Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Denial of Service in ExiV2
Aktuelle Meldungen Distributionen
Name: Denial of Service in ExiV2
ID: USN-2454-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.10
Datum: Mi, 7. Januar 2015, 21:40
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9449

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============3288968411596515414==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="ADTs9lajKxKCkkvdxxPNQCNupLsjI6HRG"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ADTs9lajKxKCkkvdxxPNQCNupLsjI6HRG
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2454-1
January 07, 2015

exiv2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10

Summary:

Exiv2 could be made to crash if it opened a specially crafted file.

Software Description:
- exiv2: EXIF/IPTC metadata manipulation tool

Details:

It was discovered that Exiv2 incorrectly handled certain tag values in
video files. If a user or automated system were tricked into opening a
specially-crafted video file, a remote attacker could cause Exiv2 to crash,
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
libexiv2-13 0.24-2ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2454-1
CVE-2014-9449

Package Information:
https://launchpad.net/ubuntu/+source/exiv2/0.24-2ubuntu1.1



--ADTs9lajKxKCkkvdxxPNQCNupLsjI6HRG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUrX5VAAoJEGVp2FWnRL6TwTUP/Ay0untC/uLu+OS0YjppjaVS
1Q29s1UK/7PtIlFGbACb/4CrWwVPvMDtoEE2I+zvU91mWoWhxK2aRCr0/8vZmfNw
7rR79bgzq9QExHASb6gKlONstFnrSQNIOZPDKWa6F8FpE0bMo4N7F9imQzP6kmAZ
b0huo6vyivhRthiJwB4qSozMYl2QEahYCKGONjvE8N5e5CLTW75aT6A7JvNzWAIr
MYsPIiJTBL5SW24D2PidVt5JFd/4t3IsccYj/lMQv7la8JB5SofR6dJJtylXYouv
Tmg/KNk1wiSUFKWW5d/PRRW3RVxAgunF7i8GoVhfyYvixR9BFjZb0+vnv69ifIpl
EOSUDx7wt2iOeriWkBaWm+d+MW+FEYs6rG2wfXj253sEEoBX+bTuRZfHiQT/Sk0m
mcta2a4QdtsOfDD/a1uIYnPprGsy/Cbvsk3nc7fa0NoAkbVL2nHDyN+tXRC6Tais
wEQnBhtEw4n9SgWyM83afTWCrnCArEgWpD8ccbu2tckmI6p3ciSb30VzGomJpcK8
El2svmkeMiuXh4jUbqeAAbmr3YdXTJXSUbKmlcmqe/NTIFvfrI7kahEBkyyhdq1h
C5Wqpxl48uwDbAPTGX/sHyX42iMnONsRoFxnIaQjV+QctHyVpR1mjyIA5cIMa4iS
mfD8M6ArtgunkbQFhlj6
=STfH
-----END PGP SIGNATURE-----

--ADTs9lajKxKCkkvdxxPNQCNupLsjI6HRG--


--===============3288968411596515414==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============3288968411596515414==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung