Oval Definition:	oval:org.opensuse.security:def:51318
Revision Date: 2020-12-01 Version: 1 Title: Security update for exiv2 (Moderate) Description: This update for exiv2 fixes the following issues: exiv2 was updated to latest 0.26 branch, fixing bugs and security issues: - CVE-2017-1000126: Fixed an out of bounds read in webp parser (bsc#1068873). - CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973). - CVE-2018-12264: Fixed an integer overflow in LoaderTiff::getData() which might have led to an out-of-bounds read (bsc#1097600). - CVE-2018-12265: Fixed integer overflows in LoaderExifJpeg which could have led to memory corruption (bsc#1097599). - CVE-2018-17229: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109175). - CVE-2018-17230: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109176). - CVE-2018-17282: Fixed a null pointer dereference in Exiv2::DataValue::copy (bsc#1109299). - CVE-2018-19108: Fixed an integer overflow in Exiv2::PsdImage::readMetadata which could have led to infinite loop (bsc#1115364). - CVE-2018-19607: Fixed a null pointer dereference in Exiv2::isoSpeed which might have led to denial of service (bsc#1117513). - CVE-2018-9305: Fixed an out of bounds read in IptcData::printStructure which might have led to to information leak or denial of service (bsc#1088424). - CVE-2019-13114: Fixed a null pointer dereference which might have led to denial of service via a crafted response of an malicious http server (bsc#1142684). Family: unix Class: patch Status: Reference(s): 1040973 1046299 1046303 1046305 1050244 1050536 1050545 1051510 1055186 1061840 1064802 1065600 1066129 1068873 1071995 1073513 1082635 1083647 1086323 1087092 1088047 1088424 1089644 1090631 1093205 1094555 1096254 1097583 1097584 1097585 1097586 1097587 1097588 1097599 1097600 1098291 1098633 1101674 1105026 1105592 1106383 1106751 1109137 1109158 1109175 1109176 1109299 1111666 1112178 1113994 1114279 1115364 1117513 1117665 1119461 1119465 1119532 1120423 1123034 1123080 1124167 1127155 1128432 1128902 1128910 1131645 1132154 1132390 1133140 1133401 1133738 1134303 1134395 1135296 1135556 1135642 1135854 1135873 1135967 1136157 1136598 1136922 1136935 1137040 1137103 1137194 1137429 1137625 1137728 1137799 1137861 1137884 1137995 1137996 1137998 1137999 1138000 1138002 1138003 1138005 1138006 1138007 1138008 1138009 1138010 1138011 1138012 1138013 1138014 1138015 1138016 1138017 1138018 1138019 1138190 1138291 1138293 1138374 1138375 1138589 1138719 1139073 1139751 1139771 1139782 1139865 1140090 1140133 1140328 1140405 1140424 1140428 1140575 1140577 1140637 1140658 1140715 1140719 1140726 1140727 1140728 1140729 1140814 1140845 1140883 1141600 1142635 1142667 1142684 1143706 1144338 1144375 1144449 1144903 1145099 1146612 1148410 1148643 1149119 1149853 1150452 1150457 1150465 1150875 1151508 1151807 1152033 1152624 1152665 1152685 1152696 1152697 1152788 1152790 1152791 1153108 1153112 1153158 1153161 1153236 1153263 1153476 1153509 1153607 1153646 1153681 1153713 1153717 1153718 1153719 1153811 1153969 1154108 1154189 1154242 1154268 1154354 1154372 1154521 1154578 1154607 1154608 1154610 1154611 1154651 1154737 1154747 1154848 1154858 1154905 1154956 1155061 1155178 1155179 1155184 1155186 1155671 1159913 1162629 1162632 1163985 1165280 1165289 1165548 1165631 1171477 1171746 1171924 1172437 802154 814594 919448 987367 998153 CVE-2009-2625 CVE-2009-3560 CVE-2009-3720 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 CVE-2012-1174 CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 CVE-2013-4288 CVE-2014-3248 CVE-2015-4041 CVE-2015-4042 CVE-2017-1000126 CVE-2017-9239 CVE-2018-1000199 CVE-2018-12207 CVE-2018-12264 CVE-2018-12265 CVE-2018-15471 CVE-2018-16871 CVE-2018-17229 CVE-2018-17230 CVE-2018-17282 CVE-2018-19108 CVE-2018-19607 CVE-2018-20836 CVE-2018-9305 CVE-2019-10126 CVE-2019-10220 CVE-2019-10638 CVE-2019-10639 CVE-2019-11135 CVE-2019-11478 