OVAL Reference oval:org.opensuse.security:def:59229

Oval Definition:

oval:org.opensuse.security:def:59229

Revision Date:	2020-12-01	Version:	1
Title:	Security update for libexif (Moderate)
Description:	This update for libexif fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER
Family:	unix	Class:	patch
Status:		Reference(s):	1010399 1010405 1010406 1010408 1010409 1010421 1010423 1010424 1010425 1010426 1025108 1043008 1047281 1055857 1059893 1074235 1092611 1102840 1106222 1109412 1109413 1109414 1110910 1111006 1111010 1111013 1111996 1112534 1112535 1113247 1113252 1113255 1114422 1116827 1118830 1118831 1120374 1120640 1120943 1121034 1121035 1121056 1126140 1126141 1126192 1126195 1126196 1126198 1126201 1127400 1133131 1133232 1137990 1141913 1142690 1142772 1143797 1144902 1146874 1149429 1149813 1154738 1159819 1159913 1160039 1160770 1165631 1167976 1168669 1169746 1170601 1170908 1171475 1171847 1171863 1171864 1171866 1171978 1172105 1172116 1172121 1173022 1173659 1173942 1173986 1174247 1174420 1174662 1176756 1178512 959933 983922 CVE-2014-4362 CVE-2015-4000 CVE-2016-2830 CVE-2016-5289 CVE-2016-5292 CVE-2016-6328 CVE-2016-9063 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 CVE-2017-7544 CVE-2017-7789 CVE-2018-1000876 CVE-2018-10839 CVE-2018-15746 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-18849 CVE-2018-19931 CVE-2018-19932 CVE-2018-20030 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5165 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5174 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5178 CVE-2018-5179 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 CVE-2018-5183 CVE-2019-1010180 CVE-2019-10206 CVE-2019-10218 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-15903 CVE-2019-16746 CVE-2019-17006 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 CVE-2019-5108 CVE-2019-9278 CVE-2020-0093 CVE-2020-10543 CVE-2020-10878 CVE-2020-11668 CVE-2020-12399 CVE-2020-12402 CVE-2020-12723 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 CVE-2020-14331 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 CVE-2020-1749 CVE-2020-1749 CVE-2020-28196 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 SUSE-SU-2018:4237-1 SUSE-SU-2019:2274-1 SUSE-SU-2019:2783-1 SUSE-SU-2019:2872-1 SUSE-SU-2019:2890-1 SUSE-SU-2020:0868-1 SUSE-SU-2020:1534-1 SUSE-SU-2020:1662-1 SUSE-SU-2020:1839-1 SUSE-SU-2020:2232-1 SUSE-SU-2020:2759-1 SUSE-SU-2020:3379-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information libjpeg-turbo-1.5.3-lp150.3 is installed OR libjpeg8-8.1.2-lp150.3 is installed OR libturbojpeg0-8.1.2-lp150.3 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND arc-5.21q-lp151.3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information qemu-2.6.2-41.46 is installed OR qemu-block-curl-2.6.2-41.46 is installed OR qemu-block-rbd-2.6.2-41.46 is installed OR qemu-block-ssh-2.6.2-41.46 is installed OR qemu-guest-agent-2.6.2-41.46 is installed OR qemu-ipxe-1.0.0-41.46 is installed OR qemu-kvm-2.6.2-41.46 is installed OR qemu-lang-2.6.2-41.46 is installed OR qemu-seabios-1.9.1-41.46 is installed OR qemu-sgabios-8-41.46 is installed OR qemu-tools-2.6.2-41.46 is installed OR qemu-vgabios-1.9.1-41.46 is installed OR qemu-x86-2.6.2-41.46 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information binutils-2.32-9.33 is installed OR binutils-devel-2.32-9.33 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information libexif-0.6.22-8.9 is installed OR libexif12-0.6.22-8.9 is installed OR libexif12-32bit-0.6.22-8.9 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND davfs2-1.5.2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information curl-7.37.0-37.43 is installed OR libcurl4-7.37.0-37.43 is installed OR libcurl4-32bit-7.37.0-37.43 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libsolv-0.6.36-2.27.19 is installed OR libsolv-tools-0.6.36-2.27.19 is installed OR libzypp-16.20.2-27.60 is installed OR perl-solv-0.6.36-2.27.19 is installed OR python-solv-0.6.36-2.27.19 is installed OR zypper-1.13.54-18.40 is installed OR zypper-log-1.13.54-18.40 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information