Oval Definition:oval:org.opensuse.security:def:67395
Revision Date:2020-12-01Version:1
Title:Security update for libexif (Moderate)
Description:

This update for libexif to 0.6.22 fixes the following issues:

Security issues fixed:

- CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116).

Non-security issues fixed:

- libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER
Family:unixClass:patch
Status:Reference(s):1055857
1059893
1065600
1065729
1071995
1085030
1120163
1120943
1133021
1149032
1152472
1152489
1153274
1154353
1154488
1154492
1155518
1156395
1159058
1160634
1160770
1167773
1169790
1171475
1171634
1171688
1171847
1172105
1172108
1172116
1172121
1172197
1172247
1172418
1172871
1172963
1173468
1173485
1173798
1173813
1173954
1174002
1174003
1174026
1174205
1174247
1174362
1174387
1174484
1174625
1174645
1174689
1174699
1174737
1174757
1174762
1174770
1174771
1174777
1174805
1174824
1174825
1174852
1174865
1174880
1174897
1174906
1174969
1175009
1175010
1175011
1175012
1175013
1175014
1175015
1175016
1175017
1175018
1175019
1175020
1175021
1175052
1175112
1175116
1175128
1175149
1175175
1175176
1175180
1175181
1175182
1175183
1175184
1175185
1175186
1175187
1175188
1175189
1175190
1175191
1175192
1175195
1175199
1175213
1175232
1175263
1175284
1175296
1175344
1175345
1175346
1175347
1175367
1175377
1175440
1175493
1175546
1175550
1175654
1175691
1175768
1175769
1175770
1175771
1175772
1175774
1175775
1175834
1175873
CVE-2016-6328
CVE-2017-7544
CVE-2018-20030
CVE-2019-9278
CVE-2020-0093
CVE-2020-12767
CVE-2020-13112
CVE-2020-13113
CVE-2020-13114
CVE-2020-14314
CVE-2020-14331
CVE-2020-14356
CVE-2020-16166
SUSE-SU-2020:1553-2
SUSE-SU-2020:2486-1
Platform(s):SUSE Linux Enterprise High Availability 15 SP2
SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise High Availability 15 SP2 is installed
  • AND Package Information
  • cluster-md-kmp-default-5.3.18-24.12 is installed
  • OR dlm-kmp-default-5.3.18-24.12 is installed
  • OR gfs2-kmp-default-5.3.18-24.12 is installed
  • OR kernel-default-5.3.18-24.12 is installed
  • OR ocfs2-kmp-default-5.3.18-24.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 is installed
  • AND Package Information
  • libexif-0.6.22-5.6 is installed
  • OR libexif12-32bit-0.6.22-5.6 is installed
    • BACK