Security update for aspell SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:2794-1 Final 1 1 2021-08-20T08:25:48Z current 2021-08-20T08:25:48Z 2021-08-20T08:25:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for aspell This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-2794,SUSE-SLE-Module-Basesystem-15-SP2-2021-2794,SUSE-SLE-Module-Basesystem-15-SP3-2021-2794 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20212794-1/ Link for SUSE-SU-2021:2794-1 https://lists.suse.com/pipermail/sle-security-updates/2021-August/009323.html E-Mail link for SUSE-SU-2021:2794-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1177523 SUSE Bug 1177523 https://bugzilla.suse.com/1188576 SUSE Bug 1188576 https://www.suse.com/security/cve/CVE-2019-25051/ SUSE CVE CVE-2019-25051 page SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP3 aspell-0.60.8-3.3.1 aspell-devel-0.60.8-3.3.1 aspell-ispell-0.60.8-3.3.1 aspell-spell-0.60.8-3.3.1 libaspell15-0.60.8-3.3.1 libaspell15-32bit-0.60.8-3.3.1 libaspell15-64bit-0.60.8-3.3.1 libpspell15-0.60.8-3.3.1 libpspell15-32bit-0.60.8-3.3.1 libpspell15-64bit-0.60.8-3.3.1 aspell-0.60.8-3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 aspell-devel-0.60.8-3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 libaspell15-0.60.8-3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 libpspell15-0.60.8-3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 aspell-0.60.8-3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 aspell-devel-0.60.8-3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 libaspell15-0.60.8-3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 libpspell15-0.60.8-3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). CVE-2019-25051 SUSE Linux Enterprise Module for Basesystem 15 SP2:aspell-0.60.8-3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:aspell-devel-0.60.8-3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:libaspell15-0.60.8-3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:libpspell15-0.60.8-3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:aspell-0.60.8-3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:aspell-devel-0.60.8-3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:libaspell15-0.60.8-3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:libpspell15-0.60.8-3.3.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20212794-1/ https://www.suse.com/security/cve/CVE-2019-25051.html CVE-2019-25051 https://bugzilla.suse.com/1188576 SUSE Bug 1188576 https://bugzilla.suse.com/1189485 SUSE Bug 1189485 https://bugzilla.suse.com/1192363 SUSE Bug 1192363 https://bugzilla.suse.com/1193390 SUSE Bug 1193390