Sigurnosni nedostaci programskog paketa libraw

Preporuke

by - 4. travnja 2018.0

==========================================================================
Ubuntu Security Notice USN-3615-1
April 03, 2018

libraw vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

LibRaw could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
– libraw: raw image decoder library

Details:

It was discovered that LibRaw incorrectly handled photo files. If a user or
automated system were tricked into processing a specially crafted photo
file, a remote attacker could cause applications linked against LibRaw to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
libraw16 0.18.2-2ubuntu0.2

Ubuntu 16.04 LTS:
libraw15 0.17.1-1ubuntu0.2

Ubuntu 14.04 LTS:
libraw9 0.15.4-1ubuntu0.2

After a standard system update you need to restart your session to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3615-1
CVE-2017-16909, CVE-2017-16910, CVE-2018-5800, CVE-2018-5801,
CVE-2018-5802

Package Information:
https://launchpad.net/ubuntu/+source/libraw/0.18.2-2ubuntu0.2
https://launchpad.net/ubuntu/+source/libraw/0.17.1-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libraw/0.15.4-1ubuntu0.2

—–BEGIN PGP SIGNATURE—–

iQIcBAEBCgAGBQJaw9qAAAoJEGVp2FWnRL6TlncP/0NyrFGbInWEzdoCzAPICCeI
wtqaePhJ3HVbmT5vEnmEDwBvU4gMxxKRoERQg834dis+N4jZw8okzaIrWm+gnNSP
IyrhsHGDtqT14gVaNIuwIE//7txinhsbOks/5PFjBVYgTWt9u2qly0ZmZmqXEpTu
cTwhpXdkcusZZJDxV9u0dmL/mITA4CmQAN5Q9Ll02/+uiD+IBM8nIk62FTRlsF0t
5Y2HFOXTM9gZvjA1uw0zk9qQ7Nir20HI70CBB67fFEOcekORfi4DUAExRmYPiQ8b
ZUzabgR/gVdbnsbKkyqm09vcYb1QfxkzUgHqfu3UYEGbi+jox6mNIdiRvmEI/bBL
URvmFhADTGLySowKfDv4pGAyGnC+tJIegC7zJl1ZfJKtlwpcYomEiiUc1/auykW2
0BwdkF0lVFQlXGsmnoNagNjAOO/pV1azsvL3wASQ75SK7ybb5KQcgUwWdl5rTBmp
/5s2YpDGZq/qPafbvZM+Zv6aZLA2vnsRbBw69IdBmwtxMTV7/6UT9EdjH27ll25C
LykPOBDkfYdswHF7uf8ropWNSU3JURXdkiD2tl0AndSSq6ky3E6N9KewBJLcBfeE
iA2AagNj15f+MGiPeQnaS7dESY3O+wphcOOY1bvaI4WXAO3rUqzeVZ/1Xs3xP6wW
4GWKB85grpoK/EX/yav/
=v3TT
—–END PGP SIGNATURE—–
—

Sigurnosni nedostaci programskog paketa libraw

Archives

More in Preporuke

Sigurnosni nedostaci programskog paketa python-crypto