Security update for aspell SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:14783-1 Final 1 1 2021-08-12T12:24:35Z current 2021-08-12T12:24:35Z 2021-08-12T12:24:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for aspell This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleposp3-aspell-14783,slessp4-aspell-14783 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-202114783-1/ Link for SUSE-SU-2021:14783-1 https://lists.suse.com/pipermail/sle-security-updates/2021-August/009287.html E-Mail link for SUSE-SU-2021:14783-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1188576 SUSE Bug 1188576 https://www.suse.com/security/cve/CVE-2019-25051/ SUSE CVE CVE-2019-25051 page SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Server 11 SP4-LTSS aspell-0.60.6-26.36.1 aspell-ispell-0.60.6-26.36.1 aspell-32bit-0.60.6-26.36.1 aspell-0.60.6-26.36.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 aspell-ispell-0.60.6-26.36.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 aspell-0.60.6-26.36.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS aspell-32bit-0.60.6-26.36.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS aspell-ispell-0.60.6-26.36.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). CVE-2019-25051 SUSE Linux Enterprise Point of Sale 11 SP3:aspell-0.60.6-26.36.1 SUSE Linux Enterprise Point of Sale 11 SP3:aspell-ispell-0.60.6-26.36.1 SUSE Linux Enterprise Server 11 SP4-LTSS:aspell-0.60.6-26.36.1 SUSE Linux Enterprise Server 11 SP4-LTSS:aspell-32bit-0.60.6-26.36.1 SUSE Linux Enterprise Server 11 SP4-LTSS:aspell-ispell-0.60.6-26.36.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114783-1/ https://www.suse.com/security/cve/CVE-2019-25051.html CVE-2019-25051 https://bugzilla.suse.com/1188576 SUSE Bug 1188576 https://bugzilla.suse.com/1189485 SUSE Bug 1189485 https://bugzilla.suse.com/1192363 SUSE Bug 1192363 https://bugzilla.suse.com/1193390 SUSE Bug 1193390