Oval Definition:oval:org.opensuse.security:def:56670
Revision Date:2020-12-01Version:1
Title:Security update for exiv2 (Moderate)
Description:

This update for exiv2 fixes the following issues:

- CVE-2017-11591: A floating point exception in the Exiv2::ValueType function could lead to a remote denial of service attack via crafted input. (bsc#1050257) - CVE-2017-14864: An invalid memory address dereference was discovered in Exiv2::getULong in types.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060995) - CVE-2017-14862: An invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060996) - CVE-2017-14859: An invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1061000) - CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp that could lead to a remote denial of service attack via crafted input. (bsc#1051188) - CVE-2017-17669: There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A crafted PNG file would lead to a remote denial of service attack. (bsc#1072928) - CVE-2018-10958: In types.cpp a large size value might have lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. (bsc#1092952) - CVE-2018-10998: readMetadata in jp2image.cpp allowed remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. (bsc#1093095) - CVE-2018-11531: Exiv2 had a heap-based buffer overflow in getData in preview.cpp. (bsc#1095070)

Family:unixClass:patch
Status:Reference(s):1001367
1001459
1003800
1004477
1005555
1005558
1005562
1005564
1005566
1005569
1005581
1005582
1006539
1008318
1012985
1022043
1023287
1027149
1028217
1030531
1030552
1031515
1033960
1034405
1035531
1035738
1037182
1037183
1037994
1038544
1038564
1038879
1038883
1038981
1038982
1039348
1039354
1039456
1039721
1039864
1039882
1039883
1039885
1040069
1041160
1041429
1041431
1042696
1042832
1042863
1044125
1045327
1045487
1045922
1046107
1048275
1048788
1049645
1049882
1050257
1051188
1053148
1053152
1053317
1055478
1056588
1056982
1057179
1058410
1058507
1058524
1059863
1060445
1060995
1060996
1061000
1061005
1062471
1062520
1063667
1064388
1068032
1070737
1072928
1082318
1085967
1088200
1092952
1093095
1095070
1101820
1109756
1111657
1113534
1113652
1113969
1117625
1117626
1117627
1117629
1117630
1128828
1138748
1142614
1149792
1153108
1156334
774666
856774
860250
863764
878240
917427
922855
922871
946148
952539
954126
954519
955493
955609
956631
961642
961645
962075
981848
986924
990890
993099
994364
CVE-2015-1545
CVE-2015-1546
CVE-2015-6908
CVE-2015-8370
CVE-2016-0728
CVE-2016-0777
CVE-2016-0778
CVE-2016-3492
CVE-2016-5584
CVE-2016-5624
CVE-2016-5626
CVE-2016-5629
CVE-2016-6663
CVE-2016-7440
CVE-2016-8283
CVE-2017-1000363
CVE-2017-1000365
CVE-2017-1000380
CVE-2017-10661
CVE-2017-11176
CVE-2017-11591
CVE-2017-11683
CVE-2017-12153
CVE-2017-12154
CVE-2017-12762
CVE-2017-13080
CVE-2017-14051
CVE-2017-14106
CVE-2017-14140
CVE-2017-14859
CVE-2017-14862
CVE-2017-14864
CVE-2017-15265
CVE-2017-15274
CVE-2017-15649
CVE-2017-17669
CVE-2017-2592
CVE-2017-5715
CVE-2017-7482
CVE-2017-7487
CVE-2017-7518
CVE-2017-7541
CVE-2017-7542
CVE-2017-7793
CVE-2017-7805
CVE-2017-7810
CVE-2017-7814
CVE-2017-7818
CVE-2017-7819
CVE-2017-7823
CVE-2017-7824
CVE-2017-7825
CVE-2017-7889
CVE-2017-8831
CVE-2017-8890
CVE-2017-8924
CVE-2017-8925
CVE-2017-9074
CVE-2017-9075
CVE-2017-9076
CVE-2017-9077
CVE-2017-9242
CVE-2018-0734
CVE-2018-10903
CVE-2018-10958
CVE-2018-10998
CVE-2018-11531
CVE-2018-12116
CVE-2018-12120
CVE-2018-12121
CVE-2018-12122
CVE-2018-12123
CVE-2018-16468
CVE-2018-5407
CVE-2018-8048
CVE-2018-9256
CVE-2018-9259
CVE-2018-9260
CVE-2018-9261
CVE-2018-9262
CVE-2018-9263
CVE-2018-9264
CVE-2018-9265
CVE-2018-9266
CVE-2018-9267
CVE-2018-9268
CVE-2018-9269
CVE-2018-9270
CVE-2018-9271
CVE-2018-9272
CVE-2018-9273
CVE-2018-9274
CVE-2019-10220
CVE-2019-15917
CVE-2019-9893
SUSE-SU-2015:2387-1
SUSE-SU-2016:0118-1
SUSE-SU-2016:0186-1
SUSE-SU-2016:2933-1
SUSE-SU-2017:2688-1
SUSE-SU-2017:2908-1
SUSE-SU-2018:0041-1
SUSE-SU-2018:0981-1
SUSE-SU-2018:3882-1
SUSE-SU-2018:3924-1
SUSE-SU-2019:0394-1
SUSE-SU-2019:0395-1
SUSE-SU-2019:2941-1
SUSE-SU-2019:3233-1
SUSE-SU-2020:0790-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND less-530-lp150.1 is installed
  • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • evince-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • OR evince-devel-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • OR evince-lang-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • OR evince-plugin-comicsdocument-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • OR evince-plugin-djvudocument-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • OR evince-plugin-dvidocument-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • OR evince-plugin-pdfdocument-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • OR evince-plugin-psdocument-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • OR evince-plugin-tiffdocument-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • OR evince-plugin-xpsdocument-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • OR libevdocument3-4-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • OR libevview3-3-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • OR nautilus-evince-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • OR typelib-1_0-EvinceDocument-3_0-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • OR typelib-1_0-EvinceView-3_0-3.26.0+20180128.1bd86963-lp151.4.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • exiv2-0.23-12.5 is installed
  • OR libexiv2-12-0.23-12.5 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • grub2-2.02~beta2-73 is installed
  • OR grub2-i386-pc-2.02~beta2-73 is installed
  • OR grub2-powerpc-ieee1275-2.02~beta2-73 is installed
  • OR grub2-s390x-emu-2.02~beta2-73 is installed
  • OR grub2-snapper-plugin-2.02~beta2-73 is installed
  • OR grub2-x86_64-efi-2.02~beta2-73 is installed
  • OR grub2-x86_64-xen-2.02~beta2-73 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kernel-default-3.12.74-60.64.63 is installed
  • OR kernel-default-base-3.12.74-60.64.63 is installed
  • OR kernel-default-devel-3.12.74-60.64.63 is installed
  • OR kernel-default-man-3.12.74-60.64.63 is installed
  • OR kernel-devel-3.12.74-60.64.63 is installed
  • OR kernel-macros-3.12.74-60.64.63 is installed
  • OR kernel-source-3.12.74-60.64.63 is installed
  • OR kernel-syms-3.12.74-60.64.63 is installed
  • OR kernel-xen-3.12.74-60.64.63 is installed
  • OR kernel-xen-base-3.12.74-60.64.63 is installed
  • OR kernel-xen-devel-3.12.74-60.64.63 is installed
  • OR kgraft-patch-3_12_74-60_64_63-default-1-2 is installed
  • OR kgraft-patch-3_12_74-60_64_63-xen-1-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_22-1-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libldap-2_4-2-2.4.41-18.25 is installed
  • OR libldap-2_4-2-32bit-2.4.41-18.25 is installed
  • OR openldap2-2.4.41-18.25 is installed
  • OR openldap2-back-meta-2.4.41-18.25 is installed
  • OR openldap2-client-2.4.41-18.25 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • libsqlite3-0-3.8.10.2-9.9 is installed
  • OR libsqlite3-0-32bit-3.8.10.2-9.9 is installed
  • OR sqlite3-3.8.10.2-9.9 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libzypp-16.17.20-27.52 is installed
  • OR zypper-1.13.45-18.33 is installed
  • OR zypper-log-1.13.45-18.33 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kernel-firmware-20170530-21.22 is installed
  • OR ucode-amd-20170530-21.22 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND hyper-v-7-13 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libecpg6-10.9-1.12 is installed
  • OR libpq5-10.9-1.12 is installed
  • OR libpq5-32bit-10.9-1.12 is installed
  • OR postgresql10-10.9-1.12 is installed
  • OR postgresql10-contrib-10.9-1.12 is installed
  • OR postgresql10-docs-10.9-1.12 is installed
  • OR postgresql10-libs-10.9-1.12 is installed
  • OR postgresql10-plperl-10.9-1.12 is installed
  • OR postgresql10-plpython-10.9-1.12 is installed
  • OR postgresql10-pltcl-10.9-1.12 is installed
  • OR postgresql10-server-10.9-1.12 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kernel-default-4.4.180-94.103 is installed
  • OR kernel-default-base-4.4.180-94.103 is installed
  • OR kernel-default-devel-4.4.180-94.103 is installed
  • OR kernel-default-man-4.4.180-94.103 is installed
  • OR kernel-devel-4.4.180-94.103 is installed
  • OR kernel-macros-4.4.180-94.103 is installed
  • OR kernel-source-4.4.180-94.103 is installed
  • OR kernel-syms-4.4.180-94.103 is installed
  • OR kgraft-patch-4_4_180-94_103-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_28-1-4.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • glib2-lang-2.48.2-10 is installed
  • OR glib2-tools-2.48.2-10 is installed
  • OR libgio-2_0-0-2.48.2-10 is installed
  • OR libgio-2_0-0-32bit-2.48.2-10 is installed
  • OR libglib-2_0-0-2.48.2-10 is installed
  • OR libglib-2_0-0-32bit-2.48.2-10 is installed
  • OR libgmodule-2_0-0-2.48.2-10 is installed
  • OR libgmodule-2_0-0-32bit-2.48.2-10 is installed
  • OR libgobject-2_0-0-2.48.2-10 is installed
  • OR libgobject-2_0-0-32bit-2.48.2-10 is installed
  • OR libgthread-2_0-0-2.48.2-10 is installed
