You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa libraw

Sigurnosni nedostaci programskog paketa libraw

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3615-1
April 03, 2018

libraw vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

LibRaw could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
– libraw: raw image decoder library

Details:

It was discovered that LibRaw incorrectly handled photo files. If a user or
automated system were tricked into processing a specially crafted photo
file, a remote attacker could cause applications linked against LibRaw to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
libraw16 0.18.2-2ubuntu0.2

Ubuntu 16.04 LTS:
libraw15 0.17.1-1ubuntu0.2

Ubuntu 14.04 LTS:
libraw9 0.15.4-1ubuntu0.2

After a standard system update you need to restart your session to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3615-1
CVE-2017-16909, CVE-2017-16910, CVE-2018-5800, CVE-2018-5801,
CVE-2018-5802

Package Information:
https://launchpad.net/ubuntu/+source/libraw/0.18.2-2ubuntu0.2
https://launchpad.net/ubuntu/+source/libraw/0.17.1-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libraw/0.15.4-1ubuntu0.2

—–BEGIN PGP SIGNATURE—–

iQIcBAEBCgAGBQJaw9qAAAoJEGVp2FWnRL6TlncP/0NyrFGbInWEzdoCzAPICCeI
wtqaePhJ3HVbmT5vEnmEDwBvU4gMxxKRoERQg834dis+N4jZw8okzaIrWm+gnNSP
IyrhsHGDtqT14gVaNIuwIE//7txinhsbOks/5PFjBVYgTWt9u2qly0ZmZmqXEpTu
cTwhpXdkcusZZJDxV9u0dmL/mITA4CmQAN5Q9Ll02/+uiD+IBM8nIk62FTRlsF0t
5Y2HFOXTM9gZvjA1uw0zk9qQ7Nir20HI70CBB67fFEOcekORfi4DUAExRmYPiQ8b
ZUzabgR/gVdbnsbKkyqm09vcYb1QfxkzUgHqfu3UYEGbi+jox6mNIdiRvmEI/bBL
URvmFhADTGLySowKfDv4pGAyGnC+tJIegC7zJl1ZfJKtlwpcYomEiiUc1/auykW2
0BwdkF0lVFQlXGsmnoNagNjAOO/pV1azsvL3wASQ75SK7ybb5KQcgUwWdl5rTBmp
/5s2YpDGZq/qPafbvZM+Zv6aZLA2vnsRbBw69IdBmwtxMTV7/6UT9EdjH27ll25C
LykPOBDkfYdswHF7uf8ropWNSU3JURXdkiD2tl0AndSSq6ky3E6N9KewBJLcBfeE
iA2AagNj15f+MGiPeQnaS7dESY3O+wphcOOY1bvaI4WXAO3rUqzeVZ/1Xs3xP6wW
4GWKB85grpoK/EX/yav/
=v3TT
—–END PGP SIGNATURE—–

AutorPetar Bertok
Cert idNCERT-REF-2018-04-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa python-crypto

Otkriveni su sigurnosni nedostaci u programskom paketu python-crypto za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje osjetljivih informacija....

Close