You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke LibRaw

Sigurnosni nedostaci programske biblioteke LibRaw

——————————————————————————–
Fedora Update Notification
FEDORA-2018-742a69ccc3
2018-05-19 03:06:55.301491
——————————————————————————–

Name : LibRaw
Product : Fedora 26
Version : 0.18.11
Release : 1.fc26
URL : http://www.libraw.org
Summary : Library for reading RAW files obtained from digital photo cameras
Description :
LibRaw is a library for reading RAW files obtained from digital photo
cameras (CRW/CR2, NEF, RAF, DNG, and others).

LibRaw is based on the source codes of the dcraw utility, where part of
drawbacks have already been eliminated and part will be fixed in future.

——————————————————————————–
Update Information:

https://www.libraw.org/news/libraw-0-18-11 —- CVE-2018-10529 fixed: out
of bounds read in X3F parser CVE-2018-10528 fixed: possible stack overrun in
X3F parser
——————————————————————————–
ChangeLog:

* Thu May 10 2018 Gwyn Ciesla <limburgher@gmail.com> – 0.18.11-1
– 0.18.11.
* Thu May 3 2018 Gwyn Ciesla <limburgher@gmail.com> – 0.18.10-1
– 0.18.10.
* Wed Apr 25 2018 Gwyn Ciesla <limburgher@gmail.com> – 0.18.9-1
– 0.18.9.
* Sat Feb 24 2018 Gwyn Ciesla <limburgher@gmail.com> – 0.18.8-1
– 0.18.8.
* Wed Feb 7 2018 Fedora Release Engineering <releng@fedoraproject.org> – 0.18.7-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Feb 2 2018 Gwyn Ciesla <limburgher@gmail.com> – 0.18.7-2
– Patch for updated glibc.
* Fri Jan 19 2018 Gwyn Ciesla <limburgher@gmail.com> – 0.18.7-1
– 0.18.7
– Patch for ambiguous function call.
* Wed Dec 6 2017 Gwyn Ciesla <limburgher@gmail.com> – 0.18.6-1
– 0.18.6
* Fri Sep 22 2017 Gwyn Ciesla <limburgher@gmail.com> – 0.18.5-1
– 0.18.5
* Fri Sep 15 2017 Gwyn Ciesla <limburgher@gmail.com> – 0.18.4-2
– Patch for CVE-2017-14348.
* Tue Sep 12 2017 Gwyn Ciesla <limburgher@gmail.com> – 0.18.4-1
– 0.18.4
* Mon Sep 11 2017 Gwyn Ciesla <limburgher@gmail.com> – 0.18.3-1
– 0.18.3
* Wed Sep 6 2017 Gwyn Ciesla <limburgher@gmail.com> – 0.18.2-5
– Patch for CVE-2017-13735.
* Wed Aug 2 2017 Fedora Release Engineering <releng@fedoraproject.org> – 0.18.2-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> – 0.18.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Apr 14 2017 Rex Dieter <rdieter@fedoraproject.org> – 0.18.2-2
– fix rpath, tighten subpkg dependencies, use %license
——————————————————————————–
References:

[ 1 ] Bug #1576801 – LibRaw-0.18.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1576801
[ 2 ] Bug #1574326 – CVE-2018-10529 LibRaw: Out-of-bounds read in X3F property table list functionality in libraw_x3f.cpp and libraw_cxx.cpp [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1574326
[ 3 ] Bug #1574322 – CVE-2018-10528 LibRaw: Stack-based buffer overflow in libraw_cxx.cpp:utf2char() allows for potential code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1574322
[ 4 ] Bug #1574486 – LibRaw-0.18.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574486
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-742a69ccc3’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4X62KR4LT4N5H5GVVI34ARS7KNNQ3BL/

Top
More in Preporuke
Ispravak sigurnosne zakrpe za programski paket firefox

Ubuntu je izdao ispravak zakrpe za programski paket firefox, a odnosi se na preporuku oznake USN-3645-1 izdane 14. svibnja. Zbog...

Close