drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in exiv2
Name: |
Zwei Probleme in exiv2 |
|
ID: |
USN-655-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 7.04, Ubuntu 7.10, Ubuntu 8.04 LTS |
|
Datum: |
Mi, 15. Oktober 2008, 04:32 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2696 |
|
Applikationen: |
ExiV2 |
|
Originalnachricht |
--===============4248714065003176783== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qoTlaiD+Y2fIM3Ll" Content-Disposition: inline
--qoTlaiD+Y2fIM3Ll Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-655-1 October 15, 2008 exiv2 vulnerabilities CVE-2007-6353, CVE-2008-2696 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 7.04: libexiv2-0.12 0.12-0ubuntu2.1
Ubuntu 7.10: libexiv2-0 0.15-1ubuntu2.1
Ubuntu 8.04 LTS: libexiv2-2 0.16-3ubuntu1.1
After a standard system upgrade you need to restart your session to effect the necessary changes.
Details follow:
Meder Kydyraliev discovered that exiv2 did not correctly handle certain EXIF headers. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service, or possibly executing arbitrary code with user privileges. (CVE-2007-6353)
Joakim Bildrulle discovered that exiv2 did not correctly handle Nikon lens EXIF information. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service. (CVE-2008-2696)
Updated packages for Ubuntu 7.04:
Source archives:
exiv2_0.12-0ubuntu2.1.diff.gz Size/MD5: 32108 881ecd361df315c9f9ae3eef6697d4c1 exiv2_0.12-0ubuntu2.1.dsc Size/MD5: 816 734b5975b4cebbdbb186b3cb4cbcbf12 http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/exiv2_0.12.orig.tar.gz Size/MD5: 2359138 a97a4e489df7ec99458e3e33b506c3e6
Architecture independent packages:
libexiv2-doc_0.12-0ubuntu2.1_all.deb Size/MD5: 1735332 f37635e5c13f681e812d919f30eb204d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
libexiv2-0.12_0.12-0ubuntu2.1_amd64.deb Size/MD5: 320666 c65dd9bb0ab46b55d185408deeecba6c libexiv2-dev_0.12-0ubuntu2.1_amd64.deb Size/MD5: 589930 824529b76088c4c520fa726a81f45cd4 exiv2_0.12-0ubuntu2.1_amd64.deb Size/MD5: 78012 98d8308fd26e87cb1543561e8c432ade
i386 architecture (x86 compatible Intel/AMD):
libexiv2-0.12_0.12-0ubuntu2.1_i386.deb Size/MD5: 312622 36d00e09f5b4ec5d1afe935295fd5877 libexiv2-dev_0.12-0ubuntu2.1_i386.deb Size/MD5: 540124 646eae0ccb60a6de683a6168b23a645c exiv2_0.12-0ubuntu2.1_i386.deb Size/MD5: 76178 9720daedc000922a0dcc281a87258b0b
powerpc architecture (Apple Macintosh G3/G4/G5):
libexiv2-0.12_0.12-0ubuntu2.1_powerpc.deb Size/MD5: 344604 a9056c6871b35ad37edaa7d43fe01e77 libexiv2-dev_0.12-0ubuntu2.1_powerpc.deb Size/MD5: 615756 21316c2dd7a54cee1c2ab33ae5782cbe exiv2_0.12-0ubuntu2.1_powerpc.deb Size/MD5: 80932 c472084be1c41552aa460da32821f6b2
sparc architecture (Sun SPARC/UltraSPARC):
libexiv2-0.12_0.12-0ubuntu2.1_sparc.deb Size/MD5: 342696 8b5b87cb3e775e84f52af42463061a93 libexiv2-dev_0.12-0ubuntu2.1_sparc.deb Size/MD5: 550730 c684899b6e02a24363d84d63c79d5f63 exiv2_0.12-0ubuntu2.1_sparc.deb Size/MD5: 76504 5ff1d854da93e6c4aa78e3e044abab9b
Updated packages for Ubuntu 7.10:
Source archives:
exiv2_0.15-1ubuntu2.1.diff.gz Size/MD5: 11827 846734f802184d6ff2c3cd777bc4baa8 exiv2_0.15-1ubuntu2.1.dsc Size/MD5: 962 eb1965e2cad3d8e69c1847d1f5f6511a http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/exiv2_0.15.orig.tar.gz Size/MD5: 1133249 bb18d19e1d6fb255dadda456cadec00e
Architecture independent packages:
libexiv2-doc_0.15-1ubuntu2.1_all.deb Size/MD5: 10283310 f81b4f8536fcc2d468cc9c2f3aef7edb
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
libexiv2-0_0.15-1ubuntu2.1_amd64.deb Size/MD5: 356922 13eac76c1b4b018606c8dce0a0d743f0 libexiv2-dev_0.15-1ubuntu2.1_amd64.deb Size/MD5: 769470 341c2df43845b7f0e49c24801129e190 exiv2_0.15-1ubuntu2.1_amd64.deb Size/MD5: 94342 e904697e488381faa837afedbbce1568
