OVAL Reference oval:org.opensuse.security:def:2634

Oval Definition:

oval:org.opensuse.security:def:2634

Revision Date:	2020-12-02	Version:	1
Title:	Security update for exiv2 (Moderate)
Description:	This update for exiv2 to 0.26 fixes the following security issues: - CVE-2017-14864: Prevent invalid memory address dereference in Exiv2::getULong that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1060995). - CVE-2017-14862: Prevent invalid memory address dereference in Exiv2::DataValue::read that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1060996). - CVE-2017-14859: Prevent invalid memory address dereference in Exiv2::StringValueBase::read that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1061000). - CVE-2017-14860: Prevent heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function via a crafted input that could have lead to a denial of service attack (bsc#1061023). - CVE-2017-11337: Prevent invalid free in the Action::TaskFactory::cleanup function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-11338: Prevent infinite loop in the Exiv2::Image::printIFDStructure function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-11339: Prevent heap-based buffer overflow in the Image::printIFDStructure function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-11340: Prevent Segmentation fault in the XmpParser::terminate() function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-12955: Prevent heap-based buffer overflow. The vulnerability caused an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact (bsc#1054593). - CVE-2017-12956: Preventn illegal address access in Exiv2::FileIo::path[abi:cxx11]() that could have lead to remote denial of service (bsc#1054592). - CVE-2017-12957: Prevent heap-based buffer over-read that was triggered in the Exiv2::Image::io function and could have lead to remote denial of service (bsc#1054590). - CVE-2017-11683: Prevent reachable assertion in the Internal::TiffReader::visitDirectory function that could have lead to a remote denial of service attack via crafted input (bsc#1051188). - CVE-2017-11591: Prevent Floating point exception in the Exiv2::ValueType function that could have lead to a remote denial of service attack via crafted input (bsc#1050257). - CVE-2017-11553: Prevent illegal address access in the extend_alias_table function via a crafted input could have lead to remote denial of service. - CVE-2017-11592: Prevent mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function that could have lead to a remote denial of service attack (heap memory corruption) via crafted input.
Family:	unix	Class:	patch
Status:		Reference(s):	1048883 1050257 1051188 1054590 1054592 1054593 1060995 1060996 1061000 1061023 1076410 1082696 1092206 1094741 1102003 1102004 1102005 1102007 1105361 1107507 1107944 1117507 1117508 1117951 1121967 1122623 1123919 1127080 1131291 1135350 1141063 1143578 1143581 1143582 1143584 1148742 1150003 1150250 1153451 1153459 1155321 1156318 CVE-2017-11337 CVE-2017-11338 CVE-2017-11339 CVE-2017-11340 CVE-2017-11553 CVE-2017-11591 CVE-2017-11592 CVE-2017-11683 CVE-2017-12955 CVE-2017-12956 CVE-2017-12957 CVE-2017-14859 CVE-2017-14860 CVE-2017-14862 CVE-2017-14864 CVE-2017-18594 CVE-2018-12473 CVE-2018-12474 CVE-2018-12476 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 CVE-2018-15173 CVE-2018-19540 CVE-2018-19541 CVE-2018-20860 CVE-2018-20861 CVE-2019-14382 CVE-2019-14383 CVE-2019-1547 CVE-2019-1559 CVE-2019-1563 CVE-2019-17041 CVE-2019-17042 CVE-2019-3816 CVE-2019-3833 CVE-2019-5736 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8625 CVE-2019-8674 CVE-2019-8681 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 SUSE-SU-2018:1882-1 SUSE-SU-2018:2475-1 SUSE-SU-2019:0362-1 SUSE-SU-2019:0540-1 SUSE-SU-2019:0600-1 SUSE-SU-2019:0654-1 SUSE-SU-2019:2425-1 SUSE-SU-2019:2435-1 SUSE-SU-2019:2512-1 SUSE-SU-2019:2561-1 SUSE-SU-2019:2937-1 SUSE-SU-2019:3044-1 SUSE-SU-2019:3087-1
Platform(s):	SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise High Availability 12 SP2 SUSE Linux Enterprise High Availability 12 SP3 SUSE Linux Enterprise High Availability 12 SP4 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15 SP1 SUSE Linux Enterprise Module for additional PackageHub packages 15 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for High Performance Computing 15 SUSE Linux Enterprise Module for High Performance Computing 15 SP1 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Legacy Software 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Web Scripting 15 SP1 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1	Product(s):
