drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in libimage-exiftool-perl
Name: |
Ausführen beliebiger Kommandos in libimage-exiftool-perl |
|
ID: |
DSA-4910-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian buster |
|
Datum: |
Mo, 3. Mai 2021, 23:05 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204 |
|
Applikationen: |
libimage-exiftool-perl |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4910-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 02, 2021 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : libimage-exiftool-perl CVE ID : CVE-2021-22204 Debian Bug : 987505
A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed.
For the stable distribution (buster), this problem has been fixed in version 11.16-1+deb10u1.
We recommend that you upgrade your libimage-exiftool-perl packages.
For the detailed security status of libimage-exiftool-perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libimage-exiftool-perl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCOyWRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QSRhAAlITZKY+WtOmQR5elCvjXIOcycvrwGKm8ptxJM2E0Pus4+lggJmhwW9Hs ovTZdNOB+Ko8hEo4uJ6sjijQsSBgxcWQZBmcGZg9tve16tXpg6s85H66PGVQ2fY3 3NT639j4VgJdw8qpGQNJYm1WqXZYydMFwxgxyn++fEJ+ZZxCQYVFkhPsWaIsBenV drN8HKYhpN0tnTFMudlQV2DZgNz6HWw/CcQAIPzzhfe0W3WaFDSaVv+Hj4UxQmmE /uOx1Q15nnh5pEiFSit03Ar4aLCJ5HinheW93P/i5kLtFk+Z00Kg43oMizgvUuZQ BDu2hsFLFtjJTfdO34UP5V/En2BAavicbjjzl2WnMLx6gFigIz9rjlAswDSQswx4 naLkOwaAllAse4FzHC9ShC4/Rwh9gY1LflAHg0qBZEugR+oEZUoLqqJMQKGODdec q7mWUMrndue+zEWy8+4WlvJr/LQbkecTO0/hH/+PPtZvfTyHGrr6LgGnfxXPJ2s1 k0X+L92dJXnpOnLgCxvWdONdPU7yc6W5QgVqOmOB+N7Pm8koi8G9lDUSO2YuIDvz hFUTBeOSzBrov/BLZQSYfkaVNxy8dR9Lr7q0JDLnSgrX8KejpHbYPyUhH/U/K338 4QLBiZ5Acl4lNaQG0F4TGJRtDlgWesNcoUCstT5VoRnE7EVEOmQ= =YBu5 -----END PGP SIGNATURE-----
|
|
|
|