Oval Definition:oval:org.opensuse.security:def:2833
Revision Date:2020-12-02Version:1
Title:Security update for libexif (Moderate)
Description:

This update for libexif to 0.6.22 fixes the following issues:

Security issues fixed:

- CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116).

Non-security issues fixed:

- libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER
Family:unixClass:patch
Status:Reference(s):1051510
1055857
1059893
1071995
1082318
1088047
1098633
1103990
1103991
1103992
1106383
1109837
1111666
1112374
1114685
1115015
1115022
1115025
1119113
1119532
1120423
1120943
1125703
1128828
1128902
1130836
1131645
1132390
1133401
1133738
1134303
1134395
1135556
1135642
1135897
1136161
1136264
1136343
1136935
1137625
1137728
1137825
1137835
1138872
1138879
1139712
1139751
1139771
1139865
1140133
1140228
1140328
1140405
1140424
1140428
1140454
1140463
1140575
1140577
1140637
1140658
1140715
1140719
1140726
1140727
1140728
1140814
1140887
1140888
1140889
1140891
1140893
1140948
1140954
1140955
1140956
1140957
1140958
1140959
1140960
1140961
1140962
1140964
1140971
1140972
1140992
1141853
1142614
1145092
1145575
1145579
1145580
1145582
1145738
1145739
1145740
1145741
1145742
1148931
1153674
1155419
1160770
1171475
1171847
1172105
1172116
1172121
CVE-2016-6328
CVE-2017-7544
CVE-2018-16843
CVE-2018-16844
CVE-2018-16845
CVE-2018-20030
CVE-2018-20836
CVE-2018-20852
CVE-2019-10081
CVE-2019-10082
CVE-2019-10092
CVE-2019-10097
CVE-2019-10098
CVE-2019-10126
CVE-2019-10208
CVE-2019-10638
CVE-2019-10639
CVE-2019-11599
CVE-2019-11708
CVE-2019-12387
CVE-2019-12779
CVE-2019-13233
CVE-2019-14287
CVE-2019-15681
CVE-2019-8595
CVE-2019-8607
CVE-2019-8615
CVE-2019-8644
CVE-2019-8649
CVE-2019-8658
CVE-2019-8666
CVE-2019-8669
CVE-2019-8671
CVE-2019-8672
CVE-2019-8673
CVE-2019-8676
CVE-2019-8677
CVE-2019-8678
CVE-2019-8679
CVE-2019-8680
CVE-2019-8681
CVE-2019-8683
CVE-2019-8684
CVE-2019-8686
CVE-2019-8687
CVE-2019-8688
CVE-2019-8689
CVE-2019-8690
CVE-2019-9278
CVE-2019-9511
CVE-2019-9513
CVE-2019-9516
CVE-2019-9517
CVE-2019-9893
CVE-2020-0093
CVE-2020-12767
CVE-2020-13112
CVE-2020-13113
CVE-2020-13114
SUSE-SU-2019:1682-1
SUSE-SU-2019:1731-1
SUSE-SU-2019:1812-1
SUSE-SU-2019:1854-1
SUSE-SU-2019:2114-1
SUSE-SU-2019:2237-1
SUSE-SU-2019:2309-1
SUSE-SU-2019:2428-1
SUSE-SU-2019:2517-1
SUSE-SU-2019:2656-1
SUSE-SU-2019:2707-1
SUSE-SU-2020:1553-1
SUSE-SU-2020:2009-1
Platform(s):SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise High Availability 12 SP2
SUSE Linux Enterprise High Availability 12 SP3
SUSE Linux Enterprise High Availability 12 SP4
SUSE Linux Enterprise Module for additional PackageHub packages 15
SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Module for High Performance Computing 12
SUSE Linux Enterprise Module for Legacy Software 15
SUSE Linux Enterprise Module for Legacy Software 15 SP1
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Module for Live Patching 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for Public Cloud 15
SUSE Linux Enterprise Module for Public Cloud 15 SP1
SUSE Linux Enterprise Module for Python2 packages 15 SP1
SUSE Linux Enterprise Module for Realtime packages 15 SP1
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Module for Toolchain 12
SUSE Linux Enterprise Module for Web Scripting 12
SUSE Linux Enterprise Module for Web Scripting 15
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 11 SP1-CLIENT-TOOLS
SUSE Linux Enterprise Server 11 SP1-LTSS
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2-LTSS
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for VMWare 11 SP2
SUSE Linux Enterprise Server for VMWare 11 SP3
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Workstation Extension 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • colord-1.1.7-2 is installed
  • OR colord-gtk-lang-0.1.25-3 is installed
  • OR colord-lang-1.1.7-2 is installed
  • OR libcolord-gtk1-0.1.25-3 is installed
  • OR libcolord2-1.1.7-2 is installed
  • OR libcolord2-32bit-1.1.7-2 is installed
  • OR libcolorhug2-1.1.7-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • alsa-1.0.27.2-11 is installed
  • OR libasound2-1.0.27.2-11 is installed
  • OR libasound2-32bit-1.0.27.2-11 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • MozillaFirefox-45.7.0esr-99 is installed
  • OR MozillaFirefox-translations-45.7.0esr-99 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND ctags-5.8-7 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP2 is installed
