Security update for exiv2

Announcement ID:	SUSE-SU-2018:1882-1
Rating:	moderate
References:	bsc#1048883 bsc#1050257 bsc#1051188 bsc#1054590 bsc#1054592 bsc#1054593 bsc#1060995 bsc#1060996 bsc#1061000 bsc#1061023
Cross-References:	CVE-2017-11337 CVE-2017-11338 CVE-2017-11339 CVE-2017-11340 CVE-2017-11553 CVE-2017-11591 CVE-2017-11592 CVE-2017-11683 CVE-2017-12955 CVE-2017-12956 CVE-2017-12957 CVE-2017-14859 CVE-2017-14860 CVE-2017-14862 CVE-2017-14864
CVSS scores:	CVE-2017-11337 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-11338 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-11338 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-11339 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-11340 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-11553 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-11553 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-11591 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-11591 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-11591 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-11592 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-11592 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-11683 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-11683 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-11683 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-12955 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-12956 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-12957 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-12957 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14859 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14859 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14860 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14862 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14862 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14864 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14864 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:	Desktop Applications Module 15 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15

An update that solves 15 vulnerabilities can now be installed.

Description:

This update for exiv2 to 0.26 fixes the following security issues:

• CVE-2017-14864: Prevent invalid memory address dereference in Exiv2::getULong that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1060995).
• CVE-2017-14862: Prevent invalid memory address dereference in Exiv2::DataValue::read that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1060996).
• CVE-2017-14859: Prevent invalid memory address dereference in Exiv2::StringValueBase::read that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1061000).
• CVE-2017-14860: Prevent heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function via a crafted input that could have lead to a denial of service attack (bsc#1061023).
• CVE-2017-11337: Prevent invalid free in the Action::TaskFactory::cleanup function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883).
• CVE-2017-11338: Prevent infinite loop in the Exiv2::Image::printIFDStructure function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883).
• CVE-2017-11339: Prevent heap-based buffer overflow in the Image::printIFDStructure function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883).
• CVE-2017-11340: Prevent Segmentation fault in the XmpParser::terminate() function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883).
• CVE-2017-12955: Prevent heap-based buffer overflow. The vulnerability caused an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact (bsc#1054593).
• CVE-2017-12956: Preventn illegal address access in Exiv2::FileIo::pathabi:cxx11 that could have lead to remote denial of service (bsc#1054592).
• CVE-2017-12957: Prevent heap-based buffer over-read that was triggered in the Exiv2::Image::io function and could have lead to remote denial of service (bsc#1054590).
• CVE-2017-11683: Prevent reachable assertion in the Internal::TiffReader::visitDirectory function that could have lead to a remote denial of service attack via crafted input (bsc#1051188).
• CVE-2017-11591: Prevent Floating point exception in the Exiv2::ValueType function that could have lead to a remote denial of service attack via crafted input (bsc#1050257).
• CVE-2017-11553: Prevent illegal address access in the extend_alias_table function via a crafted input could have lead to remote denial of service.
• CVE-2017-11592: Prevent mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function that could have lead to a remote denial of service attack (heap memory corruption) via crafted input.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Desktop Applications Module 15
  zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1280=1

Package List:

• Desktop Applications Module 15 (aarch64 ppc64le s390x x86_64)
  • exiv2-debugsource-0.26-6.3.1
  • exiv2-debuginfo-0.26-6.3.1
  • libexiv2-26-debuginfo-0.26-6.3.1
  • libexiv2-devel-0.26-6.3.1
  • libexiv2-26-0.26-6.3.1

References:

• https://www.suse.com/security/cve/CVE-2017-11337.html
• https://www.suse.com/security/cve/CVE-2017-11338.html
• https://www.suse.com/security/cve/CVE-2017-11339.html
• https://www.suse.com/security/cve/CVE-2017-11340.html
• https://www.suse.com/security/cve/CVE-2017-11553.html
• https://www.suse.com/security/cve/CVE-2017-11591.html
• https://www.suse.com/security/cve/CVE-2017-11592.html
• https://www.suse.com/security/cve/CVE-2017-11683.html
• https://www.suse.com/security/cve/CVE-2017-12955.html
• https://www.suse.com/security/cve/CVE-2017-12956.html
• https://www.suse.com/security/cve/CVE-2017-12957.html
• https://www.suse.com/security/cve/CVE-2017-14859.html
• https://www.suse.com/security/cve/CVE-2017-14860.html
• https://www.suse.com/security/cve/CVE-2017-14862.html
• https://www.suse.com/security/cve/CVE-2017-14864.html
• https://bugzilla.suse.com/show_bug.cgi?id=1048883
• https://bugzilla.suse.com/show_bug.cgi?id=1050257
• https://bugzilla.suse.com/show_bug.cgi?id=1051188
• https://bugzilla.suse.com/show_bug.cgi?id=1054590
• https://bugzilla.suse.com/show_bug.cgi?id=1054592
• https://bugzilla.suse.com/show_bug.cgi?id=1054593
• https://bugzilla.suse.com/show_bug.cgi?id=1060995
• https://bugzilla.suse.com/show_bug.cgi?id=1060996
• https://bugzilla.suse.com/show_bug.cgi?id=1061000
• https://bugzilla.suse.com/show_bug.cgi?id=1061023