Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in libimage-exiftool-perl
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in libimage-exiftool-perl
ID: DSA-4910-1
Distribution: Debian
Plattformen: Debian buster
Datum: Mo, 3. Mai 2021, 23:05
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204
Applikationen: libimage-exiftool-perl

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4910-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 02, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libimage-exiftool-perl
CVE ID : CVE-2021-22204
Debian Bug : 987505

A vulnerability was discovered in libimage-exiftool-perl, a library and
program to read and write meta information in multimedia files, which
may result in execution of arbitrary code if a malformed DjVu file is
processed.

For the stable distribution (buster), this problem has been fixed in
version 11.16-1+deb10u1.

We recommend that you upgrade your libimage-exiftool-perl packages.

For the detailed security status of libimage-exiftool-perl please refer
to its security tracker page at:
https://security-tracker.debian.org/tracker/libimage-exiftool-perl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCOyWRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QSRhAAlITZKY+WtOmQR5elCvjXIOcycvrwGKm8ptxJM2E0Pus4+lggJmhwW9Hs
ovTZdNOB+Ko8hEo4uJ6sjijQsSBgxcWQZBmcGZg9tve16tXpg6s85H66PGVQ2fY3
3NT639j4VgJdw8qpGQNJYm1WqXZYydMFwxgxyn++fEJ+ZZxCQYVFkhPsWaIsBenV
drN8HKYhpN0tnTFMudlQV2DZgNz6HWw/CcQAIPzzhfe0W3WaFDSaVv+Hj4UxQmmE
/uOx1Q15nnh5pEiFSit03Ar4aLCJ5HinheW93P/i5kLtFk+Z00Kg43oMizgvUuZQ
BDu2hsFLFtjJTfdO34UP5V/En2BAavicbjjzl2WnMLx6gFigIz9rjlAswDSQswx4
naLkOwaAllAse4FzHC9ShC4/Rwh9gY1LflAHg0qBZEugR+oEZUoLqqJMQKGODdec
q7mWUMrndue+zEWy8+4WlvJr/LQbkecTO0/hH/+PPtZvfTyHGrr6LgGnfxXPJ2s1
k0X+L92dJXnpOnLgCxvWdONdPU7yc6W5QgVqOmOB+N7Pm8koi8G9lDUSO2YuIDvz
hFUTBeOSzBrov/BLZQSYfkaVNxy8dR9Lr7q0JDLnSgrX8KejpHbYPyUhH/U/K338
4QLBiZ5Acl4lNaQG0F4TGJRtDlgWesNcoUCstT5VoRnE7EVEOmQ=
=YBu5
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung