Oval Definition:	oval:org.opensuse.security:def:52342
Revision Date: 2020-12-01 Version: 1 Title: Security update for libexif (Moderate) Description: This update for libexif to 0.6.22 fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER Family: unix Class: patch Status: Reference(s): 1055857 1059893 1085416 1087240 1103557 1104918 1112028 1116708 1117963 1117964 1117965 1117966 1117967 1120498 1120499 1120500 1120507 1120515 1120516 1120517 1120519 1120943 1160770 1171475 1171847 1172105 1172116 1172121 1174538 1176262 1178611 CVE-2008-0928 CVE-2008-1945 CVE-2008-2382 CVE-2008-4539 CVE-2008-4989 CVE-2010-3430 CVE-2010-3431 CVE-2010-3853 CVE-2011-0460 CVE-2011-0523 CVE-2011-0524 CVE-2011-1006 CVE-2011-1022 CVE-2011-2709 CVE-2011-3148 CVE-2011-3149 CVE-2011-4128 CVE-2012-0390 CVE-2012-1569 CVE-2012-1573 CVE-2012-3515 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-4544 CVE-2013-6399 CVE-2014-0092 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0150 CVE-2014-0182 CVE-2014-0222 CVE-2014-0223 CVE-2014-1545 CVE-2014-1959 CVE-2014-2583 CVE-2014-3461 CVE-2014-3466 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-2924 CVE-2015-3209 CVE-2015-3456 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5276 CVE-2015-5278 CVE-2015-5279 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2016-0764 CVE-2016-6328 CVE-2017-7544 CVE-2018-0886 CVE-2018-1000852 CVE-2018-20030 CVE-2018-20337 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 CVE-2019-20916 CVE-2019-9278 CVE-2020-0093 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 CVE-2020-15652 CVE-2020-15659 CVE-2020-26950 CVE-2020-6463 CVE-2020-6514 SUSE-SU-2019:0133-1 SUSE-SU-2019:0539-1 SUSE-SU-2020:2784-1 SUSE-SU-2020:3418-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information gnutls-3.6.2-lp150.3 is installed OR libgnutls-dane0-3.6.2-lp150.3 is installed OR libgnutls30-3.6.2-lp150.3 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libu2f-host-1.1.6-lp151.2.3 is installed OR libu2f-host-devel-1.1.6-lp151.2.3 is installed OR libu2f-host-doc-1.1.6-lp151.2.3 is installed OR libu2f-host0-1.1.6-lp151.2.3 is installed OR u2f-host-1.1.6-lp151.2.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND libssh2-0.2-5.18 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND cabextract-1.2-2.10 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND vorbis-tools-1.1.1-174 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information gnutls-3.2.15-1 is installed OR libgnutls28-3.2.15-1 is installed OR libgnutls28-32bit-3.2.15-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information qemu-2.3.1-5 is installed OR qemu-block-curl-2.3.1-5 is installed OR qemu-ipxe-1.0.0-5 is installed OR qemu-kvm-2.3.1-5 is installed OR qemu-seabios-1.8.1-5 is installed OR qemu-sgabios-8-5 is installed OR qemu-tools-2.3.1-5 is installed OR qemu-vgabios-1.8.1-5 is installed OR qemu-x86-2.3.1-5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND libcgroup1-0.41.rc1-4 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND kbd-1.15.5-8.7 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information NetworkManager-1.0.12-13.6 is installed OR NetworkManager-lang-1.0.12-13.6 is installed OR libnm-glib-vpn1-1.0.12-13.6 is installed OR libnm-glib4-1.0.12-13.6 is installed OR libnm-util2-1.0.12-13.6 is installed OR libnm0-1.0.12-13.6 is installed OR typelib-1_0-NM-1_0-1.0.12-13.6 is installed OR typelib-1_0-NMClient-1_0-1.0.12-13.6 is installed OR typelib-1_0-NetworkManager-1_0-1.0.12-13.6 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information libexif-0.6.22-5.6 is installed OR libexif-devel-32bit-0.6.22-5.6 is installed OR libexif12-32bit-0.6.22-5.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND python-pyOpenSSL-0.14-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information java-1_8_0-openjdk-1.8.0.151-27.8 is installed OR java-1_8_0-openjdk-demo-1.8.0.151-27.8 is installed OR java-1_8_0-openjdk-devel-1.8.0.151-27.8 is installed OR java-1_8_0-openjdk-headless-1.8.0.151-27.8 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND patch-2.7.5-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information apache2-2.4.23-29.27 is installed OR apache2-doc-2.4.23-29.27 is installed OR apache2-example-pages-2.4.23-29.27 is installed OR apache2-prefork-2.4.23-29.27 is installed OR apache2-utils-2.4.23-29.27 is installed OR apache2-worker-2.4.23-29.27 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information perl-5.18.2-12.14 is installed OR perl-32bit-5.18.2-12.14 is installed OR perl-base-5.18.2-12.14 is installed OR perl-doc-5.18.2-12.