Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Fedora 27: LibRaw Security Advisory for Critical Threats

fedora
Calendar Grey May 15, 2018
Dist Fedora Esm H88
The recent update to LibRaw in Fedora 27 addresses significant vulnerabilities that could enable potential breaches within the system.
---- CVE-2018-10529 fixed: out of bounds read in X3F parser CVE-2018-10528 fixed: possible stack overrun in X3F parser

Summary

LibRaw is a library for reading RAW files obtained from digital photo

cameras (CRW/CR2, NEF, RAF, DNG, and others).

LibRaw is based on the source codes of the dcraw utility, where part of

drawbacks have already been eliminated and part will be fixed in future.

---- CVE-2018-10529 fixed: out

of bounds read in X3F parser CVE-2018-10528 fixed: possible stack overrun in

X3F parser

* Thu May 10 2018 Gwyn Ciesla - 0.18.11-1

- 0.18.11.

* Thu May 3 2018 Gwyn Ciesla - 0.18.10-1

- 0.18.10.

* Wed Apr 25 2018 Gwyn Ciesla - 0.18.9-1

- 0.18.9.

* Sat Feb 24 2018 Gwyn Ciesla - 0.18.8-1

- 0.18.8.

* Wed Feb 7 2018 Fedora Release Engineering - 0.18.7-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Fri Feb 2 2018 Gwyn Ciesla - 0.18.7-2

- Patch for updated glibc.

* Fri Jan 19 2018 Gwyn Ciesla - 0.18.7-1

- 0.18.7

- Patch for ambiguous function call.

* Wed Dec 6 2017 Gwyn Ciesla - 0.18.6-1

- 0.18.6

[ 1 ] Bug #1576801 - LibRