Oval Definition:oval:org.opensuse.security:def:56856
Revision Date:2020-12-01Version:1
Title:Security update for podofo (Moderate)
Description:

This update for podofo fixes the following issues:

These security issues were fixed:

- CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772) - CVE-2018-5295: Prevent integer overflow in the PdfXRefStreamParserObject::ParseStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075026). - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5309: Prevent integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075322). - CVE-2018-5296: Prevent uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075021). - CVE-2017-7381: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032020). - CVE-2017-7382: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032021). - CVE-2017-7383: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032022). - CVE-2018-11256: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1096889). - CVE-2018-5783: Prevent uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function that allowed remote attackers to cause a denial of service via a crafted pdf file (bsc#1076962).

These non-security issues were fixed:

- Prevent regression caused by the fix for CVE-2017-8054. - Prevent NULL dereferences when 'Kids' array is missing (bsc#1096890) - Added to detect cycles and recursions in XRef tables
Family:unixClass:patch
Status:Reference(s):1005070
1005072
1005076
1005522
1005523
1005524
1005525
1005526
1005527
1005528
1007188
1018699
1018700
1018701
1018702
1027779
1032020
1032021
1032022
1035082
1043960
1045327
1057950
1075021
1075026
1075322
1075772
1076962
1096564
1096889
1096890
1097108
1097410
1099306
1099310
1100078
1106873
1109673
1113975
1117951
1119069
1119105
1127080
1132665
1166238
913058
971964
986566
988651
989980
998677
CVE-2015-2304
CVE-2015-2924
CVE-2015-7555
CVE-2016-0764
CVE-2016-10196
CVE-2016-3190
CVE-2016-3977
CVE-2016-5418
CVE-2016-5542
CVE-2016-5554
CVE-2016-5556
CVE-2016-5568
CVE-2016-5573
CVE-2016-5582
CVE-2016-5597
CVE-2016-5844
CVE-2016-6250
CVE-2016-6252
CVE-2016-6321
CVE-2016-8687
CVE-2016-8688
CVE-2016-8689
CVE-2016-9131
CVE-2016-9147
CVE-2016-9444
CVE-2017-1000251
CVE-2017-11600
CVE-2017-15274
CVE-2017-5429
CVE-2017-5430
CVE-2017-5432
CVE-2017-5433
CVE-2017-5434
CVE-2017-5435
CVE-2017-5436
CVE-2017-5438
CVE-2017-5439
CVE-2017-5440
CVE-2017-5441
CVE-2017-5442
CVE-2017-5443
CVE-2017-5444
CVE-2017-5445
CVE-2017-5446
CVE-2017-5447
CVE-2017-5448
CVE-2017-5449
CVE-2017-5451
CVE-2017-5454
CVE-2017-5455
CVE-2017-5456
CVE-2017-5459
CVE-2017-5460
CVE-2017-5461
CVE-2017-5462
CVE-2017-5464
CVE-2017-5465
CVE-2017-5466
CVE-2017-5467
CVE-2017-5469
CVE-2017-5470
CVE-2017-5472
CVE-2017-6845
CVE-2017-7381
CVE-2017-7382
CVE-2017-7383
CVE-2017-7749
CVE-2017-7750
CVE-2017-7751
CVE-2017-7752
CVE-2017-7754
CVE-2017-7755
CVE-2017-7756
CVE-2017-7757
CVE-2017-7758
CVE-2017-7761
CVE-2017-7763
CVE-2017-7764
CVE-2017-7765
CVE-2017-7768
CVE-2017-7778
CVE-2017-8054
CVE-2018-0495
CVE-2018-10853
CVE-2018-11256
CVE-2018-12384
CVE-2018-12404
CVE-2018-12405
CVE-2018-17407
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18498
CVE-2018-3646
CVE-2018-5295
CVE-2018-5296
CVE-2018-5308
CVE-2018-5309
CVE-2018-5783
CVE-2019-1559
CVE-2019-20503
CVE-2020-6805
CVE-2020-6806
CVE-2020-6807
CVE-2020-6811
CVE-2020-6812
CVE-2020-6814
SUSE-SU-2016:1100-1
SUSE-SU-2016:2887-1
SUSE-SU-2016:2896-1
SUSE-SU-2016:2911-1
SUSE-SU-2017:0111-1
SUSE-SU-2017:1669-1
SUSE-SU-2017:2788-1
SUSE-SU-2018:1997-1
SUSE-SU-2018:2355-1
SUSE-SU-2018:3033-2
SUSE-SU-2018:4236-1
SUSE-SU-2019:0393-1
SUSE-SU-2019:0803-1
SUSE-SU-2020:0717-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • gimp-2.8.22-lp150.3 is installed
  • OR gimp-lang-2.8.22-lp150.3 is installed
  • OR gimp-plugins-python-2.8.22-lp150.3 is installed
  • OR libgimp-2_0-0-2.8.22-lp150.3 is installed
  • OR libgimpui-2_0-0-2.8.22-lp150.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • evolution-3.26.6-lp151.4.3 is installed
  • OR evolution-devel-3.26.6-lp151.4.3 is installed
