OVAL Reference oval:org.opensuse.security:def:56488

Oval Definition:

oval:org.opensuse.security:def:56488

Revision Date:	2020-12-01	Version:	1
Title:	Security update for file (Moderate)
Description:	The GNU file utility was updated to version 5.22. Security issues fixed: - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) Version update to file version 5.22 add indirect relative for TIFF/Exif * restructure elf note printing to avoid repeated messages * add note limit, suggested by Alexander Cherepanov * Bail out on partial pread()'s (Alexander Cherepanov) * Fix incorrect bounds check in file_printable (Alexander Cherepanov) * PR/405: ignore SIGPIPE from uncompress programs * change printable -> file_printable and use it in more places for safety * in ELF, instead of '(uses dynamic libraries)' when PT_INTERP is present print the interpreter name. Version update to file version 5.21 there was an incorrect free in magic_load_buffers() * there was an out of bounds read for some pascal strings * there was a memory leak in magic lists * don't interpret strings printed from files using the current locale, convert them to ascii format first. * there was an out of bounds read in elf note reads Update to file version 5.20 recognize encrypted CDF documents * add magic_load_buffers from Brooks Davis * add thumbs.db support Additional non-security bug fixes: Fixed a memory corruption during rpmbuild (bsc#1063269) * Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) * file command throws 'Composite Document File V2 Document, corrupt: Can't read SSAT' error against excel 97/2003 file format. (bsc#1009966)
Family:	unix	Class:	patch
Status:		Reference(s):	1009966 1032248 1040311 1040312 1040313 1042419 1050577 1050578 1050579 1050581 1055960 1058565 1058622 1058624 1063269 1064016 1065892 1076957 1092874 1094932 1096748 1099162 1101644 1101645 1101651 1101656 1104199 1106812 1133191 1136446 1137597 1160968 1162972 854512 906574 910252 910253 913650 913651 917152 924960 932386 933288 933878 936227 942865 957566 957567 957598 957600 960837 971741 972127 983232 983234 983253 983259 983292 983305 983308 983521 983523 983527 983533 983739 983746 983752 983774 983794 983796 983799 983803 984014 984018 984023 984028 984032 984035 984135 984137 984142 984144 984145 984149 984150 984160 984166 984172 984179 984181 984183 984184 984185 984186 984187 984191 984193 984370 984372 984373 984374 984375 984379 984394 984398 984400 984401 984404 984406 984408 984409 984427 984433 984436 985442 985448 985451 985456 985460 986608 986609 996511 CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-1885 CVE-2009-3241 CVE-2009-3242 CVE-2009-3243 CVE-2010-1455 CVE-2010-2993 CVE-2010-3445 CVE-2010-4300 CVE-2010-4301 CVE-2010-4494 CVE-2010-4538 CVE-2011-0024 CVE-2011-0538 CVE-2011-0713 CVE-2011-1138 CVE-2011-1139 CVE-2011-1140 CVE-2011-1143 CVE-2011-1590 CVE-2011-1591 CVE-2011-1592 CVE-2011-1944 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-3266 CVE-2011-3360 CVE-2011-3483 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3548 CVE-2012-4048 CVE-2012-4049 CVE-2012-4285 CVE-2012-4286 CVE-2012-4287 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4294 CVE-2012-4295 CVE-2012-4296 CVE-2012-4297 CVE-2012-4298 CVE-2012-5134 CVE-2012-5237 CVE-2012-5238 CVE-2012-5239 CVE-2012-5240 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 CVE-2013-0338 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 CVE-2013-1969 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 CVE-2013-3555 CVE-2013-3556 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3561 CVE-2013-3562 CVE-2013-4083 CVE-2013-4920 CVE-2013-4921 CVE-2013-4922 CVE-2013-4923 CVE-2013-4924 CVE-2013-4925 CVE-2013-4926 CVE-2013-4927 CVE-2013-4928 CVE-2013-4929 CVE-2013-4930 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-4936 CVE-2013-5717 CVE-2013-5718 CVE-2013-5719 CVE-2013-5720 CVE-2013-5721 CVE-2013-5722 CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 CVE-2014-0191 CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 CVE-2014-2907 CVE-2014-3589 CVE-2014-3598 CVE-2014-3660 CVE-2014-4020 CVE-2014-5161 CVE-2014-5162 CVE-2014-5163 CVE-2014-5164 CVE-2014-5165 CVE-2014-8116 CVE-2014-8117 CVE-2014-8964 CVE-2014-9620 CVE-2014-9621 CVE-2014-9653 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9825 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9842 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9852 CVE-2014-9853 CVE-2014-9854 CVE-2015-0252 CVE-2015-0559 CVE-2015-0560 CVE-2015-0561 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 CVE-2015-1819 CVE-2015-2188 CVE-2015-2189 CVE-2015-2191 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 CVE-2015-3814 CVE-2015-5073 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2015-8380 CVE-2015-8381 CVE-2015-8382 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8387 CVE-2015-8388 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8392 CVE-2015-8393 CVE-2015-8394 CVE-2015-8395 CVE-2015-8710 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2016-10708 CVE-2016-1283 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3191 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 CVE-2017-12595 CVE-2017-2669 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 CVE-2018-10861 CVE-2018-10915 CVE-2018-1128 CVE-2018-1129 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 CVE-2019-4732 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 SUSE-SU-2016:1784-1 SUSE-SU-2016:3161-1 SUSE-SU-2017:1250-1 SUSE-SU-2017:2971-1 SUSE-SU-2017:3048-1 SUSE-SU-2018:2478-1 SUSE-SU-2018:2530-1 SUSE-SU-2018:3064-1 SUSE-SU-2018:3066-1 SUSE-SU-2018:3909-1 SUSE-SU-2019:1668-1 SUSE-SU-2020:0528-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information gnome-online-accounts-3.26.2-lp150.3 is installed OR gnome-online-accounts-lang-3.26.2-lp150.3 is installed OR libgoa-1_0-0-3.26.2-lp150.3 is installed OR libgoa-backend-1_0-1-3.26.2-lp150.3 is installed OR typelib-1_0-Goa-1_0-3.26.2-lp150.3 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information ImageMagick-7.0.7.34-lp151.7.3 is installed OR ImageMagick-config-7-SUSE-7.0.7.34-lp151.7.3 is installed OR ImageMagick-config-7-upstream-7.0.7.34-lp151.7.3 is installed OR ImageMagick-devel-7.0.7.34-lp151.7.3 is installed OR ImageMagick-devel-32bit-7.0.7.34-lp151.7.3 is installed OR ImageMagick-doc-7.0.7.34-lp151.7.3 is installed OR ImageMagick-extra-7.0.7.34-lp151.7.3 is installed OR libMagick++-7_Q16HDRI4-7.0.7.34-lp151.7.3 is installed OR libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp151.7.3 is installed OR libMagick++-devel-7.0.7.34-lp151.7.3 is installed OR libMagick++-devel-32bit-7.0.7.34-lp151.7.3 is installed OR libMagickCore-7_Q16HDRI6-7.0.7.34-lp151.7.3 is installed OR libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.3 is installed OR libMagickWand-7_Q16HDRI6-7.0.7.34-lp151.7.3 is installed OR libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.3 is installed OR perl-PerlMagick-7.0.7.34-lp151.7.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information file-5.22-10.3 is installed OR file-magic-5.22-10.3 is installed OR libmagic1-5.22-10.3 is installed OR libmagic1-32bit-5.22-10.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information libxerces-c-3_1-3.1.1-4 is installed OR libxerces-c-3_1-32bit-3.1.1-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information postgresql94-9.4.19-21.22 is installed OR postgresql94-contrib-9.4.19-21.22 is installed OR postgresql94-docs-9.4.19-21.22 is installed OR postgresql94-server-9.4.19-21.22 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libxml2-2-2.9.4-27 is installed OR libxml2-2-32bit-2.9.4-27 is installed OR libxml2-doc-2.9.4-27 is installed OR libxml2-tools-2.9.4-27 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information kernel-firmware-20170530-21.22 is installed OR ucode-amd-20170530-21.22 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information MozillaFirefox-52.8.1esr-109.34 is installed OR MozillaFirefox-devel-52.8.1esr-109.34 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_90-92_45-default-8-2 is installed OR kgraft-patch-SLE12-SP2_Update_14-8-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND davfs2-1.5.2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information java-1_7_0-openjdk-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-demo-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-devel-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-headless-1.7.0.241-43.30 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libjavascriptcoregtk-4_0-18-2.28.2-2.53 is installed OR libwebkit2gtk-4_0-37-2.28.2-2.53 is installed OR typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53 is installed OR typelib-1_0-WebKit2-4_0-2.28.2-2.53 is installed OR webkit2gtk-4_0-injected-bundles-2.28.2-2.53 is installed OR webkit2gtk3-2.28.2-2.53 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information dhcp-4.3.3-10.14 is installed OR dhcp-client-4.3.3-10.14 is installed OR dhcp-relay-4.3.3-10.14 is installed OR dhcp-server-4.3.3-10.14 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND python-Pillow-2.7.0-1 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information openssh-7.2p2-74.25 is installed OR openssh-askpass-gnome-7.2p2-74.25 is installed OR openssh-fips-7.2p2-74.25 is installed OR openssh-helpers-7.2p2-74.25 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information libvirglrenderer0-0.5.0-12.3 is installed OR virglrenderer-0.5.0-12.3 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libopenssl-devel-1.0.2j-60.60 is installed OR libopenssl1_0_0-1.0.2j-60.60 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.60 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.60 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.60 is installed OR openssl-1.0.2j-60.60 is installed OR openssl-doc-1.0.2j-60.60 is installed

BACK