Lucene search
Cloud FoundryCFOUNDRY:9E4060597764A1A0038C533A370CCF5EHistoryJun 24, 2020 - 12:00 a.m.
USN-4358-1: libexif vulnerabilities | Cloud Foundry
2020-06-2400:00:00
Cloud Foundry
www.cloudfoundry.org
11
0.007 Low
EPSS
Percentile
80.5%
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 14.04
- Canonical Ubuntu 18.04
Description
It was discovered that libexif incorrectly handled certain tags. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20030)
It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. (CVE-2020-12767)
CVEs contained in this USN include: CVE-2018-20030, CVE-2020-12767.
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- cflinuxfs3
- All versions prior to 0.180.0
- CF Deployment
- All versions prior to v13.5.0
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
- cflinuxfs3
- Upgrade All versions to 0.180.0 or greater
- CF Deployment
- Upgrade All versions to v13.5.0 or greater
References
History
2020-05-13: Initial vulnerability report published.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cflinuxfs3 | lt | 0.180.0 |
Related
ubuntu
ubuntu
libexif vulnerabilities
2020-05-13 00:00:00
nessus
nessus
RHEL 8 : libexif (Unpatched Vulnerability)
2024-05-11 00:00:00
EulerOS 2.0 SP2 : libexif (EulerOS-SA-2019-1116)
2019-04-02 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4358-1)
2020-05-14 00:00:00
Huawei EulerOS: Security Advisory for libexif (EulerOS-SA-2019-1781)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libexif (EulerOS-SA-2019-1095)
2020-01-23 00:00:00
redhatcve
redhatcve
CVE-2018-20030
2019-01-07 09:49:35
CVE-2020-12767
2020-05-12 18:42:29
mageia
mageia
Updated libexif packages fix security vulnerability
2019-02-21 01:18:01
Updated libexif packages fix security vulnerability
2020-05-27 22:06:44
veracode
veracode
Denial Of Service (DoS)
2019-02-21 04:43:33
Divide-by-zero Error
2020-10-01 03:51:25
prion
prion
Code injection
2019-02-20 17:29:00
Design/Logic Flaw
2020-05-09 21:15:00
osv
osv
CVE-2020-12767
2020-05-09 21:15:11
libexif - security update
2020-05-18 00:00:00
CVE-2018-20030
2019-02-20 17:29:00
debian
debian
[SECURITY] [DLA 2214-1] libexif security update
2020-05-18 05:12:09
[SECURITY] [DLA 2222-1] libexif security update
2020-05-28 14:29:35
cve
cve
CVE-2018-20030
2019-02-20 17:29:00
CVE-2020-12767
2020-05-09 21:15:11
cvelist
cvelist
CVE-2018-20030
2018-10-12 00:00:00
CVE-2020-12767
2020-05-09 20:17:00
ubuntucve
ubuntucve
CVE-2018-20030
2019-02-20 00:00:00
CVE-2020-12767
2020-05-09 00:00:00
debiancve
debiancve
CVE-2018-20030
2019-02-20 17:29:00
CVE-2020-12767
2020-05-09 21:15:11
nvd
nvd
CVE-2020-12767
2020-05-09 21:15:11
CVE-2018-20030
2019-02-20 17:29:00
alpinelinux
alpinelinux
CVE-2020-12767
2020-05-09 21:15:11
CVE-2018-20030
2019-02-20 17:29:00
fedora
fedora
[SECURITY] Fedora 28 Update: libexif-0.6.21-19.fc28
2019-03-01 23:11:16
[SECURITY] Fedora 29 Update: libexif-0.6.21-19.fc29
2019-02-15 02:39:33
suse
suse
Security update for libexif (moderate)
2020-03-01 00:00:00
Security update for libexif (moderate)
2020-06-11 00:00:00
slackware
slackware
[slackware-security] libexif
2020-05-19 20:20:39
freebsd
freebsd
libexif -- multiple vulnerabilities
2020-05-18 00:00:00
redhat
redhat
(RHSA-2020:4040) Moderate: libexif security, bug fix, and enhancement update
2020-09-29 07:53:57
(RHSA-2020:4766) Moderate: libexif security, bug fix, and enhancement update
2020-11-03 12:34:21
amazon
amazon
Medium: libexif
2020-10-22 18:12:00
centos
centos
libexif security update
2020-10-20 18:21:32
oraclelinux
oraclelinux
libexif security, bug fix, and enhancement update
2020-10-06 00:00:00
libexif security, bug fix, and enhancement update
2020-11-10 00:00:00
gentoo
gentoo
libexif: Multiple vulnerabilities
2020-07-26 00:00:00