Bugzilla – Bug 1184752
VUL-0: CVE-2021-30498: libcaca: Heap buffer overflow of export.c in function export_tga
Last modified: 2023-08-03 11:41:29 UTC
rh#1948675 A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences. Upstream issue: https://github.com/cacalabs/libcaca/issues/53 References: https://bugzilla.redhat.com/show_bug.cgi?id=1948675 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30498
See https://build.opensuse.org/request/show/886556
Hi Josef, I'm sorry, but the reporter hasn't done any analysis and hasn't provided you with the instruction about what codestream requires a submission. The following packages are all affected, please submit the patch ASAP: - SUSE:SLE-11:Update/libcaca 0.99.beta13b - SUSE:SLE-12:Update/libcaca 0.99.beta18 - SUSE:SLE-15-SP2:Update/libcaca 0.99.beta19.git20171003 - SUSE:SLE-15:Update/libcaca 0.99.beta19.git20171003 The upstream patch can be found here [0], and it also fix CVE-2021-30499 (bsc#1184751). Hence, please mention both CVEs/bsc# in the change files. [0] https://github.com/cacalabs/libcaca/commit/ab04483ee1a846d6b74b2e6248e980152baec3f6
SUSE-SU-2022:0754-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1182731,1184751,1184752 CVE References: CVE-2021-30498,CVE-2021-30499,CVE-2021-3410 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise Server for SAP 15 (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise Server 15-LTSS (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Enterprise Storage 6 (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE CaaS Platform 4.0 (src): libcaca-0.99.beta19.git20171003-3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0769-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1184751,1184752 CVE References: CVE-2021-30498,CVE-2021-30499 JIRA References: Sources used: SUSE Manager Server 4.1 (src): libcaca-0.99.beta19.git20171003-11.3.1 SUSE Manager Retail Branch Server 4.1 (src): libcaca-0.99.beta19.git20171003-11.3.1 SUSE Manager Proxy 4.1 (src): libcaca-0.99.beta19.git20171003-11.3.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): libcaca-0.99.beta19.git20171003-11.3.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): libcaca-0.99.beta19.git20171003-11.3.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): libcaca-0.99.beta19.git20171003-11.3.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): libcaca-0.99.beta19.git20171003-11.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): libcaca-0.99.beta19.git20171003-11.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): libcaca-0.99.beta19.git20171003-11.3.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): libcaca-0.99.beta19.git20171003-11.3.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): libcaca-0.99.beta19.git20171003-11.3.1 SUSE Enterprise Storage 7 (src): libcaca-0.99.beta19.git20171003-11.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0769-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1184751,1184752 CVE References: CVE-2021-30498,CVE-2021-30499 JIRA References: Sources used: openSUSE Leap 15.4 (src): libcaca-0.99.beta19.git20171003-11.3.1 openSUSE Leap 15.3 (src): libcaca-0.99.beta19.git20171003-11.3.1
all done, thanks Josef.
SUSE-SU-2022:0820-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1184751,1184752 CVE References: CVE-2021-30498,CVE-2021-30499 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): libcaca-0.99.beta18-14.6.1 SUSE OpenStack Cloud Crowbar 8 (src): libcaca-0.99.beta18-14.6.1 SUSE OpenStack Cloud 9 (src): libcaca-0.99.beta18-14.6.1 SUSE OpenStack Cloud 8 (src): libcaca-0.99.beta18-14.6.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): libcaca-0.99.beta18-14.6.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): libcaca-0.99.beta18-14.6.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): libcaca-0.99.beta18-14.6.1 SUSE Linux Enterprise Server 12-SP5 (src): libcaca-0.99.beta18-14.6.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): libcaca-0.99.beta18-14.6.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): libcaca-0.99.beta18-14.6.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): libcaca-0.99.beta18-14.6.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): libcaca-0.99.beta18-14.6.1 HPE Helion Openstack 8 (src): libcaca-0.99.beta18-14.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:14909-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1184751,1184752 CVE References: CVE-2021-30498,CVE-2021-30499 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): libcaca-0.99.beta13b-49.3.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): libcaca-0.99.beta13b-49.3.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): libcaca-0.99.beta13b-49.3.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): libcaca-0.99.beta13b-49.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.