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 CVE-2019-13114 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16995 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-5108 CVE-2020-10722 CVE-2020-10723 CVE-2020-10724 CVE-2020-10725 CVE-2020-10726 CVE-2020-10757 CVE-2020-1720 CVE-2020-1749 CVE-2020-7059 CVE-2020-7060 CVE-2020-7062 CVE-2020-7063 SUSE-SU-2018:3072-1 SUSE-SU-2019:1855-1 SUSE-SU-2019:2947-1 SUSE-SU-2020:0622-1 SUSE-SU-2020:0868-1 SUSE-SU-2020:0921-1 SUSE-SU-2020:1213-1 SUSE-SU-2020:1334-1 SUSE-SU-2020:2149-1 Platform(s): openSUSE Leap 15.0 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Workstation Extension 15 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information cracklib-2.9.6-lp150.2 is installed OR libcrack2-2.9.6-lp150.2 is installed OR libcrack2-32bit-2.9.6-lp150.2 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information xorg-x11-libXp-7.4-1.18 is installed OR xorg-x11-libXp-32bit-7.4-1.18 is installed OR xorg-x11-libXp-devel-7.4-1.18 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information krb5-1.6.3-133.49.62 is installed OR krb5-32bit-1.6.3-133.49.62 is installed OR krb5-client-1.6.3-133.49.62 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information libgudev-1_0-0-210-44 is installed OR libgudev-1_0-0-32bit-210-44 is installed OR libudev1-210-44 is installed OR libudev1-32bit-210-44 is installed OR systemd-210-44 is installed OR systemd-32bit-210-44 is installed OR systemd-bash-completion-210-44 is installed OR systemd-sysvinit-210-44 is installed OR udev-210-44 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information coreutils-8.22-9 is installed OR coreutils-lang-8.22-9 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information gdk-pixbuf-loader-rsvg-2.40.15-4 is installed OR librsvg-2-2-2.40.15-4 is installed OR librsvg-2-2-32bit-2.40.15-4 is installed OR rsvg-view-2.40.15-4 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information DirectFB-1.7.1-6 is installed OR lib++dfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-32bit-1.7.1-6 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information apparmor-docs-2.8.2-49 is installed OR apparmor-parser-2.8.2-49 is installed OR apparmor-profiles-2.8.2-49 is installed OR apparmor-utils-2.8.2-49 is installed OR libapparmor1-2.8.2-49 is installed OR libapparmor1-32bit-2.8.2-49 is installed OR pam_apparmor-2.8.2-49 is installed OR pam_apparmor-32bit-2.8.2-49 is installed OR perl-apparmor-2.8.2-49 is installed Definition Synopsis SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1 is installed AND Package Information postgresql-12.0.1-8.14 is installed OR postgresql-test-12.0.1-8.14 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed AND Package Information exiv2-0.26-6.8 is installed OR libexiv2-26-0.26-6.8 is installed OR libexiv2-devel-0.26-6.8 is installed Definition Synopsis SUSE Linux Enterprise Module for Development Tools 15 is installed AND Package Information ImageMagick-7.0.7.34-3.27 is installed OR perl-PerlMagick-7.0.7.34-3.27 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-23-default-3-7 is installed OR kernel-livepatch-SLE15_Update_0-3-7 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-default-4.12.14-197.26 is installed OR kernel-default-livepatch-4.12.14-197.26 is installed OR kernel-default-livepatch-devel-4.12.14-197.26 is installed OR kernel-livepatch-4_12_14-197_26-default-1-3.5 is installed OR kernel-livepatch-SLE15-SP1_Update_7-1-3.5 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information rmt-server-2.5.7-3.15 is installed OR rmt-server-config-2.5.7-3.