Bugzilla – Bug 1028904
VUL-0: CVE-2017-6596: partclone: chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability
Last modified: 2017-04-24 11:39:19 UTC
CVE-2017-6596 partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial of Service attack' in the context of the user running the affected application. References: https://github.com/insidej/Partclone_HeapOverFlow/blob/master/README.md http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6596 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6596
This is an autogenerated message for OBS integration: This bug (1028904) was mentioned in https://build.opensuse.org/request/show/478538 42.1+42.2 / partclone
accepted into openSUSE maintenance
openSUSE-SU-2017:0820-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 1028904 CVE References: CVE-2017-6596 Sources used: openSUSE Leap 42.2 (src): partclone-0.3.5a-2.3.1 openSUSE Leap 42.1 (src): partclone-0.3.5a-7.1
released