What Are You Looking For?

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-8621
2015-05-20 22:15:45
--------------------------------------------------------------------------------

Name        : dcraw
Product     : Fedora 22
Version     : 9.25.0
Release     : 2.fc22
URL         : Summary     : Tool for decoding raw image data from digital cameras
Description :
This package contains dcraw, a command line tool to decode raw image data
downloaded from digital cameras.

--------------------------------------------------------------------------------
Update Information:

This update contains a fix for a bug which could cause dcraw write past array boundaries.

Additionally, it updates dcraw to version 9,25.0 which contains updated color matrices and supports the Canon EOS 5DS.
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 20 2015 Nils Philippsen  - 9.25.0-2
- add Provides: bundled(dcraw)
- don't manually specify, clean buildroot
* Wed May 20 2015 Nils Philippsen  - 9.25.0-1
- version 9.25.0
- remove unnecessary check from CVE-2013-1438 patch
- avoid writing past array boundaries when reading certain raw formats
  (CVE-2015-3885)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1221249 - CVE-2015-3885 dcraw: input sanitization flaw leading to buffer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=1221249
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update dcraw' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Fedora 22: dcraw Security Update

June 6, 2015
This update contains a fix for a bug which could cause dcraw write past array boundaries

Summary

This package contains dcraw, a command line tool to decode raw image data

downloaded from digital cameras.

Update Information:

This update contains a fix for a bug which could cause dcraw write past array boundaries.

Additionally, it updates dcraw to version 9,25.0 which contains updated color matrices and supports the Canon EOS 5DS.

Change Log

* Wed May 20 2015 Nils Philippsen - 9.25.0-2 - add Provides: bundled(dcraw) - don't manually specify, clean buildroot * Wed May 20 2015 Nils Philippsen - 9.25.0-1 - version 9.25.0 - remove unnecessary check from CVE-2013-1438 patch - avoid writing past array boundaries when reading certain raw formats (CVE-2015-3885)

References

[ 1 ] Bug #1221249 - CVE-2015-3885 dcraw: input sanitization flaw leading to buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1221249

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update dcraw' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : dcraw
Product : Fedora 22
Version : 9.25.0
Release : 2.fc22
URL : Summary : Tool for decoding raw image data from digital cameras

Related News

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nov 27, 2023

Severe Chromium Bug Threatens Sensitive Data, System Availability

Nov 13, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Linux 6.7 Introduces "make hardening.config" To Help Build A Hardened Kernel

Nov 5, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo