Описание
Security update for libexif
This update for libexif fixes the following issues:
- CVE-2019-9278: Fixed an integer overflow (bsc#1160770).
- CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943).
Список пакетов
HPE Helion OpenStack 8
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Enterprise Storage 5
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Linux Enterprise Desktop 12 SP4
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Linux Enterprise Server 12 SP1-LTSS
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Linux Enterprise Server 12 SP2-BCL
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Linux Enterprise Server 12 SP2-LTSS
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Linux Enterprise Server 12 SP3-BCL
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Linux Enterprise Server 12 SP3-LTSS
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Linux Enterprise Server 12 SP4
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Linux Enterprise Server 12 SP5
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libexif-devel-0.6.21-8.6.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libexif-devel-0.6.21-8.6.1
SUSE OpenStack Cloud 7
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE OpenStack Cloud 8
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
SUSE OpenStack Cloud Crowbar 8
libexif12-0.6.21-8.6.1
libexif12-32bit-0.6.21-8.6.1
Ссылки
- Link for SUSE-SU-2020:0457-1
- E-Mail link for SUSE-SU-2020:0457-1
- SUSE Security Ratings
- SUSE Bug 1120943
- SUSE Bug 1160770
- SUSE CVE CVE-2018-20030 page
- SUSE CVE CVE-2019-9278 page
Описание
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
Затронутые продукты
HPE Helion OpenStack 8:libexif12-0.6.21-8.6.1
HPE Helion OpenStack 8:libexif12-32bit-0.6.21-8.6.1
SUSE Enterprise Storage 5:libexif12-0.6.21-8.6.1
SUSE Enterprise Storage 5:libexif12-32bit-0.6.21-8.6.1
Ссылки
- CVE-2018-20030
- SUSE Bug 1120943
Описание
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774
Затронутые продукты
HPE Helion OpenStack 8:libexif12-0.6.21-8.6.1
HPE Helion OpenStack 8:libexif12-32bit-0.6.21-8.6.1
SUSE Enterprise Storage 5:libexif12-0.6.21-8.6.1
SUSE Enterprise Storage 5:libexif12-32bit-0.6.21-8.6.1
Ссылки
- CVE-2019-9278
- SUSE Bug 1160770