Security update for djvulibre SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:1857-1 Final 1 1 2021-06-04T06:56:20Z current 2021-06-04T06:56:20Z 2021-06-04T06:56:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for djvulibre This update for djvulibre fixes the following issues: - CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-1857,SUSE-SLE-Product-HPC-15-2021-1857,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1857,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1857,SUSE-SLE-Product-SLES-15-2021-1857,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1857,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1857,SUSE-SLE-Product-SLES_SAP-15-2021-1857,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1857,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1857,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1857,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1857,SUSE-Storage-6-2021-1857 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20211857-1/ Link for SUSE-SU-2021:1857-1 https://lists.suse.com/pipermail/sle-security-updates/2021-June/008932.html E-Mail link for SUSE-SU-2021:1857-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1186253 SUSE Bug 1186253 https://www.suse.com/security/cve/CVE-2021-3500/ SUSE CVE CVE-2021-3500 page SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15 SP1-BCL SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 djvulibre-3.5.27-3.14.1 djvulibre-doc-3.5.27-3.14.1 libdjvulibre-devel-3.5.27-3.14.1 libdjvulibre21-3.5.27-3.14.1 libdjvulibre-devel-3.5.27-3.14.1 as a component of SUSE Enterprise Storage 6 libdjvulibre21-3.5.27-3.14.1 as a component of SUSE Enterprise Storage 6 libdjvulibre-devel-3.5.27-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS libdjvulibre21-3.5.27-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS libdjvulibre-devel-3.5.27-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libdjvulibre21-3.5.27-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libdjvulibre-devel-3.5.27-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS libdjvulibre21-3.5.27-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS libdjvulibre-devel-3.5.27-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS libdjvulibre21-3.5.27-3.14.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS libdjvulibre-devel-3.5.27-3.14.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL libdjvulibre21-3.5.27-3.14.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL libdjvulibre-devel-3.5.27-3.14.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libdjvulibre21-3.5.27-3.14.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libdjvulibre-devel-3.5.27-3.14.1 as a component of SUSE Linux Enterprise Server 15-LTSS libdjvulibre21-3.5.27-3.14.1 as a component of SUSE Linux Enterprise Server 15-LTSS libdjvulibre-devel-3.5.27-3.14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 libdjvulibre21-3.5.27-3.14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 libdjvulibre-devel-3.5.27-3.14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libdjvulibre21-3.5.27-3.14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libdjvulibre-devel-3.5.27-3.14.1 as a component of SUSE Manager Proxy 4.0 libdjvulibre21-3.5.27-3.14.1 as a component of SUSE Manager Proxy 4.0 libdjvulibre-devel-3.5.27-3.14.1 as a component of SUSE Manager Retail Branch Server 4.0 libdjvulibre21-3.5.27-3.14.1 as a component of SUSE Manager Retail Branch Server 4.0 libdjvulibre-devel-3.5.27-3.14.1 as a component of SUSE Manager Server 4.0 libdjvulibre21-3.5.27-3.14.1 as a component of SUSE Manager Server 4.0 A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences. CVE-2021-3500 SUSE Enterprise Storage 6:libdjvulibre-devel-3.5.27-3.14.1 SUSE Enterprise Storage 6:libdjvulibre21-3.5.27-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libdjvulibre-devel-3.5.27-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libdjvulibre21-3.5.27-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libdjvulibre-devel-3.5.27-3.14.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libdjvulibre21-3.5.27-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libdjvulibre-devel-3.5.27-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libdjvulibre21-3.5.27-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libdjvulibre-devel-3.5.27-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libdjvulibre21-3.5.27-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:libdjvulibre-devel-3.5.27-3.14.1 SUSE Linux Enterprise Server 15 SP1-BCL:libdjvulibre21-3.5.27-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libdjvulibre-devel-3.5.27-3.14.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libdjvulibre21-3.5.27-3.14.1 SUSE Linux Enterprise Server 15-LTSS:libdjvulibre-devel-3.5.27-3.14.1 SUSE Linux Enterprise Server 15-LTSS:libdjvulibre21-3.5.27-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libdjvulibre-devel-3.5.27-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libdjvulibre21-3.5.27-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:libdjvulibre-devel-3.5.27-3.14.1 SUSE Linux Enterprise Server for SAP Applications 15:libdjvulibre21-3.5.27-3.14.1 SUSE Manager Proxy 4.0:libdjvulibre-devel-3.5.27-3.14.1 SUSE Manager Proxy 4.0:libdjvulibre21-3.5.27-3.14.1 SUSE Manager Retail Branch Server 4.0:libdjvulibre-devel-3.5.27-3.14.1 SUSE Manager Retail Branch Server 4.0:libdjvulibre21-3.5.27-3.14.1 SUSE Manager Server 4.0:libdjvulibre-devel-3.5.27-3.14.1 SUSE Manager Server 4.0:libdjvulibre21-3.5.27-3.14.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211857-1/ https://www.suse.com/security/cve/CVE-2021-3500.html CVE-2021-3500 https://bugzilla.suse.com/1186253 SUSE Bug 1186253