1.1.14-10.3.1 openSUSE Leap 42.3:libXcursor1-32bit-1.1.14-10.3.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00087.html https://www.suse.com/security/cve/CVE-2017-16612.html CVE-2017-16612 https://bugzilla.suse.com/1065386 SUSE Bug 1065386 https://bugzilla.suse.com/1159415 SUSE Bug 1159415