Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2020:0860-1 Moderate: exiv2 Denial of Service Fixes

suse
Calendar Grey April 3, 2020
Dist Suse Esm H88
SUSE has released a security update for exiv2, identified as SUSE-SU-2020:0860-1, which is categorized as moderate and addresses six security vulnerabilities.
An update that fixes 6 vulnerabilities is now available

Summary

This update for exiv2 fixes the following issues: - CVE-2018-17581: Fixed an excessive stack consumption in CiffDirectory:readDirectory() which might have led to denial of service (bsc#1110282). - CVE-2019-13110: Fixed an integer overflow and an out of bounds read in CiffDirectory:readDirectory which might have led to denial of service (bsc#1142678). - CVE-2019-13113: Fixed a potential denial of service via an invalid data location in a CRW image (bsc#1142683). - CVE-2019-17402: Fixed an improper validation of the relationship of the total size to the offset and size in Exiv2::getULong (bsc#1153577). - CVE-2019-20421: Fixed an infinite loop triggered via an input file (bsc#1161901). - CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973). Patch Instructions:

Topics%20covered

Topics Covered

security advisory moderate denial of service update SUSE exiv2

References

#1040973 #1110282 #1142678 #1142683 #1153577

#1161901

Cross- CVE-2017-9239 CVE-2018-17581 CVE-2019-13110

CVE-2019-13113 CVE-2019-17402 CVE-2019-20421

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server 12-SP4

https://www.suse.com/security/cve/CVE-2017-9239.html

https://www.suse.com/security/cve/CVE-2018-17581.html

https://www.suse.com/security/cve/CVE-2019-13110.html

https://www.suse.com/security/cve/CVE-2019-13113.html

https://www.suse.com/security/cve/CVE-2019-17402.html

https://www.suse.com/security/cve/CVE-2019-20421.html

https://bugzilla.suse.com/1040973

https://bugzilla.suse.com/1110282

Announcement ID: SUSE-SU-2020:0860-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate denial of service update SUSE exiv2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here