cups-1.7.5-20.26 is installed OR cups-client-1.7.5-20.26 is installed OR cups-libs-1.7.5-20.26 is installed OR cups-libs-32bit-1.7.5-20.26 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libjavascriptcoregtk-4_0-18-2.24.0-2.38 is installed OR libwebkit2gtk-4_0-37-2.24.0-2.38 is installed OR typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38 is installed OR typelib-1_0-WebKit2-4_0-2.24.0-2.38 is installed OR webkit2gtk-4_0-injected-bundles-2.24.0-2.38 is installed OR webkit2gtk3-2.24.0-2.38 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information ibus-chewing-1.4.14-4 is installed OR ibus-pinyin-1.5.0-11 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information perl-5.18.2-12.23 is installed OR perl-32bit-5.18.2-12.23 is installed OR perl-base-5.18.2-12.23 is installed OR perl-doc-5.18.2-12.23 is installed
Definition Synopsis
SUSE OpenStack Cloud 9 is installed AND Package Information LibVNCServer-0.9.9-17.31 is installed OR libvncclient0-0.9.9-17.31 is installed OR libvncserver0-0.9.9-17.31 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND ansible-2.4.6.0-3.6 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-3.3 is installed OR crowbar-6.0+git.1561125496.b7508480-3.6 is installed OR crowbar-core-6.0+git.1562154525.5e2983308-3.3 is installed OR crowbar-core-branding-upstream-6.0+git.1562154525.5e2983308-3.3 is installed OR crowbar-devel-6.0+git.1561125496.b7508480-3.6 is installed OR crowbar-ha-6.0+git.1560951093.4af1ee5-3.3 is installed OR crowbar-openstack-6.0+git.1562153583.4735fcf34-3.3 is installed OR documentation-suse-openstack-cloud-crowbar-deployment-9.20190621-3.3 is installed OR documentation-suse-openstack-cloud-crowbar-operations-9.20190621-3.3 is installed OR documentation-suse-openstack-cloud-supplement-9.20190621-3.3 is installed OR galera-python-clustercheck-0.0+git.1562242499.36b8b64-6.3 is installed OR grafana-5.3.3-3.3 is installed OR grafana-monasca-ui-drilldown-1.14.1~dev7-3.3 is installed OR openstack-ceilometer-11.0.2~dev13-3.3 is installed OR openstack-ceilometer-agent-central-11.0.2~dev13-3.3 is installed OR openstack-ceilometer-agent-compute-11.0.2~dev13-3.3 is installed OR openstack-ceilometer-agent-ipmi-11.0.2~dev13-3.3 is installed OR openstack-ceilometer-agent-notification-11.0.2~dev13-3.3 is installed OR openstack-ceilometer-polling-11.0.2~dev13-3.3 is installed OR openstack-cinder-13.0.6~dev12-3.3 is installed OR openstack-cinder-api-13.0.6~dev12-3.3 is installed OR openstack-cinder-backup-13.0.6~dev12-3.3 is installed OR openstack-cinder-scheduler-13.0.6~dev12-3.3 is installed OR openstack-cinder-volume-13.0.6~dev12-3.3 is installed OR openstack-dashboard-14.0.4~dev4-3.3 is installed OR openstack-designate-7.0.1~dev20-3.3 is installed OR openstack-designate-agent-7.0.1~dev20-3.3 is installed OR openstack-designate-api-7.0.1~dev20-3.3 is installed OR openstack-designate-central-7.0.1~dev20-3.3 is installed OR openstack-designate-producer-7.0.1~dev20-3.3 is installed OR openstack-designate-sink-7.0.1~dev20-3.3 is installed OR openstack-designate-worker-7.0.1~dev20-3.3 is installed OR openstack-heat-11.0.3~dev5-3.3 is installed OR openstack-heat-api-11.0.3~dev5-3.3 is installed OR openstack-heat-api-cfn-11.0.3~dev5-3.3 is installed OR openstack-heat-engine-11.0.3~dev5-3.3 is installed OR openstack-heat-plugin-heat_docker-11.0.3~dev5-3.3 is installed OR openstack-horizon-plugin-designate-ui-7.0.1~dev7-3.3 is installed OR openstack-horizon-plugin-heat-ui-1.4.1~dev4-4.3 is installed OR openstack-horizon-plugin-magnum-ui-5.0.2~dev9-3.3 is installed OR openstack-horizon-plugin-monasca-ui-1.14.1~dev7-3.3 is installed OR openstack-ironic-11.1.4~dev2-3.3 is installed OR openstack-ironic-api-11.1.4~dev2-3.3 is installed OR openstack-ironic-conductor-11.1.4~dev2-3.3 is installed OR openstack-ironic-python-agent-3.3.2~dev13-3.3 is installed OR openstack-keystone-14.1.1~dev7-3.3 is installed OR openstack-magnum-7.1.1~dev24-3.3 is installed OR openstack-magnum-api-7.1.1~dev24-3.3 is installed OR openstack-magnum-conductor-7.1.1~dev24-3.3 is installed OR openstack-manila-7.3.1~dev2-4.3 is