Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623114202211481HistoryApr 12, 2022 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2022:1148-1)
2022-04-1200:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
12
suse-su-2022:1148-1
libexif
cve-2020-0181
cve-2020-0198
cve-2020-0452
suse caas platform
suse enterprise storage
suse linux enterprise high performance computing
suse linux enterprise module for desktop applications
suse linux enterprise module for packagehub subpackages
suse linux enterprise realtime extension
suse linux enterprise server
suse linux enterprise server for sap
suse manager proxy
suse manager retail branch server
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.133
Percentile
95.7%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2022.1148.1");
script_cve_id("CVE-2020-0181", "CVE-2020-0198", "CVE-2020-0452");
script_tag(name:"creation_date", value:"2022-04-12 04:16:19 +0000 (Tue, 12 Apr 2022)");
script_version("2024-02-02T14:37:51+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:51 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-11-10 17:14:00 +0000 (Tue, 10 Nov 2020)");
script_name("SUSE: Security Advisory (SUSE-SU-2022:1148-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP3|SLES15\.0SP4|SLES15\.0|SLES15\.0SP1|SLES15\.0SP2)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2022:1148-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2022/suse-su-20221148-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'libexif' package(s) announced via the SUSE-SU-2022:1148-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for libexif fixes the following issues:
CVE-2020-0181: Fixed an integer overflow that could lead to denial of
service (bsc#1172802).
CVE-2020-0198: Fixed and unsigned integer overflow that could lead to
denial
of service (bsc#1172768).
CVE-2020-0452: Fixed a buffer overflow check that could be optimized
away by the compiler (bsc#1178479).");
script_tag(name:"affected", value:"'libexif' package(s) on SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, SUSE Enterprise Storage 7, SUSE Linux Enterprise High Performance Computing 15, SUSE Linux Enterprise High Performance Computing 15-SP1, SUSE Linux Enterprise High Performance Computing 15-SP2, SUSE Linux Enterprise Module for Desktop Applications 15-SP3, SUSE Linux Enterprise Module for Desktop Applications 15-SP4, SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3, SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4, SUSE Linux Enterprise Realtime Extension 15-SP2, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server 15-SP2, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Linux Enterprise Server for SAP 15-SP2, SUSE Manager Proxy 4.1, SUSE Manager Retail Branch Server 4.1, SUSE Manager Server 4.1.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"libexif-debugsource", rpm:"libexif-debugsource~0.6.22~150000.5.9.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif-devel", rpm:"libexif-devel~0.6.22~150000.5.9.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif12", rpm:"libexif12~0.6.22~150000.5.9.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif12-debuginfo", rpm:"libexif12-debuginfo~0.6.22~150000.5.9.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif12-32bit", rpm:"libexif12-32bit~0.6.22~150000.5.9.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif12-32bit-debuginfo", rpm:"libexif12-32bit-debuginfo~0.6.22~150000.5.9.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP4") {
if(!isnull(res = isrpmvuln(pkg:"libexif-debugsource", rpm:"libexif-debugsource~0.6.22~150000.5.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif-devel", rpm:"libexif-devel~0.6.22~150000.5.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif12", rpm:"libexif12~0.6.22~150000.5.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif12-debuginfo", rpm:"libexif12-debuginfo~0.6.22~150000.5.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif12-32bit", rpm:"libexif12-32bit~0.6.22~150000.5.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif12-32bit-debuginfo", rpm:"libexif12-32bit-debuginfo~0.6.22~150000.5.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0") {
