This update for exiv2 fixes the following issues: - CVE-2017-11591: A floating point exception in the Exiv2::ValueType function could lead to a remote denial of service attack via crafted input. (bsc#1050257) - CVE-2017-14864: An invalid memory address dereference was discovered in Exiv2::getULong in types.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060995) - CVE-2017-14862: An invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060996) - CVE-2017-14859: An invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused a
#1050257 #1051188 #1060995 #1060996 #1061000
#1072928 #1092952 #1093095 #1095070
Cross- CVE-2017-11591 CVE-2017-11683 CVE-2017-14859
CVE-2017-14862 CVE-2017-14864 CVE-2017-17669
CVE-2018-10958 CVE-2018-10998 CVE-2018-11531
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP4
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Desktop 12-SP4
https://www.suse.com/security/cve/CVE-2017-11591.html
https://www.suse.com/security/cve/CVE-2017-11683.html
https://www.suse.com/security/cve/CVE-2017-14859.html
https://www.suse.com/security/cve/CVE-2017-14862.html
https://www.suse.com/security/cve/CVE-2017-14864.html
https://www.suse.com/security/cve/CVE-2017-17669.html
Get the latest Linux and open source security news straight to your inbox.