Security update for djvulibre SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2576-1 Final 1 1 2019-11-27T05:20:36Z current 2019-11-27T05:20:36Z 2019-11-27T05:20:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for djvulibre This update for djvulibre fixes the following issues: Security issue fixed: - CVE-2019-18804: Fixed a null pointer dereference (bsc#1156188). Other issue addressed: - Fixed a crash when mmx was enabled (bsc#1154401) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2576 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VBXTUDPDXNGZTLXYDTZ3ZHANL3FPHD3Z/#VBXTUDPDXNGZTLXYDTZ3ZHANL3FPHD3Z E-Mail link for openSUSE-SU-2019:2576-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1154401 SUSE Bug 1154401 https://bugzilla.suse.com/1156188 SUSE Bug 1156188 https://www.suse.com/security/cve/CVE-2019-18804/ SUSE CVE CVE-2019-18804 page openSUSE Leap 15.1 djvulibre-3.5.27-lp151.3.6.1 djvulibre-doc-3.5.27-lp151.3.6.1 libdjvulibre-devel-3.5.27-lp151.3.6.1 libdjvulibre21-3.5.27-lp151.3.6.1 djvulibre-3.5.27-lp151.3.6.1 as a component of openSUSE Leap 15.1 djvulibre-doc-3.5.27-lp151.3.6.1 as a component of openSUSE Leap 15.1 libdjvulibre-devel-3.5.27-lp151.3.6.1 as a component of openSUSE Leap 15.1 libdjvulibre21-3.5.27-lp151.3.6.1 as a component of openSUSE Leap 15.1 DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. CVE-2019-18804 openSUSE Leap 15.1:djvulibre-3.5.27-lp151.3.6.1 openSUSE Leap 15.1:djvulibre-doc-3.5.27-lp151.3.6.1 openSUSE Leap 15.1:libdjvulibre-devel-3.5.27-lp151.3.6.1 openSUSE Leap 15.1:libdjvulibre21-3.5.27-lp151.3.6.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VBXTUDPDXNGZTLXYDTZ3ZHANL3FPHD3Z/#VBXTUDPDXNGZTLXYDTZ3ZHANL3FPHD3Z https://www.suse.com/security/cve/CVE-2019-18804.html CVE-2019-18804 https://bugzilla.suse.com/1156188 SUSE Bug 1156188