Oval Definition:oval:org.opensuse.security:def:70783
Revision Date:2021-06-04Version:1
Title:Security update for libwebp (Critical)
Description:

This update for libwebp fixes the following issues:

- CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685). - CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691). - CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674). - CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652). - CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690). - CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into functions (bsc#1185688). - CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654). - CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686). - CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673). - CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
Family:unixClass:patch
Status:Reference(s):1173274
1185652
1185654
1185673
1185674
1185685
1185686
1185688
1185690
1185691
1186247
CVE-2014-4671
CVE-2014-7818
CVE-2014-7829
CVE-2016-2098
CVE-2018-25009
CVE-2018-25010
CVE-2018-25011
CVE-2018-25012
CVE-2018-25013
CVE-2019-5418
CVE-2019-5419
CVE-2020-14422
CVE-2020-36328
CVE-2020-36329
CVE-2020-36330
CVE-2020-36331
CVE-2020-36332
SUSE-SU-2020:1920-1
SUSE-SU-2021:1860-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Availability 15 SP1
SUSE Linux Enterprise Module for Python2 packages 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Workstation Extension 15 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise High Availability 15 SP1 is installed
  • AND ruby2.5-rubygem-actionpack-5_1-5.1.4-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Python2 packages 15 SP2 is installed
  • AND python-ipaddress-1.0.18-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP2 is installed
  • AND libwebp6-0.5.0-3.5.1 is installed
    • BACK