  • OR libgthread-2_0-0-32bit-2.48.2-10 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • MozillaFirefox-52.4.0esr-109.6 is installed
  • OR MozillaFirefox-devel-52.4.0esr-109.6 is installed
  • OR MozillaFirefox-translations-52.4.0esr-109.6 is installed
  • OR libfreebl3-3.29.5-58.3 is installed
  • OR libfreebl3-32bit-3.29.5-58.3 is installed
  • OR libfreebl3-hmac-3.29.5-58.3 is installed
  • OR libfreebl3-hmac-32bit-3.29.5-58.3 is installed
  • OR libsoftokn3-3.29.5-58.3 is installed
  • OR libsoftokn3-32bit-3.29.5-58.3 is installed
  • OR libsoftokn3-hmac-3.29.5-58.3 is installed
  • OR libsoftokn3-hmac-32bit-3.29.5-58.3 is installed
  • OR mozilla-nss-3.29.5-58.3 is installed
  • OR mozilla-nss-32bit-3.29.5-58.3 is installed
  • OR mozilla-nss-certs-3.29.5-58.3 is installed
  • OR mozilla-nss-certs-32bit-3.29.5-58.3 is installed
  • OR mozilla-nss-devel-3.29.5-58.3 is installed
  • OR mozilla-nss-sysinit-3.29.5-58.3 is installed
  • OR mozilla-nss-sysinit-32bit-3.29.5-58.3 is installed
  • OR mozilla-nss-tools-3.29.5-58.3 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • python-oslo.cache-1.14.1-3.3 is installed
  • OR python-oslo.concurrency-3.14.1-3.3 is installed
  • OR python-oslo.db-4.13.6-3.3 is installed
  • OR python-oslo.log-3.16.1-3.3 is installed
  • OR python-oslo.messaging-5.10.2-3.6 is installed
  • OR python-oslo.middleware-3.19.1-4.3 is installed
  • OR python-oslo.serialization-2.13.2-3.3 is installed
  • OR python-oslo.service-1.16.1-3.3 is installed
  • OR python-oslo.utils-3.16.1-3.3 is installed
  • OR python-oslo.versionedobjects-1.17.1-3.3 is installed
  • OR python-oslo.vmware-2.14.1-3.3 is installed
  • OR python-oslotest-2.10.1-3.3 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • crowbar-core-5.0+git.1585575551.16781d00d-3.38 is installed
  • OR crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38 is installed
  • OR crowbar-ha-5.0+git.1585316176.344190f-3.32 is installed
  • OR crowbar-openstack-5.0+git.1585304226.2164b7895-4.37 is installed
  • OR documentation-suse-openstack-cloud-deployment-8.20200319-1.23 is installed
  • OR documentation-suse-openstack-cloud-supplement-8.20200319-1.23 is installed
  • OR documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23 is installed
  • OR documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23 is installed
  • OR memcached-1.5.17-3.3 is installed
  • OR openstack-manila-5.1.1~dev5-3.26 is installed
  • OR openstack-manila-api-5.1.1~dev5-3.26 is installed
  • OR openstack-manila-data-5.1.1~dev5-3.26 is installed
  • OR openstack-manila-doc-5.1.1~dev5-3.26 is installed
  • OR openstack-manila-scheduler-5.1.1~dev5-3.26 is installed
  • OR openstack-manila-share-5.1.1~dev5-3.26 is installed
  • OR openstack-neutron-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-dhcp-agent-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-doc-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-ha-tool-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-l3-agent-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-macvtap-agent-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-metadata-agent-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-metering-agent-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-server-11.0.9~dev63-3.30 is installed
  • OR openstack-nova-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-api-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-cells-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-compute-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-conductor-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-console-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-consoleauth-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-doc-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-novncproxy-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-placement-api-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-scheduler-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-serialproxy-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-vncproxy-16.1.9~dev61-3.35 is installed
  • OR python-amqp-2.4.2-3.9 is installed
  • OR python-manila-5.1.1~dev5-3.26 is installed
  • OR python-neutron-11.0.9~dev63-3.30 is installed
  • OR python-nova-16.1.9~dev61-3.35 is installed
  • OR ruby2.1-rubygem-puma-2.16.0-3.6 is installed
  • OR rubygem-puma-2.16.0-3.6 is installed
  • OR zookeeper-3.4.10-3.6 is installed
  • OR zookeeper-server-3.4.10-3.6 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-Django1-1.11.20-3.3 is installed
  • BACK