You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke libexif

Sigurnosni nedostaci programske biblioteke libexif

openSUSE Security Update: Security update for libexif
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:0793-1
Rating: moderate
References: #1055857 #1059893 #1120943 #1160770 #1171475
#1171847 #1172105 #1172116 #1172121
Cross-References: CVE-2016-6328 CVE-2017-7544 CVE-2018-20030
CVE-2019-9278 CVE-2020-0093 CVE-2020-12767
CVE-2020-13112 CVE-2020-13113 CVE-2020-13114

Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

This update for libexif to 0.6.22 fixes the following issues:

Security issues fixed:

– CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of
the input file (bsc#1055857).
– CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in
exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893).
– CVE-2018-20030: Fixed a denial of service by endless recursion
(bsc#1120943).
– CVE-2019-9278: Fixed an integer overflow (bsc#1160770).
– CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry
(bsc#1171847).
– CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value
(bsc#1171475).
– CVE-2020-13112: Fixed a time consumption DoS when parsing canon array
markers (bsc#1172121).
– CVE-2020-13113: Fixed a potential use of uninitialized memory
(bsc#1172105).
– CVE-2020-13114: Fixed various buffer overread fixes due to integer
overflows in maker notes (bsc#1172116).

Non-security issues fixed:

– libexif was updated to version 0.6.22:
* New translations: ms
* Updated translations for most languages
* Some useful EXIF 2.3 tag added:
* EXIF_TAG_GAMMA
* EXIF_TAG_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE
* EXIF_TAG_GPS_H_POSITIONING_ERROR
* EXIF_TAG_CAMERA_OWNER_NAME
* EXIF_TAG_BODY_SERIAL_NUMBER
* EXIF_TAG_LENS_SPECIFICATION
* EXIF_TAG_LENS_MAKE
* EXIF_TAG_LENS_MODEL
* EXIF_TAG_LENS_SERIAL_NUMBER

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-793=1

Package List:

– openSUSE Leap 15.1 (i586 x86_64):

libexif-debugsource-0.6.22-lp151.4.6.1
libexif-devel-0.6.22-lp151.4.6.1
libexif12-0.6.22-lp151.4.6.1
libexif12-debuginfo-0.6.22-lp151.4.6.1

– openSUSE Leap 15.1 (x86_64):

libexif-devel-32bit-0.6.22-lp151.4.6.1
libexif12-32bit-0.6.22-lp151.4.6.1
libexif12-32bit-debuginfo-0.6.22-lp151.4.6.1

References:

https://www.suse.com/security/cve/CVE-2016-6328.html
https://www.suse.com/security/cve/CVE-2017-7544.html
https://www.suse.com/security/cve/CVE-2018-20030.html
https://www.suse.com/security/cve/CVE-2019-9278.html
https://www.suse.com/security/cve/CVE-2020-0093.html
https://www.suse.com/security/cve/CVE-2020-12767.html
https://www.suse.com/security/cve/CVE-2020-13112.html
https://www.suse.com/security/cve/CVE-2020-13113.html
https://www.suse.com/security/cve/CVE-2020-13114.html
https://bugzilla.suse.com/1055857
https://bugzilla.suse.com/1059893
https://bugzilla.suse.com/1120943
https://bugzilla.suse.com/1160770
https://bugzilla.suse.com/1171475
https://bugzilla.suse.com/1171847
https://bugzilla.suse.com/1172105
https://bugzilla.suse.com/1172116
https://bugzilla.suse.com/1172121


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje osjetljivih informacija. Savjetuje se ažuriranje izdanim...

Close