Oval Definition:	oval:org.opensuse.security:def:58276
Revision Date: 2020-12-01 Version: 1 Title: Security update for libexif (Moderate) Description: This update for libexif fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER Family: unix Class: patch Status: Reference(s): 1004455 1032029 1033238 1037120 1039514 1039515 1040153 1040968 1043900 1045290 1046750 1055825 1055857 1056058 1056427 1059893 1065363 1066242 1068032 1068664 1075087 1080157 1087082 1088268 1090036 1090953 1091041 1092289 1093215 1094019 1109160 1118367 1118368 1119947 1120943 1133191 1135170 1136446 1136935 1137597 1149332 1159208 1159623 1160467 1160468 1160770 1160968 1162972 1165784 1171475 1171740 1171847 1171878 1172085 1172105 1172116 1172121 1176013 985012 986216 CVE-2012-0876 CVE-2016-0718 CVE-2016-4472 CVE-2016-6328 CVE-2016-9063 CVE-2017-0861 CVE-2017-1000158 CVE-2017-3735 CVE-2017-3736 CVE-2017-7544 CVE-2017-9022 CVE-2017-9023 CVE-2017-9233 CVE-2017-9445 CVE-2018-1000199 CVE-2018-16884 CVE-2018-20030 CVE-2018-3639 CVE-2018-5741 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-14896 CVE-2019-14897 CVE-2019-3846 CVE-2019-5436 CVE-2019-9278 CVE-2020-0093 CVE-2020-10029 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 CVE-2020-8616 CVE-2020-8617 SUSE-SU-2016:2871-1 SUSE-SU-2017:1473-1 SUSE-SU-2017:1898-1 SUSE-SU-2017:3169-1 SUSE-SU-2018:1272-1 SUSE-SU-2018:1377-2 SUSE-SU-2020:0456-1 SUSE-SU-2020:0497-1 SUSE-SU-2020:1534-1 SUSE-SU-2020:1914-1 SUSE-SU-2020:3024-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Leap 15.1 NonFree SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information cups-pk-helper-0.2.6-lp150.1 is installed OR cups-pk-helper-lang-0.2.6-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information neovim-0.3.5-lp151.2.3 is installed OR neovim-lang-0.3.5-lp151.2.3 is installed Definition Synopsis openSUSE Leap 15.1 NonFree is installed AND opera-68.0.3618.104-lp151.2.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND libtcnative-1-0-1.1.34-12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information kernel-default-4.4.121-92.80 is installed OR kernel-default-base-4.4.121-92.80 is installed OR kernel-default-devel-4.4.121-92.80 is installed OR kernel-devel-4.4.121-92.80 is installed OR kernel-macros-4.4.121-92.80 is installed OR kernel-source-4.4.121-92.80 is installed OR kernel-syms-4.4.121-92.80 is installed OR kgraft-patch-4_4_121-92_80-default-1-3.5 is installed OR kgraft-patch-SLE12-SP2_Update_22-1-3.5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information curl-7.37.0-37.40 is installed OR libcurl4-7.37.0-37.40 is installed OR libcurl4-32bit-7.37.0-37.40 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_74-92_32-default-9-2 is installed OR kgraft-patch-SLE12-SP2_Update_11-9-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information bind-9.9.9P1-62 is installed OR bind-chrootenv-9.9.9P1-62 is installed OR bind-doc-9.9.9P1-62 is installed OR bind-libs-9.9.9P1-62 is installed OR bind-libs-32bit-9.9.9P1-62 is installed OR bind-utils-9.9.9P1-62 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information java-1_7_0-openjdk-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-demo-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-devel-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-headless-1.7.0.241-43.30 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_180-94_103-default-8-2 is installed OR kgraft-patch-SLE12-SP3_Update_28-8-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information libecpg6-10.9-1.12 is installed OR libpq5-10.9-1.12 is installed OR libpq5-32bit-10.9-1.12 is installed OR postgresql10-10.9-1.12 is installed OR postgresql10-contrib-10.9-1.12 is installed OR postgresql10-docs-10.9-1.12 is installed OR postgresql10-libs-10.9-1.12 is installed OR postgresql10-plperl-10.9-1.12 is installed OR postgresql10-plpython-10.9-1.12 is installed OR postgresql10-pltcl-10.9-1.12 is installed OR postgresql10-server-10.9-1.12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information MozillaFirefox-52.9.0esr-109.38 is installed OR MozillaFirefox-translations-52.9.0esr-109.38 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libexif12-0.6.21-8.3 is installed OR libexif12-32bit-0.6.21-8.3 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information libexif-0.6.22-8.9 is installed OR libexif12-0.6.22-8.9 is installed OR libexif12-32bit-0.6.22-8.9 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libseccomp-2.4.1-11.3 is installed OR libseccomp2-2.4.1-11.3 is installed OR libseccomp2-32bit-2.4.1-11.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND couchdb-1.7.2-3.3 is installed
BACK