Denial of Service in libKDcraw
ID: | USN-1978-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 12.04 LTS |
Datum: | Di, 1. Oktober 2013, 08:00 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1439 |
Applikationen: | LibRaw |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============7313972783801966918== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="GK7hxQ79kNtMvkb1Q0FH6XMOBh9shW4HV" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GK7hxQ79kNtMvkb1Q0FH6XMOBh9shW4HV Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-1978-1 September 30, 2013 libkdcraw vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: libKDcraw could be made to crash if it opened a specially crafted file. Software Description: - libkdcraw: RAW picture decoding library Details: It was discovered that libKDcraw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against libKDcraw could be made to crash, resulting in a denial of service. (CVE-2013-1438, CVE-2013-1439) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libkdcraw20 4:4.8.5-0ubuntu0.3 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1978-1 CVE-2013-1438, CVE-2013-1439 Package Information: https://launchpad.net/ubuntu/+source/libkdcraw/4:4.8.5-0ubuntu0.3 --GK7hxQ79kNtMvkb1Q0FH6XMOBh9shW4HV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCgAGBQJSSbPLAAoJEGVp2FWnRL6TRc0P/0sBzeo+DGPxG7NFHH0d0mdQ KX5bZ1ZfzAng/tdD094xNWv1/qYwDoD33wp0AJRswSYHZspp/DFCVjhI46spPO4m 7n5LKBBjOvQQX1e543jvNhRiPKkI64x2y+o20/A+Inog8JgipkaW8Nch9cgaD27V 42/k4CHXYPH4D8feXaSIrhshOugpk1UVz+SoqzTjQbnlQxdRgPBAfvT/sn70LTZt PuDltn2M8SoqpfRDojOvdg5Wfz8W0ghVSag3aFXUfbMPKpr7zixClx3UIQO3yQMk acD3dh9eKphw2NAkBOgnzEMQsQ9NCN2jmjr3VZ2jKnh+CDP6kD9Mt6FQeaA1MnXq DuM5nsw1+sD1uWZ2kwCGy60DeyAPufUgyqOCkZ8p8R6f1GcS+XpvGSAOzJOmi+t0 yomMtVwPeqjqnG4DXAaAyjY6FCzmxqR7HLa8CH63aEzSt4xuNRCAu8WvEfrXg8SV p/t+Tqcxh6bO14pOcZ3AM6zhRka5y3Lp3E9b81tcF/AOWj45W1q7Jk29JTjV2NRk m4O+KFCe4vblY/Ifzzk2O6xieKIXhjS4Zcr5I6LSqbC347Zjme7vbW5lALsRzsJn u6Cftt/MXoDM3TjZFxFIup1DqZIjwrLkiL0WPfAUPLn90TmsypAx5qLhAF3RR49z GRK4PVpeEp39Z2LvsRXS =/F5T -----END PGP SIGNATURE----- --GK7hxQ79kNtMvkb1Q0FH6XMOBh9shW4HV-- --===============7313972783801966918== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============7313972783801966918==-- |