Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Jhead
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Jhead
ID: USN-6110-1
Distribution: Ubuntu
Plattformen: Ubuntu 22.10, Ubuntu 23.04, Ubuntu 16.04 LTS (Available with Ubuntu Pro), Ubuntu 14.04 LTS (Available with Ubuntu Pro), Ubuntu 22.04 LTS (Available with Ubuntu Pro), Ubuntu 20.04 LTS (Available with Ubuntu Pro), Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Datum: Mo, 29. Mai 2023, 20:34
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28275
Applikationen: Jhead

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============3734000309993874941==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------gp0MU2PA5ClmC14tp9uDkUDw"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------gp0MU2PA5ClmC14tp9uDkUDw
Content-Type: multipart/mixed;
boundary="------------el8SKvtQ0BWXJba3wu8HLixO";
protected-headers="v1"
From: George-Andrei Iosif <andrei.iosif@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <5993cc93-71b0-4d76-377a-5997e07a0d05@canonical.com>
Subject: [USN-6110-1] Jhead vulnerabilities

--------------el8SKvtQ0BWXJba3wu8HLixO
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-6110-1
May 29, 2023

Jhead vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Jhead could be made to crash if it opened a specially crafted
file.

Software Description:
- jhead: Manipulate the non-image part of Exif compliant JPEG files

Details:

It was discovered that Jhead did not properly handle certain crafted Canon
images when processing them. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. (CVE-2021-3496)

It was discovered that Jhead did not properly handle certain crafted images
when printing Canon-specific information. An attacker could possibly use this
issue to crash Jhead, resulting in a denial of service. (CVE-2021-28275)

It was discovered that Jhead did not properly handle certain crafted images
when removing unknown sections. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. (CVE-2021-28275)

Kyle Brown discovered that Jhead did not properly handle certain crafted
images when editing their comments. An attacker could possibly use this to
crash Jhead, resulting in a denial of service. (LP: #2020068)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
jhead 1:3.06.0.1-6ubuntu0.23.04.1

Ubuntu 22.10:
jhead 1:3.06.0.1-2ubuntu0.22.10.2

Ubuntu 22.04 LTS (Available with Ubuntu Pro):
jhead 1:3.06.0.1-2ubuntu0.22.04.1+esm1

Ubuntu 20.04 LTS (Available with Ubuntu Pro):
jhead 1:3.04-1ubuntu0.2+esm1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
jhead 1:3.00-8~ubuntu0.2+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
jhead 1:3.00-4+deb9u1ubuntu0.1~esm3

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
jhead 1:2.97-1+deb8u2ubuntu0.1~esm3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6110-1
CVE-2021-28275, CVE-2021-28277, CVE-2021-3496, https://launchpad.net/bugs/2020068

Package Information:
https://launchpad.net/ubuntu/+source/jhead/1:3.06.0.1-6ubuntu0.23.04.1
https://launchpad.net/ubuntu/+source/jhead/1:3.06.0.1-2ubuntu0.22.10.2
--------------el8SKvtQ0BWXJba3wu8HLixO--

--------------gp0MU2PA5ClmC14tp9uDkUDw
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEpKqpkQAkAR5yjWA5Q7QUAAL94v8FAmR0dDMFAwAAAAAACgkQQ7QUAAL94v9M
eA/9FN30ZP+Whwltx3+CEXrrkoHfvZ5xOUdToULfbfuFpukBB6N/UbgvclmAASxYZQvbi0b39OdI
DOc9t/DgtspIPYvwyAxoxm2zEzY5IU33tSsh1EBrgIjPEawzWUyvCYSSrm87tNPJlkzE8cmdS870
CTGl0rH1Okfoihkw1OrIbCZEV5JW60epbrE38QNz4/viOPSuhjnMa+x7kyJLRxp9fqInx/pqAUNv
2qw8ZD5aSxrKpjtGyu4CXKeLkSrv90zfC67iJG+sZYwBmtz5NhXvHrJ7RPKA5cQSFP2hDL/vvqA9
d9/FFOKP9Ft3pLzVcp8+N+gUGLACF4r2AjmGDoTwGSfJSVK1Qc+g9ppBD2YTxOXRqZYnwa1REoU3
ID0V9kF9m26EDXxt5o719scW9vMr/o9Pywfjqlvi7NL0hKHsTM1tgHAhNVu/OGtjDnbwfGO6P8wZ
4jR15v+rp+cDBJA1yxGx6rgeYmfnlRYXcmOuEKPc+s77+pJTnyUxonNXTB9FdZFT7hMuoVztKtPM
dE3dUFco++tRnyjOoV4OA+ov9bpFttHxHVqrc6Nta2JSGm6xTW8ztIxMoYy6npCtdf+oLPTkXOps
XQgRyRnniA/m3cks5tPhmLfCPJqvr/COgi8QKFcfuXyogt2GNOura/pir1NPjJMhicZIQsDsdj7b
G+Y=
=KY/R
-----END PGP SIGNATURE-----

--------------gp0MU2PA5ClmC14tp9uDkUDw--


--===============3734000309993874941==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============3734000309993874941==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung