You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa exiv2

Sigurnosni nedostatak programskog paketa exiv2

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2454-1
January 07, 2015

exiv2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10

Summary:

Exiv2 could be made to crash if it opened a specially crafted file.

Software Description:
– exiv2: EXIF/IPTC metadata manipulation tool

Details:

It was discovered that Exiv2 incorrectly handled certain tag values in
video files. If a user or automated system were tricked into opening a
specially-crafted video file, a remote attacker could cause Exiv2 to crash,
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
libexiv2-13 0.24-2ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2454-1
CVE-2014-9449

Package Information:
https://launchpad.net/ubuntu/+source/exiv2/0.24-2ubuntu1.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUrX5VAAoJEGVp2FWnRL6TwTUP/Ay0untC/uLu+OS0YjppjaVS
1Q29s1UK/7PtIlFGbACb/4CrWwVPvMDtoEE2I+zvU91mWoWhxK2aRCr0/8vZmfNw
7rR79bgzq9QExHASb6gKlONstFnrSQNIOZPDKWa6F8FpE0bMo4N7F9imQzP6kmAZ
b0huo6vyivhRthiJwB4qSozMYl2QEahYCKGONjvE8N5e5CLTW75aT6A7JvNzWAIr
MYsPIiJTBL5SW24D2PidVt5JFd/4t3IsccYj/lMQv7la8JB5SofR6dJJtylXYouv
Tmg/KNk1wiSUFKWW5d/PRRW3RVxAgunF7i8GoVhfyYvixR9BFjZb0+vnv69ifIpl
EOSUDx7wt2iOeriWkBaWm+d+MW+FEYs6rG2wfXj253sEEoBX+bTuRZfHiQT/Sk0m
mcta2a4QdtsOfDD/a1uIYnPprGsy/Cbvsk3nc7fa0NoAkbVL2nHDyN+tXRC6Tais
wEQnBhtEw4n9SgWyM83afTWCrnCArEgWpD8ccbu2tckmI6p3ciSb30VzGomJpcK8
El2svmkeMiuXh4jUbqeAAbmr3YdXTJXSUbKmlcmqe/NTIFvfrI7kahEBkyyhdq1h
C5Wqpxl48uwDbAPTGX/sHyX42iMnONsRoFxnIaQjV+QctHyVpR1mjyIA5cIMa4iS
mfD8M6ArtgunkbQFhlj6
=STfH
—–END PGP SIGNATURE—–

AutorMarijo Plepelic
Cert idNCERT-REF-2015-01-0002-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa libjpeg

Otkriven je sigurnosni nedostatak u programskom paketu libjpeg za operacijski sustav Mandriva. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje napada uskraćivanja...

Close