You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke libexif

Sigurnosni nedostaci programske biblioteke libexif

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4358-1
May 13, 2020

libexif vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in libexif.

Software Description:
– libexif: library to parse EXIF files

Details:

It was discovered that libexif incorrectly handled certain tags.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-20030)

It was discovered that libexif incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash.
(CVE-2020-12767)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libexif12 0.6.21-6ubuntu0.1

Ubuntu 19.10:
libexif12 0.6.21-5.1ubuntu0.2

Ubuntu 18.04 LTS:
libexif12 0.6.21-4ubuntu0.2

Ubuntu 16.04 LTS:
libexif12 0.6.21-2ubuntu0.2

Ubuntu 14.04 ESM:
libexif12 0.6.21-1ubuntu1+esm2

Ubuntu 12.04 ESM:
libexif12 0.6.20-2ubuntu0.3

After a standard system update you need to restart your session to
effect the necessary changes.

References:
https://usn.ubuntu.com/4358-1
CVE-2018-20030, CVE-2020-12767

Package Information:
https://launchpad.net/ubuntu/+source/libexif/0.6.21-6ubuntu0.1
https://launchpad.net/ubuntu/+source/libexif/0.6.21-5.1ubuntu0.2
https://launchpad.net/ubuntu/+source/libexif/0.6.21-4ubuntu0.2
https://launchpad.net/ubuntu/+source/libexif/0.6.21-2ubuntu0.2
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl68QJgACgkQRbznW4QL
H2ln6hAAgszn+JnQbf1Q4rPp0xNLphvFforsIbCpJRLcacsz2xGeUIl3/itDRXku
ud0ABuo/hiJ+NsrvcYlpMBmPRBSuEDchNG79OMwzhI6dmBkAFcaQCFGcGCl9IVXA
OBfXiipXCUwJ+uOQWFgFbeqwMcdY5ps1WdeHX7S6kLHOrnQ2y7EiRk8KN7hC8T+K
5r5YcA2B7+kveDSHReS7KSdZvi8d3XBXnrkPd9QOhEkRkn1y5gf5xgLXUfqan5Wk
5E6Msh3Kx3ZU6NDTOSuv0BJ2m36Qz+VFM6+FwEB00h9D49LWNd2gJehsoNq65Ja6
9T30z2t9Z2O/47yqQy4HXuiF404k+CaO3RCY/CEmis3XG9By3Mx61DnmC4mvaDCN
Sqffdn0zKX4ESJSd9JNGktb5sSpH5ZgzNtPTsHwvGe9Y6PB15T+kLpIZnIN/wPSd
kawssXMBSGCfTK91ad5skS6Fx7q7E7juW1dFtj5Hnrr37ic9zmd01mstHkOed2m7
dUGQwVTh//1bfEtXuMWOAOedDfZObUn1c/BxLrggIgerWZ8N+JCqT7nT5G8jXcx6
NrKBU9IjegeH0leT/CKk7d0L7VYEHMHXZdgStsIxx4zMdsGuZCWFqt3SIv7XmUC2
4DaArlpF+ex+1eYnQD2axGgxyvIV/UL49KzHQsXMdMtHSkVfdS8=
=YIgV
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2020-05-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa Squid

Otkriveni su sigurnosni nedostaci u programskom paketu Squid za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS...

Close