drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in LibRaw
Name: |
Denial of Service in LibRaw |
|
ID: |
USN-1964-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 |
|
Datum: |
Di, 24. September 2013, 09:10 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1439 |
|
Applikationen: |
LibRaw |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6751095775986327110== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="p9DpcTI7Fp1CVPHUg6bMKw4ba2wdDr6fN"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --p9DpcTI7Fp1CVPHUg6bMKw4ba2wdDr6fN Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1964-1 September 23, 2013
libraw vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS
Summary:
LibRaw could be made to crash if it opened a specially crafted file.
Software Description: - libraw: raw image decoder library
Details:
It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against LibRaw could be made to crash, resulting in a denial of service. (CVE-2013-1438, CVE-2013-1439)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.04: libraw5 0.14.7-0ubuntu1.13.04.2
Ubuntu 12.10: libraw5 0.14.7-0ubuntu1.12.10.2
Ubuntu 12.04 LTS: libraw5 0.14.4-0ubuntu2.2
After a standard system update you need to restart your session to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1964-1 CVE-2013-1438, CVE-2013-1439
Package Information: https://launchpad.net/ubuntu/+source/libraw/0.14.7-0ubuntu1.13.04.2 https://launchpad.net/ubuntu/+source/libraw/0.14.7-0ubuntu1.12.10.2 https://launchpad.net/ubuntu/+source/libraw/0.14.4-0ubuntu2.2
--p9DpcTI7Fp1CVPHUg6bMKw4ba2wdDr6fN Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJSQINdAAoJEGVp2FWnRL6TXH8P/j+HwzUaxkrghx3rsmuxkRFx u86ogNjtNy0Tpc+dhloOWFQi9BBsW9gFZBGIqt8GJ0P28nf+/378kGQSOzDrHV2P hi1/xpDkxtsAzVzATA2yDnnTqItyOheXG9wTpLf9pX7Q9eHYDhAHe4OpJz9YK00A mcm+3gHpwxz5dt+NA+kqj86kWvzv1tc4azPkxxsp/zPfWWKR0AkiqenAlbtNwzpS Bmwse9nsri+EYWubeNYnZcoUV6iwymhQtaxKpEI/zJH+OtzSnxj7X0R4lw07sXYv +aYUcIyMi07gH3Rt5V/ElSqit1YOAUW/ybDob8m/BFdN2GKqvS7DorMUDlYJsvqS yePUCgPvCsjb0xLUMbsiMncbrU3cV563WXDj3qixyFe2cYXtw9ilUs9MLQvyicbL AVUuTsQknipYy+TrUDeWG6xn89SIrdIGejd/BvyC5bSijlO51A7ilYhfDaO8/zA2 6/T5ZLH+i2B0cXuVsEkcnpH8CRAlVXg/DI8YvSVc2CltSgr5tUnteqViLRM6KbU3 mmxgIYabKgerEcL3+0JObEDcKLOcjjz5i8q+K2lOh6yoqG0f//OH/tLDIDITx+iY D/yrP2iC1YkOJwPKsTUoldg2fxZ+1yusxxlEEPLsdRZkEqs8LamTHbDjyDPs+P5f 3E32joMIKLNxt/t1/Ceo =7rrN -----END PGP SIGNATURE-----
--p9DpcTI7Fp1CVPHUg6bMKw4ba2wdDr6fN--
--===============6751095775986327110== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6751095775986327110==--
|
|
|
|