There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. It was discovered that there is a heap-based buffer overflow at the Parse data_in_bytes function in pdoc/pdoc.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. It was discovered that there is a heap-based buffer overflow at the Parse data_in_bytes function in pdoc/pdoc.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. It was discovered that there is a heap-based buffer overflow at the Parse data_in_bytes function in pdoc/pdoc.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
As a result, the older versions of Parallels Desktop 1.5 and earlier, Parallels Desktop 2.0 and earlier, and Mac OS X 10.6.6 and earlier are no longer supported and must be updated as soon as possible.
The older versions of Parallels Desktop 1.5 and earlier, Parallels Desktop 2.0 and earlier, and Mac OS X 10.6.6 and earlier are no longer supported and must be updated as soon as
What to do if you are using Parallels Desktop version v 2.0.1
- Please update your Parallels Desktop application to the newest version.
- If you are using custom settings in the older version of Parallels Desktop, such as Microsoft Office 2010, please open the file /Applications/Parallels Desktop/settings.json and update the following entries:
"MicrosoftOffice2010": "2.0.1"
"SupportedAPIs": "W8,XP,10348600,10390600,10406600,10458600"
- If you are using a custom profile for Microsoft Office applications in the older version of Parallels Desktop , such as MSO2011 R2 and MSO2010 R2 (Enterprise), please make sure that it's using an updated binary. In case you have customized your profile further than what is listed above (for example: adding additional profiles or a custom desktop file) please contact our support team for assistance with updating these files.
How to update Parallels Desktop?
To update Parallels Desktop, go to https://www.parallels.com/en/products/desktop and perform the following:
- Click on "Download Now" (for Windows)
- Click on "Download Now" (for Mac OS X)
- Follow the instructions on the page.
Timeline
Published on: 09/05/2022 05:15:00 UTC
Last modified on: 09/15/2022 05:15:00 UTC
References
- https://savannah.gnu.org/bugs/index.php?63000
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQKWIVW5WJ5ZQNNQFRKTRKD7J3LRLUYW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OECANCPD4WSSBJLSC3EE472M5DXRTIS4/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39832