You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke libraw

Sigurnosni nedostaci programske biblioteke libraw

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3492-1
November 22, 2017

libraw vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

LibRaw could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
– libraw: raw image decoder library

Details:

It was discovered that LibRaw incorrectly handled photo files. If a user or
automated system were tricked into processing a specially crafted photo
file, a remote attacker could cause applications linked against LibRaw
to crash, resulting in a denial of service, or possibly execute arbitrary
code

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
libraw16 0.18.2-2ubuntu0.1

Ubuntu 17.04:
libraw16 0.18.1-1ubuntu0.1

Ubuntu 16.04 LTS:
libraw15 0.17.1-1ubuntu0.1

Ubuntu 14.04 LTS:
libraw9 0.15.4-1ubuntu0.1

After a standard system update you need to restart your session to make
all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3492-1
CVE-2015-3885, CVE-2015-8366, CVE-2015-8367, CVE-2017-13735,
CVE-2017-14265, CVE-2017-14348, CVE-2017-14608, CVE-2017-6886,
CVE-2017-6887

Package Information:
https://launchpad.net/ubuntu/+source/libraw/0.18.2-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libraw/0.18.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libraw/0.17.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libraw/0.15.4-1ubuntu0.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJaFeUoAAoJEGVp2FWnRL6Ty4gP/1IQv+h80G+R0tx2cI8O+VrB
3Mppo3UTM9lCsOJMoO2ZV/FGpE89c7w86cuONdC2Srcgwd22JgV1qA8+wPNRPy+W
EJUbWFQ9wc4TxKCJ8PPQsT1qgx1nGXav/kBUSdjDZOajo35hviBOuQTQ1mCfpBy2
fqXAjgAooYupn1cZoA9V1E0CMqzqlknr4jOCM2T8sh82GNrwQqjrBERU6bdGfumb
ja0UM0MaRPUuL5Xu0gj7BHwdBjpdEZ5V3BR9/uS7Aji82eHvWtgs1Z+yzIW9B60H
a6avK80+2efzemOyEdKj2DyCOxeNkHabrvlzl64aMb6zkcA3a6UbR0i5c3zw15dT
BRsX5StYYsAc9SglOBiNSIXHlIcDa6Q62JQlDAnCF9553zcicc/9dqo8VnYz+PD4
Ou0UyoFAauDT9d5qp7llwDugJPd2K4LPWv1h3D0fBbBSeQ81EkEKSYHBFIN0Ib8i
EIec+1FyTQhDWPMMdHUBV3Y9UdBMdrKFriOfZ1RXGFwKMC3oySM9QNNCIVy/CBv6
AlfzOa2CkQam1aHQ5Nmfl/o5VvLbBhMhZlJxZZ+7pxRVaecZa9HWLcXe5+Oeskbq
KSxy7R+V/Cb9iy7GXU039EXaecBOOzf0Un76dZMj8KkvAKgD2xREO5cRayAYZfW5
t9Sc/beMtk0VxfT9VT+8
=gngr
—–END PGP SIGNATURE—–

AutorDanijel Kozinovic
Cert idNCERT-REF-2017-11-0153-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke ldns

Otkriveni su sigurnosni nedostaci u programskoj biblioteci ldns za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju stjecanje generiranih privatnih...

Close