  • OR evolution-lang-3.26.6-lp151.4.3 is installed
  • OR evolution-plugin-bogofilter-3.26.6-lp151.4.3 is installed
  • OR evolution-plugin-pst-import-3.26.6-lp151.4.3 is installed
  • OR evolution-plugin-spamassassin-3.26.6-lp151.4.3 is installed
  • OR glade-catalog-evolution-3.26.6-lp151.4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • libpodofo0_9_2-0.9.2-3.6 is installed
  • OR podofo-0.9.2-3.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • MozillaFirefox-60.4.0esr-109.55 is installed
  • OR MozillaFirefox-translations-common-60.4.0esr-109.55 is installed
  • OR libfreebl3-3.40.1-58.18 is installed
  • OR libfreebl3-32bit-3.40.1-58.18 is installed
  • OR libsoftokn3-3.40.1-58.18 is installed
  • OR libsoftokn3-32bit-3.40.1-58.18 is installed
  • OR mozilla-nspr-4.20-19.6 is installed
  • OR mozilla-nspr-32bit-4.20-19.6 is installed
  • OR mozilla-nss-3.40.1-58.18 is installed
  • OR mozilla-nss-32bit-3.40.1-58.18 is installed
  • OR mozilla-nss-certs-3.40.1-58.18 is installed
  • OR mozilla-nss-certs-32bit-3.40.1-58.18 is installed
  • OR mozilla-nss-sysinit-3.40.1-58.18 is installed
  • OR mozilla-nss-sysinit-32bit-3.40.1-58.18 is installed
  • OR mozilla-nss-tools-3.40.1-58.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.111-17 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.111-17 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.111-17 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.111-17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • MozillaFirefox-52.2.0esr-108 is installed
  • OR MozillaFirefox-branding-SLE-52-31 is installed
  • OR MozillaFirefox-devel-52.2.0esr-108 is installed
  • OR MozillaFirefox-translations-52.2.0esr-108 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • giflib-progs-5.0.5-12 is installed
  • OR libgif6-5.0.5-12 is installed
  • OR libgif6-32bit-5.0.5-12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • libmysqlclient18-10.0.35-29.20 is installed
  • OR libmysqlclient18-32bit-10.0.35-29.20 is installed
  • OR mariadb-10.0.35-29.20 is installed
  • OR mariadb-client-10.0.35-29.20 is installed
  • OR mariadb-errormessages-10.0.35-29.20 is installed
  • OR mariadb-tools-10.0.35-29.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • openslp-2.0.0-18.17 is installed
  • OR openslp-32bit-2.0.0-18.17 is installed
  • OR openslp-server-2.0.0-18.17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • gpg2-2.0.24-9.3 is installed
  • OR gpg2-lang-2.0.24-9.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • MozillaFirefox-52.2.0esr-108 is installed
  • OR MozillaFirefox-translations-52.2.0esr-108 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • krb5-appl-1.0.3-3.3 is installed
  • OR krb5-appl-clients-1.0.3-3.3 is installed
  • OR krb5-appl-servers-1.0.3-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND sudo-1.8.20p2-3.14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • bind-9.9.9P1-63.17 is installed
  • OR bind-chrootenv-9.9.9P1-63.17 is installed
  • OR bind-doc-9.9.9P1-63.17 is installed
  • OR bind-libs-9.9.9P1-63.17 is installed
  • OR bind-libs-32bit-9.9.9P1-63.17 is installed
  • OR bind-utils-9.9.9P1-63.17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • libvorbis-doc-1.3.3-10.14 is installed
  • OR libvorbis0-1.3.3-10.14 is installed
  • OR libvorbis0-32bit-1.3.3-10.14 is installed
  • OR libvorbisenc2-1.3.3-10.14 is installed
  • OR libvorbisenc2-32bit-1.3.3-10.14 is installed
  • OR libvorbisfile3-1.3.3-10.14 is installed
  • OR libvorbisfile3-32bit-1.3.3-10.14 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND shadow-4.2.1-27.9 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • xen-4.9.4_04-3.56 is installed
  • OR xen-doc-html-4.9.4_04-3.56 is installed
  • OR xen-libs-4.9.4_04-3.56 is installed
  • OR xen-libs-32bit-4.9.4_04-3.56 is installed
  • OR xen-tools-4.9.4_04-3.56 is installed
  • OR xen-tools-domU-4.9.4_04-3.56 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-Django1-1.11.20-3.3 is installed
    • BACK