Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

SUSE: 2018:3882-2 Moderate: exiv2 Denial of Service Risks

suse
Calendar Grey December 12, 2018
Dist Suse Esm H88
SUSE Security Update: This update for Exiv2 fixes several moderate severity issues and includes essential patches.
An update that fixes 9 vulnerabilities is now available

Summary

This update for exiv2 fixes the following issues: - CVE-2017-11591: A floating point exception in the Exiv2::ValueType function could lead to a remote denial of service attack via crafted input. (bsc#1050257) - CVE-2017-14864: An invalid memory address dereference was discovered in Exiv2::getULong in types.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060995) - CVE-2017-14862: An invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060996) - CVE-2017-14859: An invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused a

References

#1050257 #1051188 #1060995 #1060996 #1061000

#1072928 #1092952 #1093095 #1095070

Cross- CVE-2017-11591 CVE-2017-11683 CVE-2017-14859

CVE-2017-14862 CVE-2017-14864 CVE-2017-17669

CVE-2018-10958 CVE-2018-10998 CVE-2018-11531

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Desktop 12-SP4

https://www.suse.com/security/cve/CVE-2017-11591.html

https://www.suse.com/security/cve/CVE-2017-11683.html

https://www.suse.com/security/cve/CVE-2017-14859.html

https://www.suse.com/security/cve/CVE-2017-14862.html

https://www.suse.com/security/cve/CVE-2017-14864.html

https://www.suse.com/security/cve/CVE-2017-17669.html

Announcement ID: SUSE-SU-2018:3882-2
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here