OVAL Reference oval:org.opensuse.security:def:68514

Oval Definition:

oval:org.opensuse.security:def:68514

Revision Date:	2021-06-04	Version:	1
Title:	Security update for libwebp (Critical)
Description:	This update for libwebp fixes the following issues: - CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685). - CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691). - CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674). - CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652). - CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690). - CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into functions (bsc#1185688). - CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654). - CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686). - CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673). - CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
Family:	unix	Class:	patch
Status:		Reference(s):	1040109 1040113 1040115 1140709 1185652 1185654 1185673 1185674 1185685 1185686 1185688 1185690 1185691 1186247 CVE-2017-9111 CVE-2017-9113 CVE-2017-9115 CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25012 CVE-2018-25013 CVE-2019-12838 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 SUSE-SU-2019:1963-1 SUSE-SU-2019:2229-1 SUSE-SU-2021:1860-1
Platform(s):	SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Development Tools 15 SP1 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1	Product(s):
Definition Synopsis
SUSE Linux Enterprise Module for Development Tools 15 SP1 is installed AND perl-Switch-2.17-3.2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed AND Package Information libIlmImf-2_2-23-2.2.1-3.6 is installed OR libIlmImfUtil-2_2-23-2.2.1-3.6 is installed OR openexr-2.2.1-3.6 is installed OR openexr-devel-2.2.1-3.6 is installed
Definition Synopsis
SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 is installed AND libwebp6-32bit-0.5.0-3.5.1 is installed

BACK