==========================================================================
Ubuntu Security Notice USN-2454-1
January 07, 2015
exiv2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.10
Summary:
Exiv2 could be made to crash if it opened a specially crafted file.
Software Description:
– exiv2: EXIF/IPTC metadata manipulation tool
Details:
It was discovered that Exiv2 incorrectly handled certain tag values in
video files. If a user or automated system were tricked into opening a
specially-crafted video file, a remote attacker could cause Exiv2 to crash,
resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
libexiv2-13 0.24-2ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2454-1
CVE-2014-9449
Package Information:
https://launchpad.net/ubuntu/+source/exiv2/0.24-2ubuntu1.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJUrX5VAAoJEGVp2FWnRL6TwTUP/Ay0untC/uLu+OS0YjppjaVS
1Q29s1UK/7PtIlFGbACb/4CrWwVPvMDtoEE2I+zvU91mWoWhxK2aRCr0/8vZmfNw
7rR79bgzq9QExHASb6gKlONstFnrSQNIOZPDKWa6F8FpE0bMo4N7F9imQzP6kmAZ
b0huo6vyivhRthiJwB4qSozMYl2QEahYCKGONjvE8N5e5CLTW75aT6A7JvNzWAIr
MYsPIiJTBL5SW24D2PidVt5JFd/4t3IsccYj/lMQv7la8JB5SofR6dJJtylXYouv
Tmg/KNk1wiSUFKWW5d/PRRW3RVxAgunF7i8GoVhfyYvixR9BFjZb0+vnv69ifIpl
EOSUDx7wt2iOeriWkBaWm+d+MW+FEYs6rG2wfXj253sEEoBX+bTuRZfHiQT/Sk0m
mcta2a4QdtsOfDD/a1uIYnPprGsy/Cbvsk3nc7fa0NoAkbVL2nHDyN+tXRC6Tais
wEQnBhtEw4n9SgWyM83afTWCrnCArEgWpD8ccbu2tckmI6p3ciSb30VzGomJpcK8
El2svmkeMiuXh4jUbqeAAbmr3YdXTJXSUbKmlcmqe/NTIFvfrI7kahEBkyyhdq1h
C5Wqpxl48uwDbAPTGX/sHyX42iMnONsRoFxnIaQjV+QctHyVpR1mjyIA5cIMa4iS
mfD8M6ArtgunkbQFhlj6
=STfH
—–END PGP SIGNATURE—–
—