Security update for transfig SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:3585-1 Final 1 1 2021-10-29T14:28:01Z current 2021-10-29T14:28:01Z 2021-10-29T14:28:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for transfig This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021) - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c. - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c. - bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c. - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c. - bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c. - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c. - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c. - bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2021-3585,SUSE-2021-3585,SUSE-OpenStack-Cloud-8-2021-3585,SUSE-OpenStack-Cloud-9-2021-3585,SUSE-OpenStack-Cloud-Crowbar-8-2021-3585,SUSE-OpenStack-Cloud-Crowbar-9-2021-3585,SUSE-SLE-SAP-12-SP3-2021-3585,SUSE-SLE-SAP-12-SP4-2021-3585,SUSE-SLE-SERVER-12-SP2-BCL-2021-3585,SUSE-SLE-SERVER-12-SP3-2021-3585,SUSE-SLE-SERVER-12-SP3-BCL-2021-3585,SUSE-SLE-SERVER-12-SP4-LTSS-2021-3585,SUSE-SLE-SERVER-12-SP5-2021-3585 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20213585-1/ Link for SUSE-SU-2021:3585-1 https://lists.suse.com/pipermail/sle-security-updates/2021-October/009685.html E-Mail link for SUSE-SU-2021:3585-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1190607 SUSE Bug 1190607 https://bugzilla.suse.com/1190611 SUSE Bug 1190611 https://bugzilla.suse.com/1190612 SUSE Bug 1190612 https://bugzilla.suse.com/1190615 SUSE Bug 1190615 https://bugzilla.suse.com/1190616 SUSE Bug 1190616 https://bugzilla.suse.com/1190617 SUSE Bug 1190617 https://bugzilla.suse.com/1190618 SUSE Bug 1190618 https://bugzilla.suse.com/1192019 SUSE Bug 1192019 https://www.suse.com/security/cve/CVE-2020-21529/ SUSE CVE CVE-2020-21529 page https://www.suse.com/security/cve/CVE-2020-21530/ SUSE CVE CVE-2020-21530 page https://www.suse.com/security/cve/CVE-2020-21531/ SUSE CVE CVE-2020-21531 page https://www.suse.com/security/cve/CVE-2020-21532/ SUSE CVE CVE-2020-21532 page https://www.suse.com/security/cve/CVE-2020-21533/ SUSE CVE CVE-2020-21533 page https://www.suse.com/security/cve/CVE-2020-21534/ SUSE CVE CVE-2020-21534 page https://www.suse.com/security/cve/CVE-2020-21535/ SUSE CVE CVE-2020-21535 page https://www.suse.com/security/cve/CVE-2021-32280/ SUSE CVE CVE-2021-32280 page HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 transfig-3.2.8b-2.20.1 transfig-3.2.8b-2.20.1 as a component of HPE Helion OpenStack 8 transfig-3.2.8b-2.20.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL transfig-3.2.8b-2.20.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL transfig-3.2.8b-2.20.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS transfig-3.2.8b-2.20.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS transfig-3.2.8b-2.20.1 as a component of SUSE Linux Enterprise Server 12 SP5 transfig-3.2.8b-2.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 transfig-3.2.8b-2.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 transfig-3.2.8b-2.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 transfig-3.2.8b-2.20.1 as a component of SUSE OpenStack Cloud 8 transfig-3.2.8b-2.20.1 as a component of SUSE OpenStack Cloud 9 transfig-3.2.8b-2.20.1 as a component of SUSE OpenStack Cloud Crowbar 8 transfig-3.2.8b-2.20.1 as a component of SUSE OpenStack Cloud Crowbar 9 fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. CVE-2020-21529 HPE Helion OpenStack 8:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP2-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP4-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP5:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 9:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 9:transfig-3.2.8b-2.20.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213585-1/ https://www.suse.com/security/cve/CVE-2020-21529.html CVE-2020-21529 https://bugzilla.suse.com/1190618 SUSE Bug 1190618 fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. CVE-2020-21530 HPE Helion OpenStack 8:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP2-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP4-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP5:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 9:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 9:transfig-3.2.8b-2.20.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213585-1/ https://www.suse.com/security/cve/CVE-2020-21530.html CVE-2020-21530 https://bugzilla.suse.com/1190615 SUSE Bug 1190615 fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. CVE-2020-21531 HPE Helion OpenStack 8:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP2-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP4-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP5:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 9:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 9:transfig-3.2.8b-2.20.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213585-1/ https://www.suse.com/security/cve/CVE-2020-21531.html CVE-2020-21531 https://bugzilla.suse.com/1190617 SUSE Bug 1190617 fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. CVE-2020-21532 HPE Helion OpenStack 8:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP2-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP4-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP5:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 9:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 9:transfig-3.2.8b-2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213585-1/ https://www.suse.com/security/cve/CVE-2020-21532.html CVE-2020-21532 https://bugzilla.suse.com/1190616 SUSE Bug 1190616 fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. CVE-2020-21533 HPE Helion OpenStack 8:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP2-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP4-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP5:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 9:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 9:transfig-3.2.8b-2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213585-1/ https://www.suse.com/security/cve/CVE-2020-21533.html CVE-2020-21533 https://bugzilla.suse.com/1190612 SUSE Bug 1190612 fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. CVE-2020-21534 HPE Helion OpenStack 8:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP2-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP4-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP5:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 9:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 9:transfig-3.2.8b-2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213585-1/ https://www.suse.com/security/cve/CVE-2020-21534.html CVE-2020-21534 https://bugzilla.suse.com/1190611 SUSE Bug 1190611 fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. CVE-2020-21535 HPE Helion OpenStack 8:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP2-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP4-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP5:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 9:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 9:transfig-3.2.8b-2.20.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213585-1/ https://www.suse.com/security/cve/CVE-2020-21535.html CVE-2020-21535 https://bugzilla.suse.com/1190607 SUSE Bug 1190607 An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8. CVE-2021-32280 HPE Helion OpenStack 8:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP2-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-BCL:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP3-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP4-LTSS:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12 SP5:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 9:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 8:transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 9:transfig-3.2.8b-2.20.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213585-1/ https://www.suse.com/security/cve/CVE-2021-32280.html CVE-2021-32280 https://bugzilla.suse.com/1192019 SUSE Bug 1192019