Oval Definition:	oval:org.opensuse.security:def:630
Revision Date: 2022-09-29 Version: 1 Title: Security update for exiv2 (Important) (in QA) Description: This update for exiv2 fixes the following issues: - CVE-2021-37621: Fixed denial of service due to infinite loop in Image:printIFDStructure (bsc#1189333). - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read() (bsc#1189332). - CVE-2021-37619: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1189331). - CVE-2021-37618: Fixed out-of-bounds read in Exiv2:Jp2Image:printStructure (bsc#1189330). - CVE-2021-32617: Fixed denial of service inside inefficient algorithm (quadratic complexity) (bsc#1186192). - CVE-2021-31292: Fixed integer overflow in CrwMap:encode0x1810 (bsc#1188756). - CVE-2021-31291: Fixed heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service (bsc#1188733). - CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1185447). - CVE-2020-18899: Fixed uncontrolled memory allocation (bsc#1189636). - CVE-2020-18898: Fixed remote denial of service in printIFDStructure function (bsc#1189780). - CVE-2018-8977: Fixed remote denial of service in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (bsc#1086798). - CVE-2018-8976: Fixed remote denial of service in image.cpp Exiv2::Internal::stringFormat via out-of-bounds read (bsc#1086810). - CVE-2018-5772: Fixed segmentation fault caused by uncontrolled recursion inthe Exiv2::Image::printIFDStructure (bsc#1076579). - CVE-2018-18915: Fixed an infinite loop in the Exiv2:Image:printIFDStructure function (bsc#1114690). - CVE-2018-10772: Fixed segmentation fault when the function Exiv2::tEXtToDataBuf() is finished (bsc#1092096). This patch is currently in QA and not yet available for download. Family: unix Class: patch Status: Reference(s): 1076579 1086798 1086810 1092096 1114690 1185447 1186192 1188733 1188756 1189330 1189331 1189332 1189333 1189636 1189780 CVE-2012-3466 CVE-2012-3466 CVE-2014-9112 CVE-2016-2037 CVE-2018-10772 CVE-2018-18915 CVE-2018-5772 CVE-2018-8976 CVE-2018-8977 CVE-2019-14866 CVE-2020-18898 CVE-2020-18899 CVE-2020-28407 CVE-2021-29470 CVE-2021-31291 CVE-2021-31292 CVE-2021-32617 CVE-2021-37618 CVE-2021-37619 CVE-2021-37620 CVE-2021-37621 Platform(s): openSUSE 13.1 openSUSE Leap 15.4 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise for SAP 12 SP1 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Real Time Extension 12 SP1 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Package Hub for SUSE Linux Enterprise 12 SUSE Package Hub for SUSE Linux Enterprise 12 SP1 Product(s): Definition Synopsis openSUSE Leap 15.4 is installed AND Package Information exiv2-0.26-150000.6.16.1 is installed OR exiv2-lang-0.26-150000.6.16.1 is installed OR libexiv2-26-0.26-150000.6.16.1 is installed OR libexiv2-26-32bit-0.26-150000.6.16.1 is installed OR libexiv2-devel-0.26-150000.6.16.1 is installed OR libexiv2-doc-0.26-150000.6.16.1 is installed Definition Synopsis SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND Package Information openstack-neutron-2014.2.2.dev26-3 is installed OR openstack-neutron-dhcp-agent-2014.2.2.dev26-3 is installed OR openstack-neutron-ha-tool-2014.2.2.dev26-3 is installed OR openstack-neutron-l3-agent-2014.2.2.dev26-3 is installed OR openstack-neutron-lbaas-agent-2014.2.2.dev26-3 is installed OR openstack-neutron-linuxbridge-agent-2014.2.2.dev26-3 is installed OR openstack-neutron-metadata-agent-2014.2.2.dev26-3 is installed OR openstack-neutron-metering-agent-2014.2.2.dev26-3 is installed OR openstack-neutron-openvswitch-agent-2014.2.2.dev26-3 is installed OR openstack-neutron-vpn-agent-2014.2.2.dev26-3 is installed OR python-neutron-2014.2.2.dev26-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information accountsservice-0.6.35-1 is installed OR accountsservice-lang-0.6.35-1 is installed OR libaccountsservice0-0.6.35-1 is installed OR typelib-1_0-AccountsService-1_0-0.6.35-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND libdcerpc-atsvc0-4.2.4-26 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information cpio-2.12-3.3.1 is installed OR cpio-lang-2.12-3.3.1 is installed OR cpio-mt-2.12-3.3.1 is installed Definition Synopsis SUSE Linux Enterprise High Availability 15 is installed AND Package Information drbd-9.0.13+git.b83ade31-3.2 is installed OR drbd-kmp-default-9.0.13+git.b83ade31_k4.12.14_23-3.2 is installed Definition Synopsis Release Information SUSE Linux Enterprise High Performance Computing 15 SP3 is installed OR SUSE Linux Enterprise Module for Server Applications 15 SP3 is installed OR SUSE Linux Enterprise Server 15 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed OR SUSE Linux Enterprise Storage 7.1 is installed OR SUSE Manager Proxy 4.2 is installed OR SUSE Manager Retail Branch Server 4.2 is installed OR SUSE Manager Server 4.2 is installed AND Package Information swtpm-0.5.2-1.20 is installed OR swtpm-devel-0.5.2-1.20 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 is installed AND Package Information fuse-2.9.7-3.3 is installed OR fuse-devel-2.9.7-3.3 is installed OR fuse-doc-2.9.7-3.3 is installed OR libfuse2-2.9.7-3.3 is installed OR libulockmgr1-2.9.7-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information cpio-2.12-3.3 is installed OR cpio-lang-2.12-3.3 is installed OR cpio-mt-2.12-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information gnome-keyring-3.20.1-3 is installed OR gnome-keyring-32bit-3.20.1-3 is installed OR gnome-keyring-lang-3.20.1-3 is installed OR gnome-keyring-pam-3.20.1-3 is installed OR gnome-keyring-pam-32bit-3.20.1-3 is installed OR libgck-modules-gnome-keyring-3.20.1-3 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed AND Package Information typelib-1_0-JavaScriptCore-4_0-2.24.4-3.31 is installed OR typelib-1_0-WebKit2-4_0-2.24.4-3.31 is installed OR typelib-1_0-WebKit2WebExtension-4_0-2.24.4-3.31 is installed OR webkit2gtk3-2.24.4-3.31 is installed OR webkit2gtk3-devel-2.24.4-3.31 is installed Definition Synopsis SUSE Linux Enterprise Module for Development Tools 15 is installed AND Package Information kernel-docs-4.12.14-25.3 is installed OR kernel-obs-build-4.12.14-25.3 is installed OR kernel-source-4.12.14-25.3 is installed OR kernel-syms-4.12.14-25.3 is installed OR kernel-vanilla-4.12.14-25.3 is installed OR kernel-vanilla-base-4.12.14-25.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information java-1_8_0-openjdk-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-demo-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-devel-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-headless-1.8.0.171-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information rsyslog-8.33.1-3.3 is installed OR rsyslog-module-gssapi-8.33.1-3.3 is installed OR rsyslog-module-mysql-8.33.1-3.3 is installed OR rsyslog-module-pgsql-8.33.1-3.3 is installed OR rsyslog-module-relp-8.33.1-3.3 is installed OR rsyslog-module-snmp-8.33.1-3.3 is installed OR rsyslog-module-udpspoof-8.33.1-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 is installed AND Package Information nodejs8-8.11.3-3.5 is installed OR nodejs8-devel-8.11.3-3.5 is installed OR nodejs8-docs-8.11.3-3.5 is installed OR npm8-8.11.3-3.5 is installed Definition Synopsis SUSE Package Hub for SUSE Linux Enterprise 12 is installed AND Package Information irssi-0.8.20-9 is installed OR irssi-devel-0.8.20-9 is installed Definition Synopsis SUSE Package Hub for SUSE Linux Enterprise 12 SP1 is installed AND Package Information kinit-5.20.0-5 is installed OR kinit-devel-5.20.0-5 is installed OR kinit-lang-5.20.0-5 is installed
BACK