Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

openSUSE Leap 15.0: 2018:1961-1 Moderate: exiv2 Denial of Service

opensuse
Calendar Grey July 14, 2018
Dist Opensuse Esm H88
A new security patch for Exiv2 is now released on openSUSE addressing 15 vulnerabilities, some of which could result in denial of service conditions.
An update that fixes 15 vulnerabilities is now available.

Description

This update for exiv2 to 0.26 fixes the following security issues:

- CVE-2017-14864: Prevent invalid memory address dereference in

Exiv2::getULong that could have caused a segmentation fault and

application crash, which leads to denial of service (bsc#1060995).

- CVE-2017-14862: Prevent invalid memory address dereference in

Exiv2::DataValue::read that could have caused a segmentation fault and

application crash, which leads to denial of service (bsc#1060996).

- CVE-2017-14859: Prevent invalid memory address dereference in

Exiv2::StringValueBase::read that could have caused a segmentation fault

and application crash, which leads to denial of service (bsc#1061000).

- CVE-2017-14860: Prevent heap-based buffer over-read in the

Exiv2::Jp2Image::readMetadata function via a crafted input that could

have lead to a denial of service attack (bsc#1061023).

- CVE-2017-11337: Prevent invalid free in the Action::TaskFactory::cleanup

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service moderate severity exiv2 openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-727=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

exiv2-0.26-lp150.5.3.1

exiv2-debuginfo-0.26-lp150.5.3.1

exiv2-debugsource-0.26-lp150.5.3.1

libexiv2-26-0.26-lp150.5.3.1

libexiv2-26-debuginfo-0.26-lp150.5.3.1

libexiv2-devel-0.26-lp150.5.3.1

libexiv2-doc-0.26-lp150.5.3.1

- openSUSE Leap 15.0 (x86_64):

libexiv2-26-32bit-0.26-lp150.5.3.1

libexiv2-26-32bit-debuginfo-0.26-lp150.5.3.1

- openSUSE Leap 15.0 (noarch):

exiv2-lang-0.26-lp150.5.3.1

References

https://www.suse.com/security/cve/CVE-2017-11337.html

https://www.suse.com/security/cve/CVE-2017-11338.html

https://www.suse.com/security/cve/CVE-2017-11339.html

https://www.suse.com/security/cve/CVE-2017-11340.html

https://www.suse.com/security/cve/CVE-2017-11553.html

https://www.suse.com/security/cve/CVE-2017-11591.html

https://www.suse.com/security/cve/CVE-2017-11592.html

https://www.suse.com/security/cve/CVE-2017-11683.html

https://www.suse.com/security/cve/CVE-2017-12955.html

https://www.suse.com/security/cve/CVE-2017-12956.html

https://www.suse.com/security/cve/CVE-2017-12957.html

https://www.suse.com/security/cve/CVE-2017-14859.html

https://www.suse.com/security/cve/CVE-2017-14860.html

https://www.suse.com/security/cve/CVE-2017-14862.html

https://www.suse.com/security/cve/CVE-2017-14864.html

https://bugzilla.suse.com/1048883

https://bugzilla.suse.com/1050257

https://bugzilla.suse.com/1051188

https://bugzilla.suse.com/1054590

https://bugzilla.suse.com/1054592

https://bugzilla.suse.com/1054593

https:/...

Read the Full Advisory

Announcement ID: openSUSE-SU-2018:1961-1
Rating: moderate
Affected Products: openSUSE Leap 15.0

Topics%20covered

Topics Covered

security advisory denial of service moderate severity exiv2 openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here