Oval Definition:oval:org.opensuse.security:def:67129
Revision Date:2021-06-04Version:1
Title:Security update for libwebp (Critical)
Description:

This update for libwebp fixes the following issues:

- CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685). - CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691). - CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674). - CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652). - CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690). - CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into functions (bsc#1185688). - CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654). - CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686). - CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673). - CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
Family:unixClass:patch
Status:Reference(s):1174415
1178593
1185652
1185654
1185673
1185674
1185685
1185686
1185688
1185690
1185691
1186247
CVE-2017-18926
CVE-2018-25009
CVE-2018-25010
CVE-2018-25011
CVE-2018-25012
CVE-2018-25013
CVE-2020-15900
CVE-2020-36328
CVE-2020-36329
CVE-2020-36330
CVE-2020-36331
CVE-2020-36332
SUSE-SU-2020:3352-1
Platform(s):SUSE Linux Enterprise Module for Desktop Applications 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed
  • AND Package Information
  • libraptor-devel-2.0.15-9.3 is installed
  • OR libraptor2-0-2.0.15-9.3 is installed
  • OR raptor-2.0.15-9.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • ghostscript-mini-9.52-3.32 is installed
  • OR ghostscript-mini-devel-9.52-3.32 is installed
    • BACK