Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.1.4.2020.1534.1 |
Category: | SuSE Local Security Checks |
Title: | SUSE: Security Advisory (SUSE-SU-2020:1534-1) |
Summary: | The remote host is missing an update for the 'libexif' package(s) announced via the SUSE-SU-2020:1534-1 advisory. |
Description: | Summary: The remote host is missing an update for the 'libexif' package(s) announced via the SUSE-SU-2020:1534-1 advisory. Vulnerability Insight: This update for libexif fixes the following issues: Security issues fixed: CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). CVE-2019-9278: Fixed an integer overflow (bsc#1160770). CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER Affected Software/OS: 'libexif' package(s) on HPE Helion Openstack 8, SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP1, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP 12-SP1, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-6328 https://security.gentoo.org/glsa/202007-05 https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html SuSE Security Announcement: openSUSE-SU-2020:0793 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://usn.ubuntu.com/4277-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-7544 https://sourceforge.net/p/libexif/bugs/130/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9278 Bugtraq: 20200210 [SECURITY] [DSA 4618-1] libexif security update (Google Search) https://seclists.org/bugtraq/2020/Feb/9 Debian Security Information: DSA-4618 (Google Search) https://www.debian.org/security/2020/dsa-4618 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/ https://source.android.com/security/bulletin/android-10 https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html http://www.openwall.com/lists/oss-security/2019/10/25/17 http://www.openwall.com/lists/oss-security/2019/10/27/1 http://www.openwall.com/lists/oss-security/2019/11/07/1 SuSE Security Announcement: openSUSE-SU-2020:0264 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2020-0093 https://source.android.com/security/bulletin/2020-05-01 https://usn.ubuntu.com/4396-1/ |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |