OVAL Reference oval:org.opensuse.security:def:51268

Oval Definition:

oval:org.opensuse.security:def:51268

Revision Date:	2020-12-01	Version:	1
Title:	Security update for libexif (Moderate)
Description:	This update for libexif to 0.6.22 fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER
Family:	unix	Class:	patch
Status:		Reference(s):	1055857 1059893 1120943 1131233 1131237 1131239 1131241 1131245 1133191 1135280 1136446 1136935 1137597 1144919 1145095 1146090 1146091 1146093 1146094 1146095 1146097 1146099 1146100 1146360 1149841 1151021 1151793 1154212 1158442 1160770 1162202 1162675 1171475 1171746 1171847 1172105 1172116 1172121 1172437 1173100 1173659 1173869 1173942 1173948 1173963 1174186 1174247 1175070 1175071 1175074 CVE-2009-4492 CVE-2010-0541 CVE-2011-1004 CVE-2011-1005 CVE-2011-4815 CVE-2012-0862 CVE-2013-4342 CVE-2014-3564 CVE-2014-4910 CVE-2016-6328 CVE-2017-7544 CVE-2018-1000199 CVE-2018-20030 CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 CVE-2019-11041 CVE-2019-11042 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-14835 CVE-2019-14895 CVE-2019-16746 CVE-2019-17631 CVE-2019-18634 CVE-2019-19447 CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-3846 CVE-2019-9278 CVE-2019-9458 CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 CVE-2020-0093 CVE-2020-10757 CVE-2020-11668 CVE-2020-11984 CVE-2020-11993 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 CVE-2020-14331 CVE-2020-15780 CVE-2020-9490 SUSE-SU-2019:0873-1 SUSE-SU-2019:1581-1 SUSE-SU-2019:2260-1 SUSE-SU-2019:2503-1 SUSE-SU-2020:0001-1 SUSE-SU-2020:0408-1 SUSE-SU-2020:1553-1 SUSE-SU-2020:1958-1 SUSE-SU-2020:2344-1 SUSE-SU-2020:2513-1
Platform(s):	SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for additional PackageHub packages 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Module for Legacy Software 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Web Scripting 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP2 is installed AND kvm-0.15.1-0.27 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information MozillaFirefox-24.2.0esr-0.7 is installed OR MozillaFirefox-branding-SLED-24-0.7 is installed OR MozillaFirefox-translations-24.2.0esr-0.7 is installed OR libfreebl3-3.15.3.1-0.7 is installed OR libfreebl3-32bit-3.15.3.1-0.7 is installed OR libsoftokn3-3.15.3.1-0.7 is installed OR libsoftokn3-32bit-3.15.3.1-0.7 is installed OR mozilla-nss-3.15.3.1-0.7 is installed OR mozilla-nss-32bit-3.15.3.1-0.7 is installed OR mozilla-nss-tools-3.15.3.1-0.7 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information gpgme-1.5.1-1 is installed OR libgpgme11-1.5.1-1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND autofs-5.0.9-8 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information augeas-1.2.0-10 is installed OR augeas-lenses-1.2.0-10 is installed OR libaugeas0-1.2.0-10 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information libXfixes3-5.0.1-7 is installed OR libXfixes3-32bit-5.0.1-7 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information bash-4.3-83.15 is installed OR bash-doc-4.3-83.15 is installed OR bash-lang-4.3-83.15 is installed OR libreadline6-6.3-83.15 is installed OR libreadline6-32bit-6.3-83.15 is installed OR readline-doc-6.3-83.15 is installed
Definition Synopsis
SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed AND Package Information php7-7.2.5-4.40 is installed OR php7-embed-7.2.5-4.40 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed AND Package Information libexif-0.6.22-5.6 is installed OR libexif-devel-0.6.22-5.6 is installed OR libexif12-0.6.22-5.6 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed AND Package Information MozillaFirefox-78.0.2-3.97 is installed OR MozillaFirefox-devel-78.0.2-3.97 is installed OR MozillaFirefox-translations-common-78.0.2-3.97 is installed OR MozillaFirefox-translations-other-78.0.2-3.97 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed AND Package Information java-1_8_0-ibm-1.8.0_sr6.0-3.30 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr6.0-3.30 is installed OR java-1_8_0-ibm-devel-1.8.0_sr6.0-3.30 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr6.0-3.30 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-25_28-default-3-2 is installed OR kernel-livepatch-SLE15_Update_8-3-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-197_26-default-5-2 is installed OR kernel-livepatch-SLE15-SP1_Update_7-5-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information apache2-2.4.33-3.15 is installed OR apache2-devel-2.4.33-3.15 is installed OR apache2-doc-2.4.33-3.15 is installed OR apache2-prefork-2.4.33-3.15 