You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke FreeImage

Sigurnosni nedostatak programske biblioteke FreeImage

by Marina Dimic Vugec - 0

==========================================================================
Ubuntu Security Notice USN-3925-1
March 28, 2019

freeimage vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

FreeImage could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
– freeimage: Support library for graphics image formats (development files)

Details:

It was discovered that an out-of-bounds write vulnerability existed in the XMP
Image handling functionality of the FreeImage library. If a user or automated
system were tricked into opening a specially crafted image, a remote attacker
could overwrite arbitrary memory, resultin in code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libfreeimage3 3.17.0+ds1-2ubuntu0.1
libfreeimageplus3 3.17.0+ds1-2ubuntu0.1

Ubuntu 14.04 LTS:
libfreeimage3 3.15.4-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3925-1
CVE-2016-5684

Package Information:
https://launchpad.net/ubuntu/+source/freeimage/3.17.0+ds1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/freeimage/3.15.4-3ubuntu0.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAlydED0ACgkQdyg1Qz0o
XX0hvg/+ITX0Fcg7ueW7bUKOB/UsZVQywbgDqs260ZXyLp1/60M7fUm8t7YEy4ZU
pDlVPm+krK+5efFbsSZTLLcdNpHqF7wkIonldXD7N0FKi3O9hB3TY05Q/ulGr44K
MelEng5Q8fxtkMmOsZQubrgffS9sIcFlENwFwXn/wW4nUXoMItSWnvM0b4lOGbmt
RyHYnbE8I3Ul1U1+EyLqh/gzr/zpMbBEWX3sG4FtIJwLFz17Ukalc856PO6PBtaH
meOOc56VS0QrbRsAQAuIJ2olcuBPdHtDbxz6qVkzfhVWel7kaFl736Ea/hqnM3qY
GM29GoNgA0HMk0JQmcRmGiSeFBmn/ylQ0bsq/8diJ0wSm1LR94t0327Z+7RklWTA
7deb8ebIg/7fbO2z/xpyeJwe27Qhi7HfPWuFARuUHYXQeTllHP+9HPd4Ygy1SHyu
21xrBtcTtC4XgcuVqyLYK/Qd/nIl3cLUtmL8QMxEeHXVm8HVS0E5w4uS1K8g3Cbj
jcLNur91eLvlbjTUqp51tcnqVsaukTdRS/EJR4mM7oUg5rCW+OHjBF7/ChlG5DxL
q1abLhnIMGJwCOpitFPwwkP4ajNf4bPrsTd6ifv9M6vc7uM75BSgwGxz+CTseAmn
UouP3E/6V9ojBSQZ0CGSOZIx9tMF0UnmMgBi/+obZmmEqLgsee8=
=dg0j
—–END PGP SIGNATURE—–

Marina Dimic Vugec
Top
More in Preporuke
Ranjivost Cisco IOS XE softvera

Otkrivena je ranjivost kod Web Services Management Agent (WSMA) funkcije Cisco IOS XE softvera uzrokovana nepravilnom sanitizacijom korisničkih ulaza. Otkrivena...

Close