Oval Definition:oval:org.opensuse.security:def:109229
Revision Date:2021-06-04Version:1
Title:Security update for libwebp (Critical)
Description:

This update for libwebp fixes the following issues:

- CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685). - CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691). - CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674). - CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652). - CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690). - CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into functions (bsc#1185688). - CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654). - CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686). - CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673). - CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
Family:unixClass:patch
Status:Reference(s):1185652
1185654
1185673
1185674
1185685
1185686
1185688
1185690
1185691
1186247
CVE-2018-25009
CVE-2018-25010
CVE-2018-25011
CVE-2018-25012
CVE-2018-25013
CVE-2020-36328
CVE-2020-36329
CVE-2020-36330
CVE-2020-36331
CVE-2020-36332
SUSE-SU-2021:1860-1
Platform(s):SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 is installed
  • AND libwebp6-32bit-0.5.0-3.5.1 is installed
    • BACK