The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-655-1] exiv2 vulnerabilities


<< Previous INDEX Search src / Print Next >>
Date: Tue, 14 Oct 2008 19:27:22 -0700
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-655-1] exiv2 vulnerabilities
Message-ID: <20081015022722.GN17241@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="qoTlaiD+Y2fIM3Ll"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.63 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru


--qoTlaiD+Y2fIM3Ll
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Ubuntu Security Notice USN-655-1 October 15, 2008 exiv2 vulnerabilities CVE-2007-6353, CVE-2008-2696
A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: libexiv2-0.12 0.12-0ubuntu2.1 Ubuntu 7.10: libexiv2-0 0.15-1ubuntu2.1 Ubuntu 8.04 LTS: libexiv2-2 0.16-3ubuntu1.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: Meder Kydyraliev discovered that exiv2 did not correctly handle certain EXIF headers. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service, or possibly executing arbitrary code with user privileges. (CVE-2007-6353) Joakim Bildrulle discovered that exiv2 did not correctly handle Nikon lens EXIF information. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service. (CVE-2008-2696) Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/exiv2_0.12-0ubuntu2.1.diff.gz Size/MD5: 32108 881ecd361df315c9f9ae3eef6697d4c1 http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/exiv2_0.12-0ubuntu2.1.dsc Size/MD5: 816 734b5975b4cebbdbb186b3cb4cbcbf12 http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/exiv2_0.12.orig.tar.gz Size/MD5: 2359138 a97a4e489df7ec99458e3e33b506c3e6 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-doc_0.12-0ubuntu2.1_all.deb Size/MD5: 1735332 f37635e5c13f681e812d919f30eb204d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-0.12_0.12-0ubuntu2.1_amd64.deb Size/MD5: 320666 c65dd9bb0ab46b55d185408deeecba6c http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-dev_0.12-0ubuntu2.1_amd64.deb Size/MD5: 589930 824529b76088c4c520fa726a81f45cd4 http://security.ubuntu.com/ubuntu/pool/universe/e/exiv2/exiv2_0.12-0ubuntu2.1_amd64.deb Size/MD5: 78012 98d8308fd26e87cb1543561e8c432ade i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-0.12_0.12-0ubuntu2.1_i386.deb Size/MD5: 312622 36d00e09f5b4ec5d1afe935295fd5877 http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-dev_0.12-0ubuntu2.1_i386.deb Size/MD5: 540124 646eae0ccb60a6de683a6168b23a645c http://security.ubuntu.com/ubuntu/pool/universe/e/exiv2/exiv2_0.12-0ubuntu2.1_i386.deb Size/MD5: 76178 9720daedc000922a0dcc281a87258b0b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-0.12_0.12-0ubuntu2.1_powerpc.deb Size/MD5: 344604 a9056c6871b35ad37edaa7d43fe01e77 http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-dev_0.12-0ubuntu2.1_powerpc.deb Size/MD5: 615756 21316c2dd7a54cee1c2ab33ae5782cbe http://security.ubuntu.com/ubuntu/pool/universe/e/exiv2/exiv2_0.12-0ubuntu2.1_powerpc.deb Size/MD5: 80932 c472084be1c41552aa460da32821f6b2 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-0.12_0.12-0ubuntu2.1_sparc.deb Size/MD5: 342696 8b5b87cb3e775e84f52af42463061a93 http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-dev_0.12-0ubuntu2.1_sparc.deb Size/MD5: 550730 c684899b6e02a24363d84d63c79d5f63 http://security.ubuntu.com/ubuntu/pool/universe/e/exiv2/exiv2_0.12-0ubuntu2.1_sparc.deb Size/MD5: 76504 5ff1d854da93e6c4aa78e3e044abab9b Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/exiv2_0.15-1ubuntu2.1.diff.gz Size/MD5: 11827 846734f802184d6ff2c3cd777bc4baa8 http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/exiv2_0.15-1ubuntu2.1.dsc Size/MD5: 962 eb1965e2cad3d8e69c1847d1f5f6511a http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/exiv2_0.15.orig.tar.gz Size/MD5: 1133249 bb18d19e1d6fb255dadda456cadec00e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-doc_0.15-1ubuntu2.1_all.deb Size/MD5: 10283310 f81b4f8536fcc2d468cc9c2f3aef7edb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-0_0.15-1ubuntu2.1_amd64.deb Size/MD5: 356922 13eac76c1b4b018606c8dce0a0d743f0 http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-dev_0.15-1ubuntu2.1_amd64.deb Size/MD5: 769470 341c2df43845b7f0e49c24801129e190 http://security.ubuntu.com/ubuntu/pool/universe/e/exiv2/exiv2_0.15-1ubuntu2.1_amd64.deb Size/MD5: 94342 e904697e488381faa837afedbbce1568 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-0_0.15-1ubuntu2.1_i386.deb