Security update for xdelta3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:0530-1 Final 1 1 2016-02-20T12:16:23Z current 2016-02-20T12:16:23Z 2016-02-20T12:16:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xdelta3 This update for xdelta3 fixes the following security issue: - CVE-2014-9765: Fixed buffer overflow in main_get_appheader. (boo#965791) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20160530-1/ Link for SUSE-SU-2016:0530-1 E-Mail link for SUSE-SU-2016:0530-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings xdelta3-3.0.8-7.6.1 Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file. CVE-2014-9765 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Please Install the update. https://www.suse.com/support/update/announcement/2016/suse-su-20160530-1/ https://www.suse.com/security/cve/CVE-2014-9765.html CVE-2014-9765 https://bugzilla.suse.com/965791 SUSE Bug 965791