Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.853101 |
Kategorie: | SuSE Local Security Checks |
Titel: | openSUSE: Security Advisory for exiv2 (openSUSE-SU-2020:0482-1) |
Zusammenfassung: | The remote host is missing an update for the 'exiv2'; package(s) announced via the openSUSE-SU-2020:0482-1 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'exiv2' package(s) announced via the openSUSE-SU-2020:0482-1 advisory. Vulnerability Insight: This update for exiv2 fixes the following issues: exiv2 was updated to latest 0.26 branch, fixing bugs and security issues: - CVE-2017-1000126: Fixed an out of bounds read in webp parser (bsc#1068873). - CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973). - CVE-2018-12264: Fixed an integer overflow in LoaderTiff::getData() which might have led to an out-of-bounds read (bsc#1097600). - CVE-2018-12265: Fixed integer overflows in LoaderExifJpeg which could have led to memory corruption (bsc#1097599). - CVE-2018-17229: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109175). - CVE-2018-17230: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109176). - CVE-2018-17282: Fixed a null pointer dereference in Exiv2::DataValue::copy (bsc#1109299). - CVE-2018-19108: Fixed an integer overflow in Exiv2::PsdImage::readMetadata which could have led to infinite loop (bsc#1115364). - CVE-2018-19607: Fixed a null pointer dereference in Exiv2::isoSpeed which might have led to denial of service (bsc#1117513). - CVE-2018-9305: Fixed an out of bounds read in IptcData::printStructure which might have led to information leak or denial of service (bsc#1088424). - CVE-2019-13114: Fixed a null pointer dereference which might have led to denial of service via a crafted response of a malicious http server (bsc#1142684). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-482=1 Affected Software/OS: 'exiv2' package(s) on openSUSE Leap 15.1. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-9239 BugTraq ID: 98720 http://www.securityfocus.com/bid/98720 http://dev.exiv2.org/issues/1295 https://github.com/lolo-pop/poc/tree/master/Segmentation%20fault%20in%20convert-test(exiv2) SuSE Security Announcement: openSUSE-SU-2020:0482 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html https://usn.ubuntu.com/3852-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-9305 https://security.gentoo.org/glsa/201811-14 https://github.com/Exiv2/exiv2/issues/263 https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md RedHat Security Advisories: RHSA-2019:2101 https://access.redhat.com/errata/RHSA-2019:2101 |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |