Описание
Security update for libexif
This update for libexif fixes several issues.
These security issues were fixed:
- CVE-2016-6328: Fixed integer overflow in parsing MNOTE entry data of the input file (bsc#1055857)
- CVE-2017-7544: Fixed out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure (bsc#1059893)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libexif12-0.6.21-8.3.1
libexif12-32bit-0.6.21-8.3.1
SUSE Linux Enterprise Desktop 12 SP3
libexif12-0.6.21-8.3.1
libexif12-32bit-0.6.21-8.3.1
SUSE Linux Enterprise Server 12 SP2
libexif12-0.6.21-8.3.1
libexif12-32bit-0.6.21-8.3.1
SUSE Linux Enterprise Server 12 SP3
libexif12-0.6.21-8.3.1
libexif12-32bit-0.6.21-8.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libexif12-0.6.21-8.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libexif12-0.6.21-8.3.1
libexif12-32bit-0.6.21-8.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libexif12-0.6.21-8.3.1
libexif12-32bit-0.6.21-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libexif-devel-0.6.21-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libexif-devel-0.6.21-8.3.1
Ссылки
- Link for SUSE-SU-2018:0193-1
- E-Mail link for SUSE-SU-2018:0193-1
- SUSE Security Ratings
- SUSE Bug 1055857
- SUSE Bug 1059893
- SUSE CVE CVE-2016-6328 page
- SUSE CVE CVE-2017-7544 page
Описание
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libexif12-0.6.21-8.3.1
SUSE Linux Enterprise Desktop 12 SP2:libexif12-32bit-0.6.21-8.3.1
SUSE Linux Enterprise Desktop 12 SP3:libexif12-0.6.21-8.3.1
SUSE Linux Enterprise Desktop 12 SP3:libexif12-32bit-0.6.21-8.3.1
Ссылки
- CVE-2016-6328
- SUSE Bug 1055857
Описание
libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libexif12-0.6.21-8.3.1
SUSE Linux Enterprise Desktop 12 SP2:libexif12-32bit-0.6.21-8.3.1
SUSE Linux Enterprise Desktop 12 SP3:libexif12-0.6.21-8.3.1
SUSE Linux Enterprise Desktop 12 SP3:libexif12-32bit-0.6.21-8.3.1
Ссылки
- CVE-2017-7544
- SUSE Bug 1059893