i386 architecture (x86 compatible Intel/AMD):
libexiv2-0_0.15-1ubuntu2.1_i386.deb Size/MD5: 346814 18bf13f90a5c04f7fa427d908603de72 libexiv2-dev_0.15-1ubuntu2.1_i386.deb Size/MD5: 717734 2cf5ff3f308f31230a093751d6d13bd9 exiv2_0.15-1ubuntu2.1_i386.deb Size/MD5: 92746 3db1939f900790911b0d0cba4c49797d
lpia architecture (Low Power Intel Architecture):
libexiv2-0_0.15-1ubuntu2.1_lpia.deb Size/MD5: 342714 2cd48a9fccf2e45aa62ff37e5c384091 libexiv2-dev_0.15-1ubuntu2.1_lpia.deb Size/MD5: 717386 2e21ee23c17f7d15f20611a23ca957df exiv2_0.15-1ubuntu2.1_lpia.deb Size/MD5: 90954 8c5eae92c4ecd343222ec3fd098bfc7b
powerpc architecture (Apple Macintosh G3/G4/G5):
libexiv2-0_0.15-1ubuntu2.1_powerpc.deb Size/MD5: 382124 09d14e26595a990d93ae26256d066a7d libexiv2-dev_0.15-1ubuntu2.1_powerpc.deb Size/MD5: 799038 6b31eb51ec6b1a679826ed5bb7dcdb5c exiv2_0.15-1ubuntu2.1_powerpc.deb Size/MD5: 96926 50322cf8bb638c1c1cbf213acb7b26c6
sparc architecture (Sun SPARC/UltraSPARC):
libexiv2-0_0.15-1ubuntu2.1_sparc.deb Size/MD5: 385294 742f66ba917b8d6a9d08a317ea680527 libexiv2-dev_0.15-1ubuntu2.1_sparc.deb Size/MD5: 728258 ed09fe85cc4f41743894ed715b987bc2 exiv2_0.15-1ubuntu2.1_sparc.deb Size/MD5: 91880 e7d8d9553973b8808bfd8e45ec268560
Updated packages for Ubuntu 8.04 LTS:
Source archives:
exiv2_0.16-3ubuntu1.1.diff.gz Size/MD5: 10463 6acb39afaf124078cc2dbbf2820fb6ab exiv2_0.16-3ubuntu1.1.dsc Size/MD5: 1136 0a52104d32ae002426eca5cb807b9054 http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/exiv2_0.16.orig.tar.gz Size/MD5: 1578446 c6a9a8a3e212b5a26266579ebd0a5410
Architecture independent packages:
libexiv2-doc_0.16-3ubuntu1.1_all.deb Size/MD5: 2792682 ecee2c1ad4c1d40ef1d721e9c1dd3fbe
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
libexiv2-2_0.16-3ubuntu1.1_amd64.deb Size/MD5: 569658 233d2093d5426c7a718c631eb70b02f8 libexiv2-dev_0.16-3ubuntu1.1_amd64.deb Size/MD5: 1130098 a284e2fafec2b6fa7fc53a20bc8b203f exiv2_0.16-3ubuntu1.1_amd64.deb Size/MD5: 85898 0eac86576b150c35b4eda829380f2df7
i386 architecture (x86 compatible Intel/AMD):
libexiv2-2_0.16-3ubuntu1.1_i386.deb Size/MD5: 547664 da4c9e28896bce28ee34e42845ab54fe libexiv2-dev_0.16-3ubuntu1.1_i386.deb Size/MD5: 1060342 8544d49015218b23b27a3a2ad79a4843 exiv2_0.16-3ubuntu1.1_i386.deb Size/MD5: 84430 d7454f0f74c0dafb9301c48317d0661c
lpia architecture (Low Power Intel Architecture):
libexiv2-2_0.16-3ubuntu1.1_lpia.deb Size/MD5: 546194 4ddb8f5d98a5a349b18ab3b461366d47 libexiv2-dev_0.16-3ubuntu1.1_lpia.deb Size/MD5: 1066974 82fb3099c6df17d67775f12c1a29e68f exiv2_0.16-3ubuntu1.1_lpia.deb Size/MD5: 86704 74172b0f14fccfa6fae355e8b33b408a
powerpc architecture (Apple Macintosh G3/G4/G5):
libexiv2-2_0.16-3ubuntu1.1_powerpc.deb Size/MD5: 600368 fa91982b5c97b35b6dc46315a5abbe0b libexiv2-dev_0.16-3ubuntu1.1_powerpc.deb Size/MD5: 1165662 6258ddea80024c0e04433053564ae73b exiv2_0.16-3ubuntu1.1_powerpc.deb Size/MD5: 89518 b3f3a420428093a1cd6f0c49d496a93d
sparc architecture (Sun SPARC/UltraSPARC):
libexiv2-2_0.16-3ubuntu1.1_sparc.deb Size/MD5: 615214 bc34f7ef5304050de05ffd3e1d5bb1b6 libexiv2-dev_0.16-3ubuntu1.1_sparc.deb Size/MD5: 1122996 df649c37b46a4cb6a40d90b9a7414e95 exiv2_0.16-3ubuntu1.1_sparc.deb Size/MD5: 92150 c0804dfd682722e3211158df6f1c860d
--qoTlaiD+Y2fIM3Ll Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Kees Cook <kees@outflux.net>
iEYEARECAAYFAkj1VQoACgkQH/9LqRcGPm2fKACfVeKOrd0CkgkNLMs6Gc4NpDv1 zKEAoJmd9REWDrre0eo4eiGQCqCO8Uja =nAXu -----END PGP SIGNATURE-----
--qoTlaiD+Y2fIM3Ll--
--===============4248714065003176783== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4248714065003176783==--
|
|
|
|