Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Exiv2
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Exiv2
ID: USN-4964-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, Ubuntu 21.04, Ubuntu 16.04 ESM
Datum: Di, 25. Mai 2021, 21:35
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29623
Applikationen: ExiV2

Originalnachricht


--===============0904097719112264748==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="T4sUOijqQbZv57TR"
Content-Disposition: inline


--T4sUOijqQbZv57TR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4964-1
May 25, 2021

exiv2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.04
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in Exiv2.

Software Description:
- exiv2: EXIF/IPTC/XMP metadata manipulation tool

Details:

It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04.
(CVE-2021-29463)

It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04.
(CVE-2021-29464)

It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-29473, CVE-2021-32617)

It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04.
(CVE-2021-29623)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
exiv2 0.27.3-3ubuntu1.3
libexiv2-27 0.27.3-3ubuntu1.3

Ubuntu 20.10:
exiv2 0.27.3-3ubuntu0.4
libexiv2-27 0.27.3-3ubuntu0.4

Ubuntu 20.04 LTS:
exiv2 0.27.2-8ubuntu2.4
libexiv2-27 0.27.2-8ubuntu2.4

Ubuntu 18.04 LTS:
exiv2 0.25-3.1ubuntu0.18.04.9
libexiv2-14 0.25-3.1ubuntu0.18.04.9

Ubuntu 16.04 ESM:
exiv2 0.25-2.1ubuntu16.04.7+esm2
libexiv2-14 0.25-2.1ubuntu16.04.7+esm2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-4964-1
CVE-2021-29463, CVE-2021-29464, CVE-2021-29473, CVE-2021-29623,
CVE-2021-32617

Package Information:
https://launchpad.net/ubuntu/+source/exiv2/0.27.3-3ubuntu1.3
https://launchpad.net/ubuntu/+source/exiv2/0.27.3-3ubuntu0.4
https://launchpad.net/ubuntu/+source/exiv2/0.27.2-8ubuntu2.4
https://launchpad.net/ubuntu/+source/exiv2/0.25-3.1ubuntu0.18.04.9

--T4sUOijqQbZv57TR
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmCtFlwACgkQRbznW4QL
H2ke4g/+I21kqbMouV+pFnFbChM0rLWFN8gydSw09HE3inJhe6f0lovfn8Y3RW3g
3Jvqt5BK3oYFh7Z8TRh3zbEyn1o0QsAfQU9nTmST0vk0LC0f0GesF2eE0h9HQiQk
nmG1gkvpsOQwuZoAmNbo445nRRuhivJL2AGx/vflRgHUBJPYMSFk7HqQpvRGnsYg
EMgXNLEZgY4TwPF/7bABwx3LV/kQXr+zKf3+7awzg6E9JZLxuqTsrqh/Chxn/+s2
nsrddl8/PVR13D1E3HdgFZw0JaCXov4DcNcJAzuANXdrc5/eW0ossLpIUmqv0W+8
76YATA0r48dmf0xJz+i8dsJYMo1u9qaT+ewdhjhlKMALqszfQXwoSCZhyCN4dCak
x4xM3rlSvJFAm8DNi8GuKQje7y3J/vz5QhG8FIcawsZfrTLpnRyipi6kxH7eWxh8
6GBTyMQfXT2zTUKmt8ZFOAbkU3W/EvoWPaOWI2GmgcJU5tP007LBgpi2+0BERB6p
SLJa0xnPegVLC6kX2veoJn0eap4Vdl0EN2n+tZsLU73nU2+HPRqTMlNYOvqOz+1M
vqcEM+ziBGomDdq1XVvMB69AYHBfMUIVDhF9L97JKKAVx8Ruq20zkKj2OulS6HYk
tGU0NVhJJUEEeAHqPHJl45gaO3Ul2hePkkZU6tFOt/XJz++behQ=
=9Hmx
-----END PGP SIGNATURE-----

--T4sUOijqQbZv57TR--


--===============0904097719112264748==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung