[SECURITY] Fedora 32 Update: liblas-1.8.1-5.fc32

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-6dbbecb893 2020-04-25 02:14:03.397971 -------------------------------------------------------------------------------- Name : liblas Product : Fedora 32 Version : 1.8.1 Release : 5.fc32 URL : https://www.liblas.org Summary : Library for reading and writing the very common LAS LiDAR format Description : libLAS is a C/C++ library for reading and writing the very common LAS LiDAR format. The ASPRS LAS format is a sequential binary format used to store data from LiDAR sensors and by LiDAR processing software for data interchange and archival. -------------------------------------------------------------------------------- Update Information: This update fixes the following security vulnerabilities: CVE-2018-20536, CVE-2018-20537, CVE-2018-20539, CVE-2018-20540 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2020 Sandro Mani <manisandro(a)gmail.com&gt; - 1.8.1-5 - Add patches for CVE-2018-20539, CVE-2018-20537, CVE-2018-20536, CVE-2018-20540 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1652609 - There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF()(src/spatialreference.cpp:515) in libLAS while will cause dos attack. https://bugzilla.redhat.com/show_bug.cgi?id=1652609 [ 2 ] Bug #1652610 - There is a heap-buffer-overflow at liblas::SpatialReference::GetGTIF()(src/spatialreference.cpp:518) in libLAS while will cause dos attack. https://bugzilla.redhat.com/show_bug.cgi?id=1652610 [ 3 ] Bug #1652611 - There is an illegal address access at liblas::SpatialReference::GetGTIF()(src/spatialreference.cpp:532) in libLAS while will cause dos attack. https://bugzilla.redhat.com/show_bug.cgi?id=1652611 [ 4 ] Bug #1652612 - There is memory leak at liblas::Open(liblas/liblas.hpp:127) in libLAS. https://bugzilla.redhat.com/show_bug.cgi?id=1652612 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-6dbbecb893' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------