Security update for exiv2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:3882-2 Final 1 1 2018-12-12T15:06:31Z current 2018-12-12T15:06:31Z 2018-12-12T15:06:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for exiv2 This update for exiv2 fixes the following issues: - CVE-2017-11591: A floating point exception in the Exiv2::ValueType function could lead to a remote denial of service attack via crafted input. (bsc#1050257) - CVE-2017-14864: An invalid memory address dereference was discovered in Exiv2::getULong in types.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060995) - CVE-2017-14862: An invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060996) - CVE-2017-14859: An invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1061000) - CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp that could lead to a remote denial of service attack via crafted input. (bsc#1051188) - CVE-2017-17669: There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A crafted PNG file would lead to a remote denial of service attack. (bsc#1072928) - CVE-2018-10958: In types.cpp a large size value might have lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. (bsc#1092952) - CVE-2018-10998: readMetadata in jp2image.cpp allowed remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. (bsc#1093095) - CVE-2018-11531: Exiv2 had a heap-based buffer overflow in getData in preview.cpp. (bsc#1095070) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP4-2018-2772,SUSE-SLE-SDK-12-SP4-2018-2772,SUSE-SLE-SERVER-12-SP4-2018-2772 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20183882-2/ Link for SUSE-SU-2018:3882-2 https://lists.suse.com/pipermail/sle-security-updates/2018-December/004960.html E-Mail link for SUSE-SU-2018:3882-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1050257 SUSE Bug 1050257 https://bugzilla.suse.com/1051188 SUSE Bug 1051188 https://bugzilla.suse.com/1060995 SUSE Bug 1060995 https://bugzilla.suse.com/1060996 SUSE Bug 1060996 https://bugzilla.suse.com/1061000 SUSE Bug 1061000 https://bugzilla.suse.com/1072928 SUSE Bug 1072928 https://bugzilla.suse.com/1092952 SUSE Bug 1092952 https://bugzilla.suse.com/1093095 SUSE Bug 1093095 https://bugzilla.suse.com/1095070 SUSE Bug 1095070 https://www.suse.com/security/cve/CVE-2017-11591/ SUSE CVE CVE-2017-11591 page https://www.suse.com/security/cve/CVE-2017-11683/ SUSE CVE CVE-2017-11683 page https://www.suse.com/security/cve/CVE-2017-14859/ SUSE CVE CVE-2017-14859 page https://www.suse.com/security/cve/CVE-2017-14862/ SUSE CVE CVE-2017-14862 page https://www.suse.com/security/cve/CVE-2017-14864/ SUSE CVE CVE-2017-14864 page https://www.suse.com/security/cve/CVE-2017-17669/ SUSE CVE CVE-2017-17669 page https://www.suse.com/security/cve/CVE-2018-10958/ SUSE CVE CVE-2018-10958 page https://www.suse.com/security/cve/CVE-2018-10998/ SUSE CVE CVE-2018-10998 page https://www.suse.com/security/cve/CVE-2018-11531/ SUSE CVE CVE-2018-11531 page SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 libexiv2-12-0.23-12.5.1 libexiv2-devel-0.23-12.5.1 libexiv2-12-0.23-12.5.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 libexiv2-12-0.23-12.5.1 as a component of SUSE Linux Enterprise Server 12 SP4 libexiv2-12-0.23-12.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libexiv2-devel-0.23-12.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. CVE-2017-11591 SUSE Linux Enterprise Desktop 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libexiv2-devel-0.23-12.5.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183882-2/ https://www.suse.com/security/cve/CVE-2017-11591.html CVE-2017-11591 https://bugzilla.suse.com/1050257 SUSE Bug 1050257 https://bugzilla.suse.com/1061023 SUSE Bug 1061023 https://bugzilla.suse.com/1061025 SUSE Bug 1061025 https://bugzilla.suse.com/1068871 SUSE Bug 1068871 There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. CVE-2017-11683 SUSE Linux Enterprise Desktop 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libexiv2-devel-0.23-12.5.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183882-2/ https://www.suse.com/security/cve/CVE-2017-11683.html CVE-2017-11683 https://bugzilla.suse.com/1051188 SUSE Bug 1051188 https://bugzilla.suse.com/1061023 SUSE Bug 1061023 https://bugzilla.suse.com/1061025 SUSE Bug 1061025 https://bugzilla.suse.com/1068871 SUSE Bug 1068871 An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE-2017-14859 SUSE Linux Enterprise Desktop 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libexiv2-devel-0.23-12.5.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183882-2/ https://www.suse.com/security/cve/CVE-2017-14859.html CVE-2017-14859 https://bugzilla.suse.com/1061000 SUSE Bug 1061000 https://bugzilla.suse.com/1061023 SUSE Bug 1061023 https://bugzilla.suse.com/1061025 SUSE Bug 1061025 https://bugzilla.suse.com/1068871 SUSE Bug 1068871 An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE-2017-14862 SUSE Linux Enterprise Desktop 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libexiv2-devel-0.23-12.5.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183882-2/ https://www.suse.com/security/cve/CVE-2017-14862.html CVE-2017-14862 https://bugzilla.suse.com/1060996 SUSE Bug 1060996 https://bugzilla.suse.com/1061023 SUSE Bug 1061023 https://bugzilla.suse.com/1061025 SUSE Bug 1061025 https://bugzilla.suse.com/1068871 SUSE Bug 1068871 An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE-2017-14864 SUSE Linux Enterprise Desktop 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libexiv2-devel-0.23-12.5.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183882-2/ https://www.suse.com/security/cve/CVE-2017-14864.html CVE-2017-14864 https://bugzilla.suse.com/1060995 SUSE Bug 1060995 https://bugzilla.suse.com/1061023 SUSE Bug 1061023 https://bugzilla.suse.com/1061025 SUSE Bug 1061025 https://bugzilla.suse.com/1068871 SUSE Bug 1068871 https://bugzilla.suse.com/1080734 SUSE Bug 1080734 There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. CVE-2017-17669 SUSE Linux Enterprise Desktop 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libexiv2-devel-0.23-12.5.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183882-2/ https://www.suse.com/security/cve/CVE-2017-17669.html CVE-2017-17669 https://bugzilla.suse.com/1072928 SUSE Bug 1072928 In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. CVE-2018-10958 SUSE Linux Enterprise Desktop 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libexiv2-devel-0.23-12.5.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183882-2/ https://www.suse.com/security/cve/CVE-2018-10958.html CVE-2018-10958 https://bugzilla.suse.com/1092952 SUSE Bug 1092952 An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. CVE-2018-10998 SUSE Linux Enterprise Desktop 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libexiv2-devel-0.23-12.5.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183882-2/ https://www.suse.com/security/cve/CVE-2018-10998.html CVE-2018-10998 https://bugzilla.suse.com/1093095 SUSE Bug 1093095 Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. CVE-2018-11531 SUSE Linux Enterprise Desktop 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexiv2-12-0.23-12.5.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libexiv2-devel-0.23-12.5.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183882-2/ https://www.suse.com/security/cve/CVE-2018-11531.html CVE-2018-11531 https://bugzilla.suse.com/1095070 SUSE Bug 1095070