Oval Definition:oval:org.opensuse.security:def:60962
Revision Date:2020-12-01Version:1
Title:Security update for libexif (Moderate)
Description:

This update for libexif fixes the following issues:

Security issues fixed:

- CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116).

Non-security issues fixed:

- libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER
Family:unixClass:patch
Status:Reference(s):1051222
1054171
1055857
1059893
1070727
1093414
1096209
1098155
1102840
1104668
1111331
1120114
1120115
1120116
1120117
1120118
1120119
1120120
1120121
1120122
1120943
1122293
1122299
1128712
1131493
1150734
1154162
1157198
1160039
1160770
1167231
1170601
1171475
1171847
1171863
1171864
1171866
1172105
1172116
1172121
1173576
1173613
1174157
1174633
1174635
1174638
CVE-2016-0705
CVE-2016-6328
CVE-2017-11185
CVE-2017-17083
CVE-2017-17084
CVE-2017-17085
CVE-2017-3732
CVE-2017-3736
CVE-2017-7544
CVE-2017-7555
CVE-2018-11212
CVE-2018-1152
CVE-2018-11813
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2018-12539
CVE-2018-14498
CVE-2018-15126
CVE-2018-15127
CVE-2018-1517
CVE-2018-1656
CVE-2018-20019
CVE-2018-20020
CVE-2018-20021
CVE-2018-20022
CVE-2018-20023
CVE-2018-20024
CVE-2018-20030
CVE-2018-2940
CVE-2018-2952
CVE-2018-2964
CVE-2018-2973
CVE-2018-6307
CVE-2019-11091
CVE-2019-2422
CVE-2019-2974
CVE-2019-3688
CVE-2019-3690
CVE-2019-5953
CVE-2019-9278
CVE-2020-0093
CVE-2020-10543
CVE-2020-10878
CVE-2020-12402
CVE-2020-12415
CVE-2020-12416
CVE-2020-12417
CVE-2020-12418
CVE-2020-12419
CVE-2020-12420
CVE-2020-12421
CVE-2020-12422
CVE-2020-12423
CVE-2020-12424
CVE-2020-12425
CVE-2020-12426
CVE-2020-12723
CVE-2020-12767
CVE-2020-13112
CVE-2020-13113
CVE-2020-13114
CVE-2020-14345
CVE-2020-14346
CVE-2020-14347
CVE-2020-14577
CVE-2020-14578
CVE-2020-14579
CVE-2020-14581
CVE-2020-14583
CVE-2020-14593
CVE-2020-14621
SUSE-SU-2017:2143-1
SUSE-SU-2017:3436-1
SUSE-SU-2018:0650-1
SUSE-SU-2018:2839-1
SUSE-SU-2019:0956-1
SUSE-SU-2019:1954-1
SUSE-SU-2020:0050-1
SUSE-SU-2020:1534-1
SUSE-SU-2020:1899-1
SUSE-SU-2020:2331-1
SUSE-SU-2020:2861-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libmariadb-devel-3.1.2-lp151.3.3 is installed
  • OR libmariadb3-3.1.2-lp151.3.3 is installed
  • OR libmariadb3-32bit-3.1.2-lp151.3.3 is installed
  • OR libmariadb_plugins-3.1.2-lp151.3.3 is installed
  • OR libmariadbprivate-3.1.2-lp151.3.3 is installed
  • OR libmysqld-devel-10.2.25-lp151.2.3 is installed
  • OR libmysqld19-10.2.25-lp151.2.3 is installed
  • OR mariadb-10.2.25-lp151.2.3 is installed
  • OR mariadb-bench-10.2.25-lp151.2.3 is installed
  • OR mariadb-client-10.2.25-lp151.2.3 is installed
  • OR mariadb-connector-c-3.1.2-lp151.3.3 is installed
  • OR mariadb-errormessages-10.2.25-lp151.2.3 is installed
  • OR mariadb-galera-10.2.25-lp151.2.3 is installed
  • OR mariadb-test-10.2.25-lp151.2.3 is installed
  • OR mariadb-tools-10.2.25-lp151.2.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • LibVNCServer-0.9.10-lp152.9.4 is installed
  • OR LibVNCServer-devel-0.9.10-lp152.9.4 is installed
  • OR libvncclient0-0.9.10-lp152.9.4 is installed
  • OR libvncserver0-0.9.10-lp152.9.4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • strongswan-5.1.3-26.5 is installed
  • OR strongswan-doc-5.1.3-26.5 is installed
  • OR strongswan-hmac-5.1.3-26.5 is installed
  • OR strongswan-ipsec-5.1.3-26.5 is installed
  • OR strongswan-libs0-5.1.3-26.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND ucode-intel-20190618-13.47 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • perl-5.18.2-12.23 is installed
  • OR perl-32bit-5.18.2-12.23 is installed
  • OR perl-base-5.18.2-12.23 is installed
  • OR perl-doc-5.18.2-12.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libjpeg-turbo-1.5.3-31.14 is installed
  • OR libjpeg62-62.2.0-31.14 is installed
  • OR libjpeg62-32bit-62.2.0-31.14 is installed
  • OR libjpeg62-turbo-1.5.3-31.14 is installed
  • OR libjpeg8-8.1.2-31.14 is installed
  • OR libjpeg8-32bit-8.1.2-31.14 is installed
  • OR libturbojpeg0-8.1.2-31.14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • apache2-2.4.23-29.24 is installed
  • OR apache2-doc-2.4.23-29.24 is installed
  • OR apache2-example-pages-2.4.23-29.24 is installed
  • OR apache2-prefork-2.4.23-29.24 is installed
  • OR apache2-utils-2.4.23-29.24 is installed
  • OR apache2-worker-2.4.23-29.24 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-ESPOS is installed
  • AND Package Information
  • libzypp-16.21.2-2.45 is installed
  • OR libzypp-devel-16.21.2-2.45 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND python-Django1-1.11.20-3.6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libexif-0.6.22-8.9 is installed
  • OR libexif12-0.6.22-8.9 is installed
  • OR libexif12-32bit-0.6.22-8.9 is installed
    • BACK