if(!isnull(res = isrpmvuln(pkg:"libexif-debugsource", rpm:"libexif-debugsource~0.6.22~150000.5.9.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif-devel", rpm:"libexif-devel~0.6.22~150000.5.9.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif12", rpm:"libexif12~0.6.22~150000.5.9.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif12-debuginfo", rpm:"libexif12-debuginfo~0.6.22~150000.5.9.1", rls:"SLES15.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"libexif-debugsource", rpm:"libexif-debugsource~0.6.22~150000.5.9.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif-devel", rpm:"libexif-devel~0.6.22~150000.5.9.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif12", rpm:"libexif12~0.6.22~150000.5.9.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif12-debuginfo", rpm:"libexif12-debuginfo~0.6.22~150000.5.9.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"libexif-debugsource", rpm:"libexif-debugsource~0.6.22~150000.5.9.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif-devel", rpm:"libexif-devel~0.6.22~150000.5.9.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif12", rpm:"libexif12~0.6.22~150000.5.9.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libexif12-debuginfo", rpm:"libexif12-debuginfo~0.6.22~150000.5.9.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
oraclelinux
oraclelinux
libexif security update
2020-12-14 00:00:00
libexif security update
2020-12-15 00:00:00
libexif security, bug fix, and enhancement update
2020-11-10 00:00:00
gentoo
gentoo
libexif: Multiple vulnerabilities
2020-11-16 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: libexif-0.6.22-3.fc33
2020-11-14 01:13:14
[SECURITY] Fedora 32 Update: libexif-0.6.22-2.fc32
2020-11-25 01:42:52
nessus
nessus
SUSE SLED15 / SLES15 Security Update : libexif (SUSE-SU-2022:1148-1)
2022-04-12 00:00:00
Fedora 33 : libexif (2020-e99ef3282f)
2020-11-17 00:00:00
Fedora 32 : libexif (2020-0aa0fc1b0c)
2020-11-25 00:00:00
openvas
openvas
Fedora: Security Advisory for libexif (FEDORA-2020-e99ef3282f)
2020-11-14 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1168-1)
2022-04-13 00:00:00
Fedora: Security Advisory for libexif (FEDORA-2020-0aa0fc1b0c)
2020-11-26 00:00:00
veracode
veracode
Integer Overflow
2020-06-11 07:19:35
Denial Of Service (DoS)
2020-06-19 05:24:52
Arbitrary Code Execution
2020-12-15 15:05:52
cvelist
cvelist
prion
prion
Integer overflow
2020-06-11 15:15:00
Integer overflow
2020-06-11 15:15:00
Integer overflow
2020-11-10 13:15:00
redhatcve
redhatcve
cve
cve
nvd
nvd
ubuntucve
ubuntucve
debiancve
debiancve
alpinelinux
alpinelinux
CVE-2020-0198
2020-06-11 15:15:16
CVE-2020-0452
2020-11-10 13:15:12
mageia
mageia
Updated libexif packages fix security vulnerability
2020-07-05 01:47:21
Updated libexif packages fix a security vulnerability
2020-11-15 18:45:05
cloudfoundry
cloudfoundry
USN-4624-1: libexif vulnerability | Cloud Foundry
2021-02-10 00:00:00
USN-4396-1: libexif vulnerabilities | Cloud Foundry
2020-06-24 00:00:00
osv
osv
Important: libexif security update
2020-12-14 11:19:49
Important: libexif security update
2020-12-14 11:19:49
libexif - security update
2020-11-08 00:00:00
ubuntu
ubuntu
libexif vulnerability
2020-11-10 00:00:00
libexif vulnerabilities
2020-06-16 00:00:00
debian
debian
[SECURITY] [DLA 2439-1] libexif security update
2020-11-07 13:53:40
[SECURITY] [DSA 4786-1] libexif security update
2020-11-08 15:03:34
[SECURITY] [DLA 2249-1] libexif security update
2020-06-13 16:11:08
amazon
amazon
Important: libexif
2021-01-05 23:34:00
rocky
rocky
libexif security update
2020-12-14 11:19:49
centos
centos
libexif security update
2021-02-27 14:19:00
almalinux
almalinux
Important: libexif security update
2020-12-14 11:19:49
redhat
redhat
(RHSA-2020:5396) Important: libexif security update
2020-12-14 11:20:09
(RHSA-2020:5394) Important: libexif security update
2020-12-14 11:19:56
(RHSA-2020:5393) Important: libexif security update
2020-12-14 11:19:49
androidsecurity
androidsecurity
Pixel Update BulletinβJune 2020
2020-06-01 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.133
Percentile
95.7%
Related for OPENVAS:13614125623114202211481