openSUSE: 2020:0482-1: moderate: exiv2

    Date 08 Apr 2020
    222
    Posted By LinuxSecurity Advisories
    An update that fixes 11 vulnerabilities is now available.
       openSUSE Security Update: Security update for exiv2
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2020:0482-1
    Rating:             moderate
    References:         #1040973 #1068873 #1088424 #1097599 #1097600 
                        #1109175 #1109176 #1109299 #1115364 #1117513 
                        #1142684 
    Cross-References:   CVE-2017-1000126 CVE-2017-9239 CVE-2018-12264
                        CVE-2018-12265 CVE-2018-17229 CVE-2018-17230
                        CVE-2018-17282 CVE-2018-19108 CVE-2018-19607
                        CVE-2018-9305 CVE-2019-13114
    Affected Products:
                        openSUSE Leap 15.1
    ______________________________________________________________________________
    
       An update that fixes 11 vulnerabilities is now available.
    
    Description:
    
       This update for exiv2 fixes the following issues:
    
       exiv2 was updated to latest 0.26 branch, fixing bugs and security issues:
    
       - CVE-2017-1000126: Fixed an out of bounds read in webp parser
         (bsc#1068873).
       - CVE-2017-9239: Fixed a segmentation fault in
         TiffImageEntry::doWriteImage function (bsc#1040973).
       - CVE-2018-12264: Fixed an integer overflow in LoaderTiff::getData() which
         might have led to an out-of-bounds read (bsc#1097600).
       - CVE-2018-12265: Fixed integer overflows in LoaderExifJpeg which could
         have led to memory corruption (bsc#1097599).
       - CVE-2018-17229: Fixed a heap based buffer overflow in Exiv2::d2Data via
         a crafted image (bsc#1109175).
       - CVE-2018-17230: Fixed a heap based buffer overflow in Exiv2::d2Data via
         a crafted image (bsc#1109176).
       - CVE-2018-17282: Fixed a null pointer dereference in
         Exiv2::DataValue::copy (bsc#1109299).
       - CVE-2018-19108: Fixed an integer overflow in
         Exiv2::PsdImage::readMetadata which could have led to infinite loop
         (bsc#1115364).
       - CVE-2018-19607: Fixed a null pointer dereference in Exiv2::isoSpeed
         which might have led to denial
         of service (bsc#1117513).
       - CVE-2018-9305:  Fixed an out of bounds read in IptcData::printStructure
         which might have led to to information leak or denial of service
         (bsc#1088424).
       - CVE-2019-13114: Fixed a null pointer dereference which might have led to
         denial of service via a crafted response of an malicious http server
         (bsc#1142684).
    
       This update was imported from the SUSE:SLE-15:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2020-482=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.1 (i586 x86_64):
    
          exiv2-0.26-lp151.7.3.1
          exiv2-debuginfo-0.26-lp151.7.3.1
          exiv2-debugsource-0.26-lp151.7.3.1
          libexiv2-26-0.26-lp151.7.3.1
          libexiv2-26-debuginfo-0.26-lp151.7.3.1
          libexiv2-devel-0.26-lp151.7.3.1
          libexiv2-doc-0.26-lp151.7.3.1
    
       - openSUSE Leap 15.1 (x86_64):
    
          libexiv2-26-32bit-0.26-lp151.7.3.1
          libexiv2-26-32bit-debuginfo-0.26-lp151.7.3.1
    
       - openSUSE Leap 15.1 (noarch):
    
          exiv2-lang-0.26-lp151.7.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2017-1000126.html
       https://www.suse.com/security/cve/CVE-2017-9239.html
       https://www.suse.com/security/cve/CVE-2018-12264.html
       https://www.suse.com/security/cve/CVE-2018-12265.html
       https://www.suse.com/security/cve/CVE-2018-17229.html
       https://www.suse.com/security/cve/CVE-2018-17230.html
       https://www.suse.com/security/cve/CVE-2018-17282.html
       https://www.suse.com/security/cve/CVE-2018-19108.html
       https://www.suse.com/security/cve/CVE-2018-19607.html
       https://www.suse.com/security/cve/CVE-2018-9305.html
       https://www.suse.com/security/cve/CVE-2019-13114.html
       https://bugzilla.suse.com/1040973
       https://bugzilla.suse.com/1068873
       https://bugzilla.suse.com/1088424
       https://bugzilla.suse.com/1097599
       https://bugzilla.suse.com/1097600
       https://bugzilla.suse.com/1109175
       https://bugzilla.suse.com/1109176
       https://bugzilla.suse.com/1109299
       https://bugzilla.suse.com/1115364
       https://bugzilla.suse.com/1117513
       https://bugzilla.suse.com/1142684
    
    -- 
    

    LinuxSecurity Poll

    Do you agree with Linus Torvalds' decision to reject the controversial patch mitigating the Snoop attack on Intel CPUs?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/28-do-you-agree-with-linus-torvalds-decision-to-reject-the-controversial-patch-mitigating-the-snoop-attack-on-intel-cpus?task=poll.vote&format=json
    28
    radio
    [{"id":"100","title":"Yes - this was undoubtedly the right decision.","votes":"1","type":"x","order":"1","pct":50,"resources":[]},{"id":"101","title":"Not sure...","votes":"1","type":"x","order":"2","pct":50,"resources":[]},{"id":"102","title":"No - he made a big mistake here.","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.