openSUSE-SU-2020:0180-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:0180-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2020:0180-1
Related
Published
2020-02-06T14:46:47Z
Modified
2025-05-08T17:45:11.850776Z
Upstream
  • CVE-2019-1010048
Summary
Security update for upx
Details

This update for upx to version 3.96 fixes the following issues:

  • CVE-2019-1010048: Fixed a denial of service in PackLinuxElf32::PackLinuxElf32help1() (boo#1141777).
  • CVE-2019-14296: Fixed a denial of service in canUnpack() (boo#1143839).
  • CVE-2019-20021: Fixed a heap-based buffer over-read in canUnpack() (boo#1159833).
  • CVE-2019-20053: Fixed a denial of service in canUnpack() (boo#1159920).

  • CVE-2018-11243: Fixed a denial of service in PackLinuxElf64::unpack() (boo#1094138).

  • Update to version 3.96

    • Bug fixes: [CVE-2019-1010048, boo#1141777] [CVE-2019-14296, boo#1143839] [CVE-2019-20021, boo#1159833] [CVE-2019-20053, boo#1159920] [CVE-2018-11243 partially - ticket 206 ONLY, boo#1094138]
  • Update to version 3.95
    • Flag --force-pie when ETDYN main program is not marked as DF1PIE
    • Better compatibility with varying layout of address space on Linux
    • Support for 4 PTLOAD layout in ELF generated by binutils-2.31
    • bug fixes, particularly better diagnosis of malformed input
    • bug fixes - see https://github.com/upx/upx/milestone/4

This update was imported from the openSUSE:Leap:15.1:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP1 / upx

Package

Name
upx
Purl
pkg:rpm/suse/upx&distro=SUSE%20Package%20Hub%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.96-bp151.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "upx": "3.96-bp151.4.3.1"
        }
    ]
}