  • AND ruby2.1-rubygem-bundler-1.7.3-3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP3 is installed
  • AND Package Information
  • cluster-md-kmp-default-4.4.73-5 is installed
  • OR dlm-kmp-default-4.4.73-5 is installed
  • OR gfs2-kmp-default-4.4.73-5 is installed
  • OR ocfs2-kmp-default-4.4.73-5 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP4 is installed
  • AND haproxy-1.6.11-10 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed
  • AND Package Information
  • graphviz-addons-2.40.1-6.3 is installed
  • OR graphviz-gnome-2.40.1-6.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1 is installed
  • AND Package Information
  • python-SQLAlchemy-1.2.14-6.3 is installed
  • OR python2-SQLAlchemy-1.2.14-6.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed
  • AND Package Information
  • libexif-0.6.22-5.6 is installed
  • OR libexif-devel-0.6.22-5.6 is installed
  • OR libexif12-0.6.22-5.6 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for High Performance Computing 12 is installed
  • AND Package Information
  • libslurm29-16.05.8.1-5 is installed
  • OR perl-slurm-16.05.8.1-5 is installed
  • OR slurm-16.05.8.1-5 is installed
  • OR slurm-auth-none-16.05.8.1-5 is installed
  • OR slurm-devel-16.05.8.1-5 is installed
  • OR slurm-doc-16.05.8.1-5 is installed
  • OR slurm-lua-16.05.8.1-5 is installed
  • OR slurm-munge-16.05.8.1-5 is installed
  • OR slurm-pam_slurm-16.05.8.1-5 is installed
  • OR slurm-plugins-16.05.8.1-5 is installed
  • OR slurm-sched-wiki-16.05.8.1-5 is installed
  • OR slurm-slurmdbd-16.05.8.1-5 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.35-3.20 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.35-3.20 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr5.35-3.20 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.35-3.20 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.212-3.19 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.212-3.19 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.212-3.19 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.212-3.19 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-25.3 is installed
  • OR kernel-default-livepatch-4.12.14-25.3 is installed
  • OR kernel-livepatch-4_12_14-25_3-default-1-1.3 is installed
  • OR kernel-livepatch-SLE15_Update_1-1-1.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed
  • AND Package Information
  • kernel-livepatch-4_12_14-195-default-2-4 is installed
  • OR kernel-livepatch-SLE15-SP1_Update_0-2-4 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • MozillaFirefox-60.7.2-3.48 is installed
  • OR MozillaFirefox-branding-upstream-60.7.2-3.48 is installed
  • OR MozillaFirefox-buildsymbols-60.7.2-3.48 is installed
  • OR MozillaFirefox-devel-60.7.2-3.48 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • curl-7.66.0-4.3 is installed
  • OR curl-mini-7.66.0-4.3 is installed
  • OR libcurl-devel-32bit-7.66.0-4.3 is installed
  • OR libcurl-mini-devel-7.66.0-4.3 is installed
  • OR libcurl4-mini-7.66.0-4.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 15 is installed
  • AND Package Information
  • kernel-azure-4.12.14-5.8 is installed
  • OR kernel-azure-base-4.12.14-5.8 is installed
  • OR kernel-azure-devel-4.12.14-5.8 is installed
  • OR kernel-devel-azure-4.12.14-5.8 is installed
  • OR kernel-source-azure-4.12.14-5.8 is installed
  • OR kernel-syms-azure-4.12.14-5.8 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 15 SP1 is installed
  • AND Package Information
  • kernel-azure-4.12.14-8.22 is installed
  • OR kernel-azure-base-4.12.14-8.22 is installed
  • OR kernel-azure-devel-4.12.14-8.22 is installed
  • OR kernel-devel-azure-4.12.14-8.22 is installed
  • OR kernel-source-azure-4.12.14-8.22 is installed
  • OR kernel-syms-azure-4.12.14-8.22 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Python2 packages 15 SP1 is installed
  • AND Package Information
  • python-libxml2-python-2.9.7-3.12 is installed
  • OR python2-libxml2-python-2.9.7-3.12 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Realtime packages 15 SP1 is installed
  • AND Package Information
  • cluster-md-kmp-rt-4.12.14-14.8 is installed
  • OR dlm-kmp-rt-4.12.14-14.8 is installed
  • OR gfs2-kmp-rt-4.12.14-14.8 is installed
  • OR kernel-devel-rt-4.12.14-14.8 is installed
  • OR kernel-rt-4.12.14-14.8 is installed
  • OR kernel-rt-base-4.12.14-14.8 is installed
  • OR kernel-rt-devel-4.12.14-14.8 is installed
  • OR kernel-rt_debug-4.12.14-14.8 is installed