Size/MD5: 346814 18bf13f90a5c04f7fa427d908603de72 http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-dev_0.15-1ubuntu2.1_i386.deb Size/MD5: 717734 2cf5ff3f308f31230a093751d6d13bd9 http://security.ubuntu.com/ubuntu/pool/universe/e/exiv2/exiv2_0.15-1ubuntu2.1_i386.deb Size/MD5: 92746 3db1939f900790911b0d0cba4c49797d lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/e/exiv2/libexiv2-0_0.15-1ubuntu2.1_lpia.deb Size/MD5: 342714 2cd48a9fccf2e45aa62ff37e5c384091 http://ports.ubuntu.com/pool/main/e/exiv2/libexiv2-dev_0.15-1ubuntu2.1_lpia.deb Size/MD5: 717386 2e21ee23c17f7d15f20611a23ca957df http://ports.ubuntu.com/pool/universe/e/exiv2/exiv2_0.15-1ubuntu2.1_lpia.deb Size/MD5: 90954 8c5eae92c4ecd343222ec3fd098bfc7b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-0_0.15-1ubuntu2.1_powerpc.deb Size/MD5: 382124 09d14e26595a990d93ae26256d066a7d http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-dev_0.15-1ubuntu2.1_powerpc.deb Size/MD5: 799038 6b31eb51ec6b1a679826ed5bb7dcdb5c http://security.ubuntu.com/ubuntu/pool/universe/e/exiv2/exiv2_0.15-1ubuntu2.1_powerpc.deb Size/MD5: 96926 50322cf8bb638c1c1cbf213acb7b26c6 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-0_0.15-1ubuntu2.1_sparc.deb Size/MD5: 385294 742f66ba917b8d6a9d08a317ea680527 http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-dev_0.15-1ubuntu2.1_sparc.deb Size/MD5: 728258 ed09fe85cc4f41743894ed715b987bc2 http://security.ubuntu.com/ubuntu/pool/universe/e/exiv2/exiv2_0.15-1ubuntu2.1_sparc.deb Size/MD5: 91880 e7d8d9553973b8808bfd8e45ec268560 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/exiv2_0.16-3ubuntu1.1.diff.gz Size/MD5: 10463 6acb39afaf124078cc2dbbf2820fb6ab http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/exiv2_0.16-3ubuntu1.1.dsc Size/MD5: 1136 0a52104d32ae002426eca5cb807b9054 http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/exiv2_0.16.orig.tar.gz Size/MD5: 1578446 c6a9a8a3e212b5a26266579ebd0a5410 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-doc_0.16-3ubuntu1.1_all.deb Size/MD5: 2792682 ecee2c1ad4c1d40ef1d721e9c1dd3fbe amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-2_0.16-3ubuntu1.1_amd64.deb Size/MD5: 569658 233d2093d5426c7a718c631eb70b02f8 http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-dev_0.16-3ubuntu1.1_amd64.deb Size/MD5: 1130098 a284e2fafec2b6fa7fc53a20bc8b203f http://security.ubuntu.com/ubuntu/pool/universe/e/exiv2/exiv2_0.16-3ubuntu1.1_amd64.deb Size/MD5: 85898 0eac86576b150c35b4eda829380f2df7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-2_0.16-3ubuntu1.1_i386.deb Size/MD5: 547664 da4c9e28896bce28ee34e42845ab54fe http://security.ubuntu.com/ubuntu/pool/main/e/exiv2/libexiv2-dev_0.16-3ubuntu1.1_i386.deb Size/MD5: 1060342 8544d49015218b23b27a3a2ad79a4843 http://security.ubuntu.com/ubuntu/pool/universe/e/exiv2/exiv2_0.16-3ubuntu1.1_i386.deb Size/MD5: 84430 d7454f0f74c0dafb9301c48317d0661c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/e/exiv2/libexiv2-2_0.16-3ubuntu1.1_lpia.deb Size/MD5: 546194 4ddb8f5d98a5a349b18ab3b461366d47 http://ports.ubuntu.com/pool/main/e/exiv2/libexiv2-dev_0.16-3ubuntu1.1_lpia.deb Size/MD5: 1066974 82fb3099c6df17d67775f12c1a29e68f http://ports.ubuntu.com/pool/universe/e/exiv2/exiv2_0.16-3ubuntu1.1_lpia.deb Size/MD5: 86704 74172b0f14fccfa6fae355e8b33b408a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/e/exiv2/libexiv2-2_0.16-3ubuntu1.1_powerpc.deb Size/MD5: 600368 fa91982b5c97b35b6dc46315a5abbe0b http://ports.ubuntu.com/pool/main/e/exiv2/libexiv2-dev_0.16-3ubuntu1.1_powerpc.deb Size/MD5: 1165662 6258ddea80024c0e04433053564ae73b http://ports.ubuntu.com/pool/universe/e/exiv2/exiv2_0.16-3ubuntu1.1_powerpc.deb Size/MD5: 89518 b3f3a420428093a1cd6f0c49d496a93d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/e/exiv2/libexiv2-2_0.16-3ubuntu1.1_sparc.deb Size/MD5: 615214 bc34f7ef5304050de05ffd3e1d5bb1b6 http://ports.ubuntu.com/pool/main/e/exiv2/libexiv2-dev_0.16-3ubuntu1.1_sparc.deb Size/MD5: 1122996 df649c37b46a4cb6a40d90b9a7414e95 http://ports.ubuntu.com/pool/universe/e/exiv2/exiv2_0.16-3ubuntu1.1_sparc.deb Size/MD5: 92150 c0804dfd682722e3211158df6f1c860d --qoTlaiD+Y2fIM3Ll Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Kees Cook <kees@outflux.net.> iEYEARECAAYFAkj1VQoACgkQH/9LqRcGPm2fKACfVeKOrd0CkgkNLMs6Gc4NpDv1 zKEAoJmd9REWDrre0eo4eiGQCqCO8Uja =nAXu -----END PGP SIGNATURE----- --qoTlaiD+Y2fIM3Ll--

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру