{"affected":[{"ecosystem_specific":{"binaries":[{"upx":"3.96-lp151.3.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"upx","purl":"pkg:rpm/opensuse/upx&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.96-lp151.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for upx to version 3.96 fixes the following issues:\n\n\n- CVE-2019-1010048: Fixed a denial of service in PackLinuxElf32::PackLinuxElf32help1() (boo#1141777).\n- CVE-2019-14296: Fixed a denial of service in canUnpack() (boo#1143839).\n- CVE-2019-20021: Fixed a heap-based buffer over-read in canUnpack() (boo#1159833).\n- CVE-2019-20053: Fixed a denial of service in canUnpack() (boo#1159920).\n- CVE-2018-11243: Fixed a denial of service in PackLinuxElf64::unpack() (boo#1094138).\n\n- Update to version 3.96\n  * Bug fixes:\n    [CVE-2019-1010048, boo#1141777]\n    [CVE-2019-14296, boo#1143839]\n    [CVE-2019-20021, boo#1159833]\n    [CVE-2019-20053, boo#1159920]\n    [CVE-2018-11243 partially - ticket 206 ONLY, boo#1094138]\n- Update to version 3.95\n  * Flag --force-pie when ET_DYN main program is not marked as\n    DF_1_PIE\n  * Better compatibility with varying layout of address space on\n    Linux\n  * Support for 4 PT_LOAD layout in ELF generated by binutils-2.31\n  * bug fixes, particularly better diagnosis of malformed input\n  * bug fixes - see https://github.com/upx/upx/milestone/4\n","id":"openSUSE-SU-2020:0163-1","modified":"2020-02-04T09:13:50Z","published":"2020-02-04T09:13:50Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JFT4W6K4YZYWDA7IJZTH4U4XTFAQHQYY/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1094138"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141777"},{"type":"REPORT","url":"https://bugzilla.suse.com/1143839"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159833"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159920"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-11243"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-1010048"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-14296"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-20021"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-20053"}],"related":["CVE-2018-11243","CVE-2019-1010048","CVE-2019-14296","CVE-2019-20021","CVE-2019-20053"],"summary":"Security update for upx","upstream":["CVE-2018-11243","CVE-2019-1010048","CVE-2019-14296","CVE-2019-20021","CVE-2019-20053"]}