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information ImageMagick-6.8.8.1-5 is installed OR libMagick++-6_Q16-3-6.8.8.1-5 is installed OR libMagickCore-6_Q16-1-6.8.8.1-5 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-5 is installed OR libMagickWand-6_Q16-1-6.8.8.1-5 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information libxslt-1.1.28-16 is installed OR libxslt-tools-1.1.28-16 is installed OR libxslt1-1.1.28-16 is installed OR libxslt1-32bit-1.1.28-16 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libass-0.10.2-3 is installed OR libass5-0.10.2-3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND libmpfr4-3.1.2-7 is installed
Definition Synopsis
SUSE Linux Enterprise for SAP 12 is installed AND Package Information ghostscript-9.15-11.1 is installed OR ghostscript-x11-9.15-11.1 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP2 is installed AND Package Information cluster-md-kmp-default-4.4.21-69 is installed OR cluster-network-kmp-default-4.4.21-69 is installed OR dlm-kmp-default-4.4.21-69 is installed OR gfs2-kmp-default-4.4.21-69 is installed OR ocfs2-kmp-default-4.4.21-69 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP3 is installed AND Package Information cluster-md-kmp-default-4.4.73-5 is installed OR dlm-kmp-default-4.4.73-5 is installed OR gfs2-kmp-default-4.4.73-5 is installed OR ocfs2-kmp-default-4.4.73-5 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP4 is installed AND ruby2.1-rubygem-bundler-1.7.3-3 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 15 is installed AND Package Information cluster-md-kmp-default-4.12.14-150.27 is installed OR dlm-kmp-default-4.12.14-150.27 is installed OR gfs2-kmp-default-4.12.14-150.27 is installed OR kernel-default-4.12.14-150.27 is installed OR ocfs2-kmp-default-4.12.14-150.27 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 15 SP1 is installed AND Package Information graphviz-addons-2.40.1-6.3 is installed OR graphviz-gd-2.40.1-6.3 is installed OR graphviz-python-2.40.1-6.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed AND Package Information glib2-2.54.3-4.18 is installed OR glib2-devel-32bit-2.54.3-4.18 is installed OR glib2-tools-32bit-2.54.3-4.18 is installed OR libgthread-2_0-0-32bit-2.54.3-4.18 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Containers 12 is installed AND python-PyYAML-3.10-15 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information exiv2-0.26-6.3 is installed OR libexiv2-26-0.26-6.3 is installed OR libexiv2-devel-0.26-6.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for High Performance Computing 15 is installed AND Package Information python-numpy_1_16_1-gnu-hpc-1.16.1-4.8 is installed OR python2-numpy-gnu-hpc-1.16.1-4.8 is installed OR python2-numpy-gnu-hpc-devel-1.16.1-4.8 is installed OR python3-numpy-gnu-hpc-1.16.1-4.8 is installed OR python3-numpy-gnu-hpc-devel-1.16.1-4.8 is installed
Definition Synopsis
SUSE Linux Enterprise Module for High Performance Computing 15 SP1 is installed AND Package Information libpmi0-18.08.9-3.10 is installed OR libslurm33-18.08.9-3.10 is installed OR perl-slurm-18.08.9-3.10 is installed OR slurm-18.08.9-3.10 is installed OR slurm-auth-none-18.08.9-3.10 is installed OR slurm-config-18.08.9-3.10 is installed OR slurm-config-man-18.08.9-3.10 is installed OR slurm-devel-18.08.9-3.10 is installed OR slurm-doc-18.08.9-3.10 is installed OR slurm-lua-18.08.9-3.10 is installed OR slurm-munge-18.08.9-3.10 is installed OR slurm-node-18.08.9-3.10 is installed OR slurm-pam_slurm-18.08.9-3.10 is installed OR slurm-plugins-18.08.9-3.10 is installed OR slurm-slurmdbd-18.08.9-3.10 is installed OR slurm-sql-18.08.9-3.10 is installed OR slurm-sview-18.08.9-3.10 is installed OR slurm-torque-18.08.9-3.10 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 12 is installed AND Package Information cups154-1.5.4-2 is installed OR cups154-client-1.5.4-2 is installed OR cups154-filters-1.5.4-2 is installed OR cups154-libs-1.5.4-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information libopenssl-1_0_0-devel-1.0.2p-3.8 is installed OR libopenssl1_0_0-1.0.2p-3.8 is installed OR openssl-1_0_0-1.0.2p-3.8 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed AND Package Information kernel-default-4.12.14-197.4 is installed OR reiserfs-kmp-default-4.12.14-197.4 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-23-default-3-7 is installed OR kernel-livepatch-SLE15_Update_0-3-7 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-default-4.12.14-197.4 is installed OR kernel-default-livepatch-4.12.14-197.4 is installed OR kernel-default-livepatch-devel-4.12.14-197.4 is installed OR kernel-livepatch-4_12_14-197_4-default-1-3.3 is installed OR kernel-livepatch-SLE15-SP1_Update_1-1-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND Package Information ncat-7.70-3.12 is installed OR ndiff-7.70-3.12 is installed OR nmap-7.70-3.12 is installed OR nping-7.70-3.12 is installed OR zenmap-7.70-3.12 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information libpython3_6m1_0-32bit-3.6.8-3.16 is installed OR python3-3.6.8-3.16 is installed OR python3-32bit-3.6.8-3.16 is installed OR python3-base-3.6.8-3.16 is installed OR python3-base-32bit-3.6.8-3.16 is installed OR python3-doc-3.6.8-3.16 is installed OR python3-testsuite-3.6.8-3.16 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information MozillaFirefox-68.6.1-3.81 is installed OR MozillaFirefox-branding-upstream-68.6.1-3.81 is installed OR MozillaFirefox-buildsymbols-68.6.1-3.81 is installed OR MozillaFirefox-devel-68.6.1-3.81 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Public Cloud 12 is installed AND python-requests-2.3.0-1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND yast2-rmt-1.2.2-3.18 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND skopeo-0.1.32-4.8 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 12 is installed AND Package Information nodejs4-4.5.0-5 is installed OR nodejs4-devel-4.5.0-5 is installed OR nodejs4-docs-4.5.0-5 is installed OR npm4-4.5.0-5 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 15 is installed AND Package Information nodejs8-8.11.3-3.5 is installed OR nodejs8-devel-8.11.3-3.5 is installed OR nodejs8-docs-8.11.3-3.5 is installed OR npm8-8.11.3-3.5 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed AND Package Information nodejs8-8.16.1-3.20 is installed OR nodejs8-devel-8.16.1-3.20 is installed OR nodejs8-docs-8.16.1-3.20 is installed OR npm8-8.16.1-3.20 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 is installed AND Package Information accountsservice-0.6.35-1 is installed OR accountsservice-lang-0.6.35-1 is installed OR libaccountsservice0-0.6.35-1 is installed OR typelib-1_0-AccountsService-1_0-0.6.35-1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information MozillaFirefox-38.4.0esr-51 is installed OR MozillaFirefox-translations-38.4.0esr-51 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libXvnc1-1.6.0-12 is installed OR tigervnc-1.6.0-12 is installed OR xorg-x11-Xvnc-1.6.0-12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information alsa-1.0.27.2-15 is installed OR alsa-docs-1.0.27.2-15 is installed OR libasound2-1.0.27.2-15 is installed OR libasound2-32bit-1.0.27.2-15 is installed
Definition Synopsis
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND vsftpd-3.0.2-31 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 is installed AND Package Information python-base-2.7.9-14.1 is installed OR python-devel-2.7.9-14.1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP1 is installed AND ruby-devel-2.1-1.6 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP2 is installed AND Package Information gcc48-gij-4.8.5-30.1 is installed OR gcc48-gij-32bit-4.8.5-30.1 is installed OR libgcj48-4.8.5-30.1 is installed OR libgcj48-32bit-4.8.5-30.1 is installed OR libgcj48-jar-4.8.5-30.1 is installed OR libgcj_bc1-4.8.5-30.1 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information MozillaThunderbird-52.9.1-3.7 is installed OR MozillaThunderbird-devel-52.9.1-3.7 is installed OR MozillaThunderbird-translations-common-52.9.1-3.7 is installed OR MozillaThunderbird-translations-other-52.9.1-3.7 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information ffmpeg-3.4.2-4.17 is installed OR libavcodec-devel-3.4.2-4.17 is installed OR libavformat-devel-3.4.2-4.17 is installed OR libavformat57-3.4.2-4.17 is installed OR libavresample-devel-3.4.2-4.17 is installed OR libavresample3-3.4.2-4.17 is installed

BACK