SUSE-SU-2018:0119-1 -- SLES libicalID: oval:org.secpod.oval:def:89044014 | Date: (C)2021-03-05 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for libical fixes the following issues: Security issues fixed: - CVE-2016-5823: The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted ics file. - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service via a crafted ics file. - CVE-2016-5825: The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted ics file. - CVE-2016-5826: The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service by crafting a string to the icalparser_parse_string function. - CVE-2016-5827: The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted string to the icalparser_parse_string function. - CVE-2016-9584: libical allows remote attackers to cause a denial of service and possibly read heap memory via a crafted ics file. Bug fixes: - libical crashes while parsing timezones
Platform: |
SUSE Linux Enterprise Server 11 SP4 |