Oval Definition:oval:org.opensuse.security:def:60697
Revision Date:2020-12-01Version:1
Title:Security update for libexif (Moderate)
Description:

This update for libexif fixes the following issues:

Security issues fixed:

- CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116).

Non-security issues fixed:

- libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER
Family:unixClass:patch
Status:Reference(s):1055857
1056421
1056562
1056621
1056622
1057511
1059893
1067720
1083624
1093697
1095472
1097775
1099805
1099808
1101644
1101645
1101651
1101656
1102379
1102400
1102410
1106812
1109673
1120943
1129271
1129272
1144902
1154212
1157763
1158442
1160770
1167231
1171475
1171847
1172105
1172116
1172121
1172265
1173027
1173576
1173613
1176262
1176410
1177143
CVE-2016-10507
CVE-2016-6328
CVE-2017-14039
CVE-2017-14040
CVE-2017-14041
CVE-2017-14164
CVE-2017-7544
CVE-2017-9103
CVE-2017-9104
CVE-2017-9105
CVE-2017-9106
CVE-2017-9107
CVE-2017-9108
CVE-2017-9109
CVE-2018-1063
CVE-2018-10855
CVE-2018-10874
CVE-2018-10875
CVE-2018-1336
CVE-2018-17407
CVE-2018-20030
CVE-2018-2938
CVE-2018-2940
CVE-2018-2952
CVE-2018-2973
CVE-2018-3639
CVE-2018-8014
CVE-2018-8034
CVE-2018-8037
CVE-2019-10218
CVE-2019-15961
CVE-2019-20916
CVE-2019-2933
CVE-2019-2945
CVE-2019-2962
CVE-2019-2964
CVE-2019-2973
CVE-2019-2978
CVE-2019-2981
CVE-2019-2983
CVE-2019-2989
CVE-2019-2992
CVE-2019-2999
CVE-2019-5418
CVE-2019-5419
CVE-2019-9278
CVE-2020-0093
CVE-2020-12402
CVE-2020-12415
CVE-2020-12416
CVE-2020-12417
CVE-2020-12418
CVE-2020-12419
CVE-2020-12420
CVE-2020-12421
CVE-2020-12422
CVE-2020-12423
CVE-2020-12424
CVE-2020-12425
CVE-2020-12426
CVE-2020-12767
CVE-2020-13112
CVE-2020-13113
CVE-2020-13114
CVE-2020-25219
CVE-2020-26154
CVE-2020-8177
SUSE-SU-2017:2649-1
SUSE-SU-2018:0926-1
SUSE-SU-2018:4130-1
SUSE-SU-2019:0915-1
SUSE-SU-2019:2890-1
SUSE-SU-2019:3177-1
SUSE-SU-2020:0051-1
SUSE-SU-2020:1534-1
SUSE-SU-2020:1732-1
SUSE-SU-2020:1899-1
SUSE-SU-2020:2726-1
SUSE-SU-2020:2900-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
openSUSE Leap 15.2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • libX11-1.6.5-lp150.2.3 is installed
  • OR libX11-6-1.6.5-lp150.2.3 is installed
  • OR libX11-6-32bit-1.6.5-lp150.2.3 is installed
  • OR libX11-data-1.6.5-lp150.2.3 is installed
  • OR libX11-devel-1.6.5-lp150.2.3 is installed
  • OR libX11-devel-32bit-1.6.5-lp150.2.3 is installed
  • OR libX11-xcb1-1.6.5-lp150.2.3 is installed
  • OR libX11-xcb1-32bit-1.6.5-lp150.2.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • bzip2-1.0.6-lp151.5.6 is installed
  • OR bzip2-doc-1.0.6-lp151.5.6 is installed
  • OR libbz2-1-1.0.6-lp151.5.6 is installed
  • OR libbz2-1-32bit-1.0.6-lp151.5.6 is installed
  • OR libbz2-devel-1.0.6-lp151.5.6 is installed
  • OR libbz2-devel-32bit-1.0.6-lp151.5.6 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • graphviz-2.40.1-lp152.7.4 is installed
  • OR graphviz-addons-2.40.1-lp152.7.4 is installed
  • OR graphviz-devel-2.40.1-lp152.7.4 is installed
  • OR graphviz-doc-2.40.1-lp152.7.4 is installed
  • OR graphviz-gd-2.40.1-lp152.7.4 is installed
  • OR graphviz-gnome-2.40.1-lp152.7.4 is installed
  • OR graphviz-guile-2.40.1-lp152.7.4 is installed
  • OR graphviz-gvedit-2.40.1-lp152.7.4 is installed
  • OR graphviz-java-2.40.1-lp152.7.4 is installed
  • OR graphviz-lua-2.40.1-lp152.7.4 is installed
  • OR graphviz-perl-2.40.1-lp152.7.4 is installed
  • OR graphviz-php-2.40.1-lp152.7.4 is installed
  • OR graphviz-plugins-core-2.40.1-lp152.7.4 is installed
  • OR graphviz-python-2.40.1-lp152.7.4 is installed
  • OR graphviz-ruby-2.40.1-lp152.7.4 is installed
  • OR graphviz-smyrna-2.40.1-lp152.7.4 is installed
  • OR graphviz-tcl-2.40.1-lp152.7.4 is installed
  • OR libgraphviz6-2.40.1-lp152.7.4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • libopenjp2-7-2.1.0-4.6 is installed
  • OR openjpeg2-2.1.0-4.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND clamav-0.100.3-33.29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • adns-1.4-103.3 is installed
  • OR libadns1-1.4-103.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • libdcerpc-binding0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libdcerpc-binding0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libdcerpc0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libdcerpc0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-krb5pac0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-krb5pac0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-nbt0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-nbt0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-standard0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-standard0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libnetapi0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libnetapi0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-credentials0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-credentials0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-errors0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-errors0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-hostconfig0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-hostconfig0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-passdb0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-passdb0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-util0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-util0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamdb0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamdb0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbclient0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbclient0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbconf0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbconf0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbldap0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbldap0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libtevent-util0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libtevent-util0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libwbclient0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libwbclient0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-client-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-client-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-doc-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-libs-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-libs-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-winbind-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-winbind-32bit-4.6.16+git.169.064abe062be-3.46 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • tomcat-8.0.53-29.13 is installed
  • OR tomcat-admin-webapps-8.0.53-29.13 is installed
  • OR tomcat-docs-webapp-8.0.53-29.13 is installed
  • OR tomcat-el-3_0-api-8.0.53-29.13 is installed
  • OR tomcat-javadoc-8.0.53-29.13 is installed
  • OR tomcat-jsp-2_3-api-8.0.53-29.13 is installed
  • OR tomcat-lib-8.0.53-29.13 is installed
  • OR tomcat-servlet-3_1-api-8.0.53-29.13 is installed
  • OR tomcat-webapps-8.0.53-29.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • apache2-2.4.23-29.24 is installed
  • OR apache2-doc-2.4.23-29.24 is installed
  • OR apache2-example-pages-2.4.23-29.24 is installed
  • OR apache2-prefork-2.4.23-29.24 is installed
  • OR apache2-utils-2.4.23-29.24 is installed
  • OR apache2-worker-2.4.23-29.24 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-ESPOS is installed
  • AND Package Information
  • MozillaFirefox-78.0.1-112.3 is installed
  • OR MozillaFirefox-branding-SLE-78-35.3 is installed
  • OR MozillaFirefox-devel-78.0.1-112.3 is installed
  • OR MozillaFirefox-translations-common-78.0.1-112.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • libexif-0.6.22-8.9 is installed
  • OR libexif12-0.6.22-8.9 is installed
  • OR libexif12-32bit-0.6.22-8.9 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr6.15-30.72 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND ansible-2.4.6.0-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-Django1-1.11.20-3.3 is installed
    • BACK