Security update for hylafax+ SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2797-1 Final 1 1 2018-09-21T16:03:52Z current 2018-09-21T16:03:52Z 2018-09-21T16:03:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for hylafax+ This update for hylafax+ fixes the following issues: Security issues fixed in 5.6.1: - CVE-2018-17141: multiple vulnerabilities affecting fax page reception in JPEG format Specially crafted input may have allowed remote execution of arbitrary code (boo#1109084) Additionally, this update also contains all upstream corrections and bugfixes in the 5.6.1 version, including: - fix RFC2047 encoding by notify - add jobcontrol PageSize feature - don't wait forever after +FRH:3 - fix faxmail transition between a message and external types - avoid pagehandling from introducing some unnecessary EOM signals - improve proxy connection error handling and logging - add initial ModemGroup limits feature - pass the user's uid onto the session log file for sent faxes - improve job waits to minimize triggers - add ProxyTaglineFormat and ProxyTSI features The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00044.html E-Mail link for openSUSE-SU-2018:2797-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub for SUSE Linux Enterprise 15 hylafax+-5.6.1-bp150.4.3.1 hylafax+-client-5.6.1-bp150.4.3.1 libfaxutil5_6_1-5.6.1-bp150.4.3.1 hylafax+-5.6.1-bp150.4.3.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 hylafax+-client-5.6.1-bp150.4.3.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 libfaxutil5_6_1-5.6.1-bp150.4.3.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file. CVE-2018-17141 SUSE Package Hub for SUSE Linux Enterprise 15:hylafax+-5.6.1-bp150.4.3.1 SUSE Package Hub for SUSE Linux Enterprise 15:hylafax+-client-5.6.1-bp150.4.3.1 SUSE Package Hub for SUSE Linux Enterprise 15:libfaxutil5_6_1-5.6.1-bp150.4.3.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00044.html https://www.suse.com/security/cve/CVE-2018-17141.html CVE-2018-17141 https://bugzilla.suse.com/1109084 SUSE Bug 1109084