installed OR openstack-manila-api-7.3.1~dev2-4.3 is installed OR openstack-manila-data-7.3.1~dev2-4.3 is installed OR openstack-manila-scheduler-7.3.1~dev2-4.3 is installed OR openstack-manila-share-7.3.1~dev2-4.3 is installed OR openstack-monasca-agent-2.8.1~dev10-3.3 is installed OR openstack-monasca-notification-1.14.1~dev8-6.3 is installed OR openstack-neutron-13.0.4~dev89-3.3 is installed OR openstack-neutron-dhcp-agent-13.0.4~dev89-3.3 is installed OR openstack-neutron-fwaas-13.0.2~dev14-3.3 is installed OR openstack-neutron-gbp-5.0.1~dev443-3.3 is installed OR openstack-neutron-ha-tool-13.0.4~dev89-3.3 is installed OR openstack-neutron-l3-agent-13.0.4~dev89-3.3 is installed OR openstack-neutron-lbaas-13.0.1~dev12-3.3 is installed OR openstack-neutron-lbaas-agent-13.0.1~dev12-3.3 is installed OR openstack-neutron-linuxbridge-agent-13.0.4~dev89-3.3 is installed OR openstack-neutron-macvtap-agent-13.0.4~dev89-3.3 is installed OR openstack-neutron-metadata-agent-13.0.4~dev89-3.3 is installed OR openstack-neutron-metering-agent-13.0.4~dev89-3.3 is installed OR openstack-neutron-openvswitch-agent-13.0.4~dev89-3.3 is installed OR openstack-neutron-server-13.0.4~dev89-3.3 is installed OR openstack-neutron-vpnaas-13.0.2~dev4-3.3 is installed OR openstack-neutron-vyatta-agent-13.0.2~dev4-3.3 is installed OR openstack-nova-18.2.2~dev9-3.3 is installed OR openstack-nova-api-18.2.2~dev9-3.3 is installed OR openstack-nova-cells-18.2.2~dev9-3.3 is installed OR openstack-nova-compute-18.2.2~dev9-3.3 is installed OR openstack-nova-conductor-18.2.2~dev9-3.3 is installed OR openstack-nova-console-18.2.2~dev9-3.3 is installed OR openstack-nova-novncproxy-18.2.2~dev9-3.3 is installed OR openstack-nova-placement-api-18.2.2~dev9-3.3 is installed OR openstack-nova-scheduler-18.2.2~dev9-3.3 is installed OR openstack-nova-serialproxy-18.2.2~dev9-3.3 is installed OR openstack-nova-vncproxy-18.2.2~dev9-3.3 is installed OR openstack-octavia-3.1.2~dev2-3.3 is installed OR openstack-octavia-amphora-agent-3.1.2~dev2-3.3 is installed OR openstack-octavia-api-3.1.2~dev2-3.3 is installed OR openstack-octavia-health-manager-3.1.2~dev2-3.3 is installed OR openstack-octavia-housekeeping-3.1.2~dev2-3.3 is installed OR openstack-octavia-worker-3.1.2~dev2-3.3 is installed OR python-barbican-tempest-plugin-0.1.0-4.3 is installed OR python-ceilometer-11.0.2~dev13-3.3 is installed OR python-cinder-13.0.6~dev12-3.3 is installed OR python-cinderclient-4.0.2-3.3 is installed OR python-cinderclient-doc-4.0.2-3.3 is installed OR python-designate-7.0.1~dev20-3.3 is installed OR python-heat-11.0.3~dev5-3.3 is installed OR python-horizon-14.0.4~dev4-3.3 is installed OR python-horizon-plugin-designate-ui-7.0.1~dev7-3.3 is installed OR python-horizon-plugin-heat-ui-1.4.1~dev4-4.3 is installed OR python-horizon-plugin-magnum-ui-5.0.2~dev9-3.3 is installed OR python-horizon-plugin-monasca-ui-1.14.1~dev7-3.3 is installed OR python-ironic-11.1.4~dev2-3.3 is installed OR python-ironicclient-2.5.2-4.3 is installed OR python-ironicclient-doc-2.5.2-4.3 is installed OR python-keystone-14.1.1~dev7-3.3 is installed OR python-magnum-7.1.1~dev24-3.3 is installed OR python-manila-7.3.1~dev2-4.3 is installed OR python-manila-tempest-plugin-0.1.0-3.3 is installed OR python-manilaclient-1.24.2-3.3 is installed OR python-manilaclient-doc-1.24.2-3.3 is installed OR python-monasca-agent-2.8.1~dev10-3.3 is installed OR python-monasca-notification-1.14.1~dev8-6.3 is installed OR python-neutron-13.0.4~dev89-3.3 is installed OR python-neutron-fwaas-13.0.2~dev14-3.3 is installed OR python-neutron-gbp-5.0.1~dev443-3.3 is installed OR python-neutron-lbaas-13.0.1~dev12-3.3 is installed OR python-neutron-vpnaas-13.0.2~dev4-3.3 is installed OR python-nova-18.2.2~dev9-3.3 is installed OR python-octavia-3.1.2~dev2-3.3 is installed OR python-openstack_auth-14.0.4~dev4-3.3 is installed OR python-os-brick-2.5.7-3.3 is installed OR python-os-brick-common-2.5.7-3.3 is installed OR python-oslo.db-4.40.2-3.3 is installed OR python-proliantutils-2.8.4-1 is installed OR supportutils-plugin-suse-openstack-cloud-9.0.1562324636.e7046a3-1 is installed

BACK