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information libjpeg-turbo-1.3.1-30 is installed OR libjpeg62-62.1.0-30 is installed OR libjpeg62-32bit-62.1.0-30 is installed OR libjpeg62-turbo-1.3.1-30 is installed OR libjpeg8-8.0.2-30 is installed OR libjpeg8-32bit-8.0.2-30 is installed OR libturbojpeg0-8.0.2-30 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_45-default-4-2 is installed OR kgraft-patch-3_12_74-60_64_45-xen-4-2 is installed OR kgraft-patch-SLE12-SP1_Update_16-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information cups-1.7.5-12 is installed OR cups-client-1.7.5-12 is installed OR cups-libs-1.7.5-12 is installed OR cups-libs-32bit-1.7.5-12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information glibc-2.22-62.13 is installed OR glibc-32bit-2.22-62.13 is installed OR glibc-devel-2.22-62.13 is installed OR glibc-devel-32bit-2.22-62.13 is installed OR glibc-html-2.22-62.13 is installed OR glibc-i18ndata-2.22-62.13 is installed OR glibc-info-2.22-62.13 is installed OR glibc-locale-2.22-62.13 is installed OR glibc-locale-32bit-2.22-62.13 is installed OR glibc-profile-2.22-62.13 is installed OR glibc-profile-32bit-2.22-62.13 is installed OR nscd-2.22-62.13 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information libjavascriptcoregtk-4_0-18-2.24.4-2.47 is installed OR libwebkit2gtk-4_0-37-2.24.4-2.47 is installed OR libwebkit2gtk3-lang-2.24.4-2.47 is installed OR typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47 is installed OR typelib-1_0-WebKit2-4_0-2.24.4-2.47 is installed OR typelib-1_0-WebKit2WebExtension-4_0-2.24.4-2.47 is installed OR webkit2gtk-4_0-injected-bundles-2.24.4-2.47 is installed OR webkit2gtk3-2.24.4-2.47 is installed OR webkit2gtk3-devel-2.24.4-2.47 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_121-92_80-default-4-2 is installed OR kgraft-patch-SLE12-SP2_Update_22-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information apache2-mod_apparmor-2.8.2-49 is installed OR apparmor-docs-2.8.2-49 is installed OR apparmor-parser-2.8.2-49 is installed OR apparmor-profiles-2.8.2-49 is installed OR apparmor-utils-2.8.2-49 is installed OR libapparmor1-2.8.2-49 is installed OR libapparmor1-32bit-2.8.2-49 is installed OR pam_apparmor-2.8.2-49 is installed OR pam_apparmor-32bit-2.8.2-49 is installed OR perl-apparmor-2.8.2-49 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND sudo-1.8.20p2-3.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information ghostscript-9.27-23.28 is installed OR ghostscript-x11-9.27-23.28 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_176-94_88-default-6-2 is installed OR kgraft-patch-SLE12-SP3_Update_24-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND libcares2-1.9.1-9.4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libXext6-1.3.2-4.3 is installed OR libXext6-32bit-1.3.2-4.3 is installed Definition Synopsis SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information dpdk-18.11.3-3.19 is installed OR dpdk-devel-18.11.3-3.19 is installed OR dpdk-kmp-default-18.11.3_k4.12.14_150.47-3.19 is installed OR dpdk-thunderx-18.11.3-3.19 is installed OR dpdk-thunderx-devel-18.11.3-3.19 is installed OR dpdk-thunderx-kmp-default-18.11.3_k4.12.14_150.47-3.19 is installed OR dpdk-tools-18.11.3-3.19 is installed OR libdpdk-18_11-18.11.3-3.19 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information kernel-default-4.12.14-150.27 is installed OR kernel-default-extra-4.12.14-150.27 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND ucode-intel-20180703-13.25 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libpython2_7-1_0-2.7.13-28.31 is installed OR libpython2_7-1_0-32bit-2.7.13-28.31 is installed OR python-2.7.13-28.31 is installed OR python-32bit-2.7.13-28.31 is installed OR python-base-2.7.13-28.31 is installed OR python-base-32bit-2.7.13-28.31 is installed OR python-curses-2.7.13-28.31 is installed OR python-demo-2.7.13-28.31 is installed OR python-devel-2.7.13-28.31 is installed OR python-doc-2.7.13-28.31 is installed OR python-doc-pdf-2.7.13-28.31 is installed OR python-gdbm-2.7.13-28.31 is installed OR python-idle-2.7.13-28.31 is installed OR python-tk-2.7.13-28.31 is installed OR python-xml-2.7.13-28.31 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND nodejs6-6.14.3-11.15 is installed
BACK