is installed OR apache2-utils-2.4.33-3.15 is installed OR apache2-worker-2.4.33-3.15 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed AND Package Information nodejs8-8.16.1-3.20 is installed OR nodejs8-devel-8.16.1-3.20 is installed OR nodejs8-docs-8.16.1-3.20 is installed OR npm8-8.16.1-3.20 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information kernel-default-3.12.49-11 is installed OR kernel-default-base-3.12.49-11 is installed OR kernel-default-devel-3.12.49-11 is installed OR kernel-default-man-3.12.49-11 is installed OR kernel-devel-3.12.49-11 is installed OR kernel-macros-3.12.49-11 is installed OR kernel-source-3.12.49-11 is installed OR kernel-syms-3.12.49-11 is installed OR kernel-xen-3.12.49-11 is installed OR kernel-xen-base-3.12.49-11 is installed OR kernel-xen-devel-3.12.49-11 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information openvpn-2.3.8-16.17 is installed OR openvpn-auth-pam-plugin-2.3.8-16.17 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information gnutls-3.2.15-11 is installed OR libgnutls-openssl27-3.2.15-11 is installed OR libgnutls28-3.2.15-11 is installed OR libgnutls28-32bit-3.2.15-11 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libwireshark9-2.4.9-48.29 is installed OR libwiretap7-2.4.9-48.29 is installed OR libwscodecs1-2.4.9-48.29 is installed OR libwsutil8-2.4.9-48.29 is installed OR wireshark-2.4.9-48.29 is installed OR wireshark-gtk-2.4.9-48.29 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information dbus-1-1.8.22-24.19 is installed OR dbus-1-x11-1.8.22-24.19 is installed OR libdbus-1-3-1.8.22-24.19 is installed OR libdbus-1-3-32bit-1.8.22-24.19 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_120-92_70-default-4-2 is installed OR kgraft-patch-SLE12-SP2_Update_20-4-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-36 is installed OR aaa_base-extras-13.2+git20140911.61c1681-36 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information cups-1.7.5-20.26 is installed OR cups-client-1.7.5-20.26 is installed OR cups-libs-1.7.5-20.26 is installed OR cups-libs-32bit-1.7.5-20.26 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_175-94_79-default-5-2 is installed OR kgraft-patch-SLE12-SP3_Update_23-5-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information libgcrypt-1.6.1-16.68 is installed OR libgcrypt20-1.6.1-16.68 is installed OR libgcrypt20-32bit-1.6.1-16.68 is installed OR libgcrypt20-hmac-1.6.1-16.68 is installed OR libgcrypt20-hmac-32bit-1.6.1-16.68 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libpython2_7-1_0-2.7.13-28.8 is installed OR libpython2_7-1_0-32bit-2.7.13-28.8 is installed OR python-2.7.13-28.8 is installed OR python-32bit-2.7.13-28.8 is installed OR python-base-2.7.13-28.8 is installed OR python-base-32bit-2.7.13-28.8 is installed OR python-curses-2.7.13-28.8 is installed OR python-demo-2.7.13-28.8 is installed OR python-doc-2.7.13-28.8 is installed OR python-doc-pdf-2.7.13-28.8 is installed OR python-gdbm-2.7.13-28.8 is installed OR python-idle-2.7.13-28.8 is installed OR python-tk-2.7.13-28.8 is installed OR python-xml-2.7.13-28.8 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information gnome-settings-daemon-3.20.1-50.5 is installed OR gnome-settings-daemon-lang-3.20.1-50.5 is installed
Definition Synopsis
SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information apache2-2.4.33-3.33 is installed OR apache2-devel-2.4.33-3.33 is installed OR apache2-doc-2.4.33-3.33 is installed OR apache2-prefork-2.4.33-3.33 is installed OR apache2-utils-2.4.33-3.33 is installed OR apache2-worker-2.4.33-3.33 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information sudo-1.8.22-4.9 is installed OR sudo-devel-1.8.22-4.9 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information libpython2_7-1_0-2.7.13-28.31 is installed OR libpython2_7-1_0-32bit-2.7.13-28.31 is installed OR python-2.7.13-28.31 is installed OR python-32bit-2.7.13-28.31 is installed OR python-base-2.7.13-28.31 is installed OR python-base-32bit-2.7.13-28.31 is installed OR python-curses-2.7.13-28.31 is installed OR python-demo-2.7.13-28.31 is installed OR python-devel-2.7.13-28.31 is installed OR python-doc-2.7.13-28.31 is installed OR python-doc-pdf-2.7.13-28.31 is installed OR python-gdbm-2.7.13-28.31 is installed OR python-idle-2.7.13-28.31 is installed OR python-tk-2.7.13-28.31 is installed OR python-xml-2.7.13-28.31 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information pdns-4.1.2-3.3 is installed OR pdns-backend-mysql-4.1.2-3.3 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND binutils-2.32-9.33 is installed

BACK