Описание
Security update for libexif
This update for libexif fixes the following issues:
- CVE-2020-0181: Fixed an integer overflow that could lead to denial of service (bsc#1172802).
- CVE-2020-0198: Fixed and unsigned integer overflow that could lead to denial of service (bsc#1172768).
- CVE-2020-0452: Fixed a buffer overflow check that could be optimized away by the compiler (bsc#1178479).
Список пакетов
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
SUSE Linux Enterprise Module for Package Hub 15 SP3
SUSE Linux Enterprise Module for Package Hub 15 SP4
SUSE Linux Enterprise Real Time 15 SP2
SUSE Linux Enterprise Server 15 SP1-BCL
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server 15 SP2-BCL
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
openSUSE Leap 15.3
Ссылки
- Link for SUSE-SU-2022:1148-1
- E-Mail link for SUSE-SU-2022:1148-1
- SUSE Security Ratings
- SUSE Bug 1172768
- SUSE Bug 1172802
- SUSE Bug 1178479
- SUSE CVE CVE-2020-0181 page
- SUSE CVE CVE-2020-0198 page
- SUSE CVE CVE-2020-0452 page
Описание
In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076
Затронутые продукты
Ссылки
- CVE-2020-0181
- SUSE Bug 1172802
Описание
In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941
Затронутые продукты
Ссылки
- CVE-2020-0198
- SUSE Bug 1172768
Описание
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731
Затронутые продукты
Ссылки
- CVE-2020-0452
- SUSE Bug 1178479
- SUSE Bug 1208307