Oval Definition:	oval:org.opensuse.security:def:60077
Revision Date: 2020-12-01 Version: 1 Title: Security update for libexif (Moderate) Description: This update for libexif fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER Family: unix Class: patch Status: Reference(s): 1033109 1033111 1033112 1033113 1033118 1033120 1033126 1033127 1033128 1033129 1033131 1038438 1042804 1042805 1055857 1059893 1120943 1126230 1136082 1136446 1137597 1140747 1157607 1158763 1160770 1161096 1162553 1165631 1167231 1168874 1171252 1171254 1171475 1171670 1171847 1171921 1171960 1171961 1171963 1172105 1172116 1172121 1172437 1173576 1173613 1174157 1175194 1175259 1176496 1176764 1178666 1178667 1178668 989121 989122 CVE-2009-5044 CVE-2009-5080 CVE-2009-5081 CVE-2013-4238 CVE-2013-7490 CVE-2014-4650 CVE-2015-3223 CVE-2015-5330 CVE-2015-8946 CVE-2016-0772 CVE-2016-1000110 CVE-2016-10371 CVE-2016-5636 CVE-2016-5699 CVE-2016-6224 CVE-2016-6328 CVE-2017-7544 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 CVE-2017-9403 CVE-2017-9404 CVE-2018-20030 CVE-2019-11477 CVE-2019-11478 CVE-2019-17639 CVE-2019-18900 CVE-2019-20919 CVE-2019-3846 CVE-2019-9278 CVE-2020-0093 CVE-2020-10753 CVE-2020-10757 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 CVE-2020-12653 CVE-2020-12654 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 CVE-2020-14350 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-1749 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 SUSE-SU-2017:2569-1 SUSE-SU-2018:0336-1 SUSE-SU-2020:0079-2 SUSE-SU-2020:1748-1 SUSE-SU-2020:1779-1 SUSE-SU-2020:2482-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information virtualbox-guest-kmp-default-5.2.10_k4.12.14_lp150.11-lp150.3 is installed OR virtualbox-guest-tools-5.2.10-lp150.3 is installed OR virtualbox-guest-x11-5.2.10-lp150.3 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libIlmImf-2_2-23-2.2.1-lp151.4.3 is installed OR libIlmImf-2_2-23-32bit-2.2.1-lp151.4.3 is installed OR libIlmImfUtil-2_2-23-2.2.1-lp151.4.3 is installed OR libIlmImfUtil-2_2-23-32bit-2.2.1-lp151.4.3 is installed OR openexr-2.2.1-lp151.4.3 is installed OR openexr-devel-2.2.1-lp151.4.3 is installed OR openexr-doc-2.2.1-lp151.4.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information libexif-0.6.22-8.9 is installed OR libexif12-0.6.22-8.9 is installed OR libexif12-32bit-0.6.22-8.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information groff-1.22.2-5 is installed OR groff-full-1.22.2-5 is installed OR gxditview-1.22.2-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libsqlite3-0-3.8.10.2-9.15 is installed OR libsqlite3-0-32bit-3.8.10.2-9.15 is installed OR sqlite3-3.8.10.2-9.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libopenssl-devel-1.0.2j-60.55 is installed OR libopenssl1_0_0-1.0.2j-60.55 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.55 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.55 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.55 is installed OR openssl-1.0.2j-60.55 is installed OR openssl-doc-1.0.2j-60.55 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_178-94_91-default-3-2 is installed OR kgraft-patch-SLE12-SP3_Update_25-3-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libsndfile-1.0.25-36.16 is installed OR libsndfile1-1.0.25-36.16 is installed OR libsndfile1-32bit-1.0.25-36.16 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND apache2-mod_jk-1.2.40-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND Package Information libX11-1.6.2-12.12 is installed OR libX11-6-1.6.2-12.12 is installed OR libX11-6-32bit-1.6.2-12.12 is installed OR libX11-data-1.6.2-12.12 is installed OR libX11-xcb1-1.6.2-12.12 is installed OR libX11-xcb1-32bit-1.6.2-12.12 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libzypp-16.21.2-2.45 is installed OR libzypp-devel-16.21.2-2.45 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information java-1_7_1-ibm-1.7.1_sr4.70-38.56 is installed OR java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56 is installed OR java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56 is installed OR java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56 is installed OR java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND python-Django1-1.11.20-3.6 is installed
BACK