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND dnsmasq-2.76-17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libssh2-1-1.4.3-20.14 is installed OR libssh2-1-32bit-1.4.3-20.14 is installed OR libssh2_org-1.4.3-20.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_162-94_69-default-6-2 is installed OR kgraft-patch-SLE12-SP3_Update_21-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_178-94_91-default-3-2 is installed OR kgraft-patch-SLE12-SP3_Update_25-3-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND gd-2.1.0-24.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information bash-4.3-83.15 is installed OR bash-doc-4.3-83.15 is installed OR libreadline6-6.3-83.15 is installed OR libreadline6-32bit-6.3-83.15 is installed OR readline-doc-6.3-83.15 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information python-pip-10.0.1-3.3 is installed OR python2-pip-10.0.1-3.3 is installed OR python3-pip-10.0.1-3.3 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information libraw-0.18.9-3.8 is installed OR libraw-devel-0.18.9-3.8 is installed OR libraw16-0.18.9-3.8 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information MozillaThunderbird-78.4.2-3.103 is installed OR MozillaThunderbird-translations-common-78.4.2-3.103 is installed OR MozillaThunderbird-translations-other-78.4.2-3.103 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information libdcerpc-binding0-4.4.2-38.20 is installed OR libdcerpc-binding0-32bit-4.4.2-38.20 is installed OR libdcerpc0-4.4.2-38.20 is installed OR libdcerpc0-32bit-4.4.2-38.20 is installed OR libndr-krb5pac0-4.4.2-38.20 is installed OR libndr-krb5pac0-32bit-4.4.2-38.20 is installed OR libndr-nbt0-4.4.2-38.20 is installed OR libndr-nbt0-32bit-4.4.2-38.20 is installed OR libndr-standard0-4.4.2-38.20 is installed OR libndr-standard0-32bit-4.4.2-38.20 is installed OR libndr0-4.4.2-38.20 is installed OR libndr0-32bit-4.4.2-38.20 is installed OR libnetapi0-4.4.2-38.20 is installed OR libnetapi0-32bit-4.4.2-38.20 is installed OR libsamba-credentials0-4.4.2-38.20 is installed OR libsamba-credentials0-32bit-4.4.2-38.20 is installed OR libsamba-errors0-4.4.2-38.20 is installed OR libsamba-errors0-32bit-4.4.2-38.20 is installed OR libsamba-hostconfig0-4.4.2-38.20 is installed OR libsamba-hostconfig0-32bit-4.4.2-38.20 is installed OR libsamba-passdb0-4.4.2-38.20 is installed OR libsamba-passdb0-32bit-4.4.2-38.20 is installed OR libsamba-util0-4.4.2-38.20 is installed OR libsamba-util0-32bit-4.4.2-38.20 is installed OR libsamdb0-4.4.2-38.20 is installed OR libsamdb0-32bit-4.4.2-38.20 is installed OR libsmbclient0-4.4.2-38.20 is installed OR libsmbclient0-32bit-4.4.2-38.20 is installed OR libsmbconf0-4.4.2-38.20 is installed OR libsmbconf0-32bit-4.4.2-38.20 is installed OR libsmbldap0-4.4.2-38.20 is installed OR libsmbldap0-32bit-4.4.2-38.20 is installed OR libtevent-util0-4.4.2-38.20 is installed OR libtevent-util0-32bit-4.4.2-38.20 is installed OR libwbclient0-4.4.2-38.20 is installed OR libwbclient0-32bit-4.4.2-38.20 is installed OR samba-4.4.2-38.20 is installed OR samba-client-4.4.2-38.20 is installed OR samba-client-32bit-4.4.2-38.20 is installed OR samba-doc-4.4.2-38.20 is installed OR samba-libs-4.4.2-38.20 is installed OR samba-libs-32bit-4.4.2-38.20 is installed OR samba-winbind-4.4.2-38.20 is installed OR samba-winbind-32bit-4.4.2-38.20 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information perl-5.18.2-12.20 is installed OR perl-32bit-5.18.2-12.20 is installed OR perl-base-5.18.2-12.20 is installed OR perl-doc-5.18.2-12.20 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information glib2-2.48.2-12.15 is installed OR glib2-lang-2.48.2-12.15 is installed OR glib2-tools-2.48.2-12.15 is installed OR libgio-2_0-0-2.48.2-12.15 is installed OR libgio-2_0-0-32bit-2.48.2-12.15 is installed OR libglib-2_0-0-2.48.2-12.15 is installed OR libglib-2_0-0-32bit-2.48.2-12.15 is installed OR libgmodule-2_0-0-2.48.2-12.15 is installed OR libgmodule-2_0-0-32bit-2.48.2-12.15 is installed OR libgobject-2_0-0-2.48.2-12.15 is installed OR libgobject-2_0-0-32bit-2.48.2-12.15 is installed OR libgthread-2_0-0-2.48.2-12.15 is installed OR libgthread-2_0-0-32bit-2.48.2-12.15 is installed
BACK