  • OR kernel-rt_debug-devel-4.12.14-14.8 is installed
  • OR kernel-source-rt-4.12.14-14.8 is installed
  • OR kernel-syms-rt-4.12.14-14.8 is installed
  • OR ocfs2-kmp-rt-4.12.14-14.8 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 is installed
  • AND Package Information
  • openssh-7.6p1-9.3 is installed
  • OR openssh-fips-7.6p1-9.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
  • AND Package Information
  • subversion-1.10.6-3.6 is installed
  • OR subversion-server-1.10.6-3.6 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Toolchain 12 is installed
  • AND Package Information
  • cpp5-5.3.1+r233831-9 is installed
  • OR gcc5-5.3.1+r233831-9 is installed
  • OR gcc5-c++-5.3.1+r233831-9 is installed
  • OR gcc5-fortran-5.3.1+r233831-9 is installed
  • OR gcc5-info-5.3.1+r233831-9 is installed
  • OR gcc5-locale-5.3.1+r233831-9 is installed
  • OR libffi-devel-gcc5-5.3.1+r233831-9 is installed
  • OR libstdc++6-devel-gcc5-5.3.1+r233831-9 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 12 is installed
  • AND Package Information
  • apache2-mod_php5-5.5.14-4 is installed
  • OR php5-5.5.14-4 is installed
  • OR php5-bcmath-5.5.14-4 is installed
  • OR php5-bz2-5.5.14-4 is installed
  • OR php5-calendar-5.5.14-4 is installed
  • OR php5-ctype-5.5.14-4 is installed
  • OR php5-curl-5.5.14-4 is installed
  • OR php5-dba-5.5.14-4 is installed
  • OR php5-dom-5.5.14-4 is installed
  • OR php5-enchant-5.5.14-4 is installed
  • OR php5-exif-5.5.14-4 is installed
  • OR php5-fastcgi-5.5.14-4 is installed
  • OR php5-fileinfo-5.5.14-4 is installed
  • OR php5-fpm-5.5.14-4 is installed
  • OR php5-ftp-5.5.14-4 is installed
  • OR php5-gd-5.5.14-4 is installed
  • OR php5-gettext-5.5.14-4 is installed
  • OR php5-gmp-5.5.14-4 is installed
  • OR php5-iconv-5.5.14-4 is installed
  • OR php5-intl-5.5.14-4 is installed
  • OR php5-json-5.5.14-4 is installed
  • OR php5-ldap-5.5.14-4 is installed
  • OR php5-mbstring-5.5.14-4 is installed
  • OR php5-mcrypt-5.5.14-4 is installed
  • OR php5-mysql-5.5.14-4 is installed
  • OR php5-odbc-5.5.14-4 is installed
  • OR php5-openssl-5.5.14-4 is installed
  • OR php5-pcntl-5.5.14-4 is installed
  • OR php5-pdo-5.5.14-4 is installed
  • OR php5-pear-5.5.14-4 is installed
  • OR php5-pgsql-5.5.14-4 is installed
  • OR php5-pspell-5.5.14-4 is installed
  • OR php5-shmop-5.5.14-4 is installed
  • OR php5-snmp-5.5.14-4 is installed
  • OR php5-soap-5.5.14-4 is installed
  • OR php5-sockets-5.5.14-4 is installed
  • OR php5-sqlite-5.5.14-4 is installed
  • OR php5-suhosin-5.5.14-4 is installed
  • OR php5-sysvmsg-5.5.14-4 is installed
  • OR php5-sysvsem-5.5.14-4 is installed
  • OR php5-sysvshm-5.5.14-4 is installed
  • OR php5-tokenizer-5.5.14-4 is installed
  • OR php5-wddx-5.5.14-4 is installed
  • OR php5-xmlreader-5.5.14-4 is installed
  • OR php5-xmlrpc-5.5.14-4 is installed
  • OR php5-xmlwriter-5.5.14-4 is installed
  • OR php5-xsl-5.5.14-4 is installed
  • OR php5-zip-5.5.14-4 is installed
  • OR php5-zlib-5.5.14-4 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 is installed
  • AND Package Information
  • nodejs10-10.16.0-1.9 is installed
  • OR nodejs10-devel-10.16.0-1.9 is installed
  • OR nodejs10-docs-10.16.0-1.9 is installed
  • OR npm10-10.16.0-1.9 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 is installed
  • AND Package Information
  • accountsservice-0.6.35-1 is installed
  • OR accountsservice-lang-0.6.35-1 is installed
  • OR libaccountsservice0-0.6.35-1 is installed
  • OR typelib-1_0-AccountsService-1_0-0.6.35-1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND apache-commons-httpclient-3.1-4 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND apache-commons-httpclient-3.1-4 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 is installed
  • AND Package Information
  • glibc-2.19-22.16.2 is installed
  • OR glibc-devel-static-2.19-22.16.2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP1 is installed
  • AND Package Information
  • avahi-compat-howl-devel-0.6.31-20 is installed
  • OR avahi-compat-mDNSResponder-devel-0.6.31-20 is installed
  • OR libavahi-devel-0.6.31-20 is installed
  • OR libhowl0-0.6.31-20 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP2 is installed
  • AND Package Information
  • nut-cgi-2.7.1-4.84 is installed
  • OR nut-devel-2.7.1-4.84 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • kernel-default-4.12.14-197.21 is installed
  • OR kernel-default-extra-4.12.14-197.21 is installed
  • BACK