Security update for pspp, spread-sheet-widget SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0212-1 Final 1 1 2019-02-19T09:21:52Z current 2019-02-19T09:21:52Z 2019-02-19T09:21:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for pspp, spread-sheet-widget This update for pspp to version 1.2.0 fixes the following issues: Security issue fixed: - CVE-2018-20230: Fixed a heap-based buffer overflow in read_bytes_internal function that could lead to denial-of-service (bsc#1120061). Other bug fixes and changes: - Add upstream patch to avoid compiling with old Texinfo 4.13. - New experimental command SAVE DATA COLLECTION to save MDD files. - MTIME and YMDHMS variable formats now supported. - Spread sheet rendering now done via spread-sheet-widget. This update introduces a new package called spread-sheet-widget as dependency. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00050.html E-Mail link for openSUSE-SU-2019:0212-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libspread-sheet-widget0-0.3-2.1 pspp-1.2.0-11.1 pspp-devel-1.2.0-11.1 spread-sheet-widget-0.3-2.1 spread-sheet-widget-devel-0.3-2.1 libspread-sheet-widget0-0.3-2.1 as a component of openSUSE Leap 42.3 pspp-1.2.0-11.1 as a component of openSUSE Leap 42.3 pspp-devel-1.2.0-11.1 as a component of openSUSE Leap 42.3 spread-sheet-widget-0.3-2.1 as a component of openSUSE Leap 42.3 spread-sheet-widget-devel-0.3-2.1 as a component of openSUSE Leap 42.3 An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-20230 openSUSE Leap 42.3:libspread-sheet-widget0-0.3-2.1 openSUSE Leap 42.3:pspp-1.2.0-11.1 openSUSE Leap 42.3:pspp-devel-1.2.0-11.1 openSUSE Leap 42.3:spread-sheet-widget-0.3-2.1 openSUSE Leap 42.3:spread-sheet-widget-devel-0.3-2.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00050.html https://www.suse.com/security/cve/CVE-2018-20230.html CVE-2018-20230 https://bugzilla.suse.com/1120061 SUSE Bug 1120061