Main Vulnerability Database SB2019031810

SB2019031810 - OpenSUSE Linux update for java-1

Published: March 18, 2019 Updated: May 15, 2019

Security Bulletin ID SB2019031810

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Division by zero (CVE-ID: CVE-2018-11212)

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to division by zero error within the libjpeg library within the libjpeg-turbo in alloc_sarray() function of jmemmgr.c file. A remote attacker can pass a specially crafted file the to affected application and cause application to crash.

2) Information disclosure (CVE-ID: CVE-2019-2422)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to unspecified flaw in Libraries component. A remote attacker can gain access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html