drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in libexif
Name: |
Mehrere Probleme in libexif |
|
ID: |
DSA-2559-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian squeeze, Debian wheezy |
|
Datum: |
Do, 18. Oktober 2012, 08:08 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841 |
|
Applikationen: |
libexif |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-2559-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 11, 2012 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : libexif Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 Debian Bug : 681454
Several vulnerabilities were found in libexif, a library used to parse EXIF meta-data on camera files.
CVE-2012-2812: A heap-based out-of-bounds array read in the exif_entry_get_value function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags.
CVE-2012-2813: A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8 function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags.
CVE-2012-2814: A buffer overflow in the exif_entry_format_value function allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags.
CVE-2012-2836: A heap-based out-of-bounds array read in the exif_data_load_data function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags.
CVE-2012-2837: A divide-by-zero error in the mnote_olympus_entry_get_value function while formatting EXIF maker note tags allows remote attackers to cause a denial of service via an image with crafted EXIF tags.
CVE-2012-2840: An off-by-one error in the exif_convert_utf16_to_utf8 function allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags.
CVE-2012-2841: An integer underflow in the exif_entry_get_value function can cause a heap overflow and potentially arbitrary code execution while formatting an EXIF tag, if the function is called with a buffer size parameter equal to zero or one.
For the stable distribution (squeeze), these problems have been fixed in version 0.6.19-1+squeeze1.
For the testing distribution (wheezy), these problems have been fixed in version 0.6.20-3.
For the unstable distribution (sid), these problems have been fixed in version 0.6.20-3.
We recommend that you upgrade your libexif packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQfvyyAAoJEDBVD3hx7wuokjIP/0GYTVVQxdJ2w5m9aESs9hD+ qzmGxqMCga1XrL14scr6gvX6X2sDSc6Bbt8OKGz+ZCgGh3D9HTsd/YGxlHhJ4rhw /jCpwFPlJrrkWRmgj2dCgPQg5aAXs8YJTkYLBu2Qg9DZD/6D8WBeZGQnw9+hIF72 XTWOT9KHn5AXZcJBsz2Aln4HRCfP1zYZbCtvltvtU9i9eQ+Y366mnZf19xyxPNgD cAf/8y5c4sJiCd5HOQbA09gCXGWEJJ34HSGUV1bjNQ1gkRVaJDVwDdaqkPn+ZtGH Q2l61kpzrL2M8XSGbwuxsjRIo+3eZINnwCN6QayCwg5PYwF7gUfnQrbi2yFTBjJI pVooUNbsNA1nrw6AVLyQR3PHFcs/AfEsH7V0WLOiFnun2oIf6PaKCpJq0ZDRT/Bd oGiCFB/EOpjk0Tp4dK8iRNqu5lnV5zKtmlTAe/8aS5QBJl+lO0m8kIL0TsNeECza du3/kIbDaQeThie//fwnStRmmPCWjMHVZeIkO7tkckFUBs985Azn4P5kaJWhBQBa iClvJofkKJne9URZ1QpSSNQxyZDkmK2pjeHYKT3mve5wlkjJzKPj1VOV5Q2GSo5P D4DjEVEVrfz1MUVAVJn26+EH3vORsiAOPlH4KvIY0IRk9/WBF9MiWhIBxBu4QSAF oRBmddwCK1BeXh9VR6X9 =Fb7l -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/20121017184511.A83916D4@scapa.corsac.net
|
|
|
|