|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2021-28275: jhead: Denial of Service via wild address read in the Get16u function via a crafted_file | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Distribution | Reporter: | Alexander Bergmann <abergmann> |
| Component: | Basesystem | Assignee: | Security Team bot <security-team> |
| Status: | IN_PROGRESS --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P4 - Low | CC: | abergmann, sbrabec |
| Version: | Leap 15.3 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/327049/ | ||
| Whiteboard: | |||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Alexander Bergmann
2022-03-24 06:37:56 UTC
This is an autogenerated message for OBS integration: This bug (1197453) was mentioned in https://build.opensuse.org/request/show/990913 Backports:SLE-15-SP3 / jhead There is a strange thing in Backports: openSUSE:Backports:SLE-15:Update contains version 3.00 openSUSE:Backports:SLE-15-SP1:Update contains version 3.00 openSUSE:Backports:SLE-15-SP2:Update contains version 3.06.0.1 openSUSE:Backports:SLE-15-SP3:Update contains version 3.00 openSUSE:Backports:SLE-15-SP4:Update contains version 3.06.0.1, but a slightly different spec than SP2 That is why I suggest to fix this bug by updating all repositories to 3.06.0.1. It is a binary tool, there are no known incompatibilities. Submitted 3.06.0.1 for: openSUSE:Backports:SLE-15-SP3:Update: https://build.opensuse.org/request/show/990913 openSUSE:Backports:SLE-15-SP1:Update: BuildService API error: Server did not define a default maintenance project, can't submit. openSUSE:Backports:SLE-15:Update: BuildService API error: Server did not define a default maintenance project, can't submit. If SLE 15 and SP1 are wanted, please tell me where to submit. |