1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4618-1] libexif security update

    From Salvatore Bonaccorso@1:229/2 to All on Thu Feb 6 22:30:02 2020
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4618-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 06, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libexif
    CVE ID : CVE-2019-9278
    Debian Bug : 945948

    An out-of-bounds write vulnerability due to an integer overflow was
    reported in libexif, a library to parse EXIF files, which could result
    in denial of service, or potentially the execution of arbitrary code if specially crafted image files are processed.

    For the oldstable distribution (stretch), this problem has been fixed
    in version 0.6.21-2+deb9u1.

    For the stable distribution (buster), this problem has been fixed in
    version 0.6.21-5.1+deb10u1.

    We recommend that you upgrade your libexif packages.

    For the detailed security status of libexif please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/libexif

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl48gb9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RaQQ/+Ks1VwBoS6ylCfSseCTvrq4bsq3QCPJXWZ6YV2TkFZOHc4D6l52KKFvlZ aenjHIC7HJ6XgasxeBq/RUnmLvF3h0wVh4Ej2RZPYqrZKv43coJmpYYyT9RiRpQt CDWNLhRcvOzFx0HiQrVR16KJxYMIPDmhDR8jbCC9dGAPgSX8CmGNUCkiNFbSAbEu iFjQmAyhaAPMp/8LIkAQ3vT1TqH4bxRqXkQdoi+UiD8DJS/KN9DX1AopPCsLTdGH Bry+hIgkbhuEqW1sLNcXTjFYmA3UQvfQrtV0O+i30z03W0Ae64QiIZxyd/vuBpJh yeZxMVjmKhtOdSnh111l9PN3R232lw+3I3RMzapcXh+uj3kBrKKdOtuPrEoZbNU9 6GuzsxRaeLGWwqldCYKfHrlIBdFboCgcxSadmTSK+27rLsd6kMbIRb3tAcN9QVWT LNwNjMnddYo9bMfKls1kxT2ExsV4Uo8gynp1pUJk4twmYqbn690vDGWXGXpkZqpQ dkLoBYJzOig/4KzxA/T7CQ+W8hRfvov50VqRrnIp909VXHKktABXfwvkPgOBRC7a vChKdUajFO0ktUhkWWvUlua8iIPKOStWXA+HP9+cb3Svi2zk6ZSodgA12l+/SviJ 2FE5b+hzkxX2y3+mSFATqeURtCkur/4yEOA+eqeXrRBTIQ3Mskg=
    =q4iv
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)