Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0238)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2020.0238

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2020-0238)

Zusammenfassung: The remote host is missing an update for the 'exif, libexif' package(s) announced via the MGASA-2020-0238 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'exif, libexif' package(s) announced via the MGASA-2020-0238 advisory.

Vulnerability Insight:
The updated packages fix a security vulnerability:

In exif_data_save_data_entry of exif-data.c, there is a possible out of
bounds read due to a missing bounds check. This could lead to local
information disclosure with no additional execution privileges needed.
User interaction is needed for exploitation. (CVE-2020-0093)

exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero
error (CVE-2020-12767).

An issue was discovered in libexif before 0.6.22. Several buffer over-reads in
EXIF MakerNote handling could lead to information disclosure and crashes
(CVE-2020-13112).

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory
in EXIF Makernote handling could lead to crashes and potential use-after-free
conditions (CVE-2020-13113).

An issue was discovered in libexif before 0.6.22. An unrestricted size in
handling Canon EXIF MakerNote data could lead to consumption of large amounts
of compute time for decoding EXIF data (CVE-2020-13114).

The libexif package has been updated to version 0.6.22, fixing these issues
and other bugs.

Also, the exif package has been updated to version 0.6.22. See the upstream
NEWS files for details.

Affected Software/OS:
'exif, libexif' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-0093
https://security.gentoo.org/glsa/202007-05
https://source.android.com/security/bulletin/2020-05-01
https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html
SuSE Security Announcement: openSUSE-SU-2020:0793 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
https://usn.ubuntu.com/4396-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-13112
https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1
https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-13113
https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f
Common Vulnerability Exposure (CVE) ID: CVE-2020-13114
https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2020.0238
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2020-0238)
Zusammenfassung:	The remote host is missing an update for the 'exif, libexif' package(s) announced via the MGASA-2020-0238 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'exif, libexif' package(s) announced via the MGASA-2020-0238 advisory. Vulnerability Insight: The updated packages fix a security vulnerability: In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. (CVE-2020-0093) exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error (CVE-2020-12767). An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes (CVE-2020-13112). An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions (CVE-2020-13113). An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data (CVE-2020-13114). The libexif package has been updated to version 0.6.22, fixing these issues and other bugs. Also, the exif package has been updated to version 0.6.22. See the upstream NEWS files for details. Affected Software/OS: 'exif, libexif' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-0093 https://security.gentoo.org/glsa/202007-05 https://source.android.com/security/bulletin/2020-05-01 https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html SuSE Security Announcement: openSUSE-SU-2020:0793 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://usn.ubuntu.com/4396-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-13112 https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2020-13113 https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f Common Vulnerability Exposure (CVE) ID: CVE-2020-13114 https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab
Copyright	Copyright (C) 2022 Greenbone AG