Security update for uriparser
This update for uriparser fixes the following issues:
Security issues fixed:
- CVE-2018-20721: Fixed an out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address (bsc#1122193).
- CVE-2018-19198: Fixed an out-of-bounds write that was possible via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115722).
- CVE-2018-19199: Fixed an integer overflow caused by an unchecked multiplication via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115723).
- CVE-2018-19200: Fixed a operation attempted on NULL input via a uriResetUri* function (bsc#1115724).
This update was imported from the SUSE:SLE-15:Update update project.
This update was imported from the openSUSE:Leap:15.0:Update update project.
-
Submitted by
Adam Majer (adamm)
Fixed bugs
bnc#1115722
VUL-0: CVE-2018-19198: uriparser: UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts
bnc#1115723
VUL-0: CVE-2018-19199: uriparser: UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication
bnc#1122193
VUL-0: CVE-2018-20721: uriparser: Out-of-bounds read in uriParse*Ex* for incomplete URIs with IPv6 addresses with embedded IPv4 address
bnc#1115724
VUL-1: CVE-2018-19200: uriparser: UriCommon.c allows attempted operations on NULL input via a uriResetUri* function
