Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in libexif
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in libexif
ID: USN-4358-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 12.04 ESM, Ubuntu 18.04 LTS, Ubuntu 14.04 ESM, Ubuntu 19.10, Ubuntu 20.04 LTS
Datum: Do, 14. Mai 2020, 07:29
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767
Applikationen: libexif

Originalnachricht


--===============5806064032341926234==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="mojUlQ0s9EVzWg2t"
Content-Disposition: inline


--mojUlQ0s9EVzWg2t
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4358-1
May 13, 2020

libexif vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in libexif.

Software Description:
- libexif: library to parse EXIF files

Details:

It was discovered that libexif incorrectly handled certain tags.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-20030)

It was discovered that libexif incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash.
(CVE-2020-12767)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libexif12 0.6.21-6ubuntu0.1

Ubuntu 19.10:
libexif12 0.6.21-5.1ubuntu0.2

Ubuntu 18.04 LTS:
libexif12 0.6.21-4ubuntu0.2

Ubuntu 16.04 LTS:
libexif12 0.6.21-2ubuntu0.2

Ubuntu 14.04 ESM:
libexif12 0.6.21-1ubuntu1+esm2

Ubuntu 12.04 ESM:
libexif12 0.6.20-2ubuntu0.3

After a standard system update you need to restart your session to
effect the necessary changes.

References:
https://usn.ubuntu.com/4358-1
CVE-2018-20030, CVE-2020-12767

Package Information:
https://launchpad.net/ubuntu/+source/libexif/0.6.21-6ubuntu0.1
https://launchpad.net/ubuntu/+source/libexif/0.6.21-5.1ubuntu0.2
https://launchpad.net/ubuntu/+source/libexif/0.6.21-4ubuntu0.2
https://launchpad.net/ubuntu/+source/libexif/0.6.21-2ubuntu0.2

--mojUlQ0s9EVzWg2t
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl68QJgACgkQRbznW4QL
H2ln6hAAgszn+JnQbf1Q4rPp0xNLphvFforsIbCpJRLcacsz2xGeUIl3/itDRXku
ud0ABuo/hiJ+NsrvcYlpMBmPRBSuEDchNG79OMwzhI6dmBkAFcaQCFGcGCl9IVXA
OBfXiipXCUwJ+uOQWFgFbeqwMcdY5ps1WdeHX7S6kLHOrnQ2y7EiRk8KN7hC8T+K
5r5YcA2B7+kveDSHReS7KSdZvi8d3XBXnrkPd9QOhEkRkn1y5gf5xgLXUfqan5Wk
5E6Msh3Kx3ZU6NDTOSuv0BJ2m36Qz+VFM6+FwEB00h9D49LWNd2gJehsoNq65Ja6
9T30z2t9Z2O/47yqQy4HXuiF404k+CaO3RCY/CEmis3XG9By3Mx61DnmC4mvaDCN
Sqffdn0zKX4ESJSd9JNGktb5sSpH5ZgzNtPTsHwvGe9Y6PB15T+kLpIZnIN/wPSd
kawssXMBSGCfTK91ad5skS6Fx7q7E7juW1dFtj5Hnrr37ic9zmd01mstHkOed2m7
dUGQwVTh//1bfEtXuMWOAOedDfZObUn1c/BxLrggIgerWZ8N+JCqT7nT5G8jXcx6
NrKBU9IjegeH0leT/CKk7d0L7VYEHMHXZdgStsIxx4zMdsGuZCWFqt3SIv7XmUC2
4DaArlpF+ex+1eYnQD2axGgxyvIV/UL49KzHQsXMdMtHSkVfdS8=
=YIgV
-----END PGP SIGNATURE-----

--mojUlQ0s9EVzWg2t--


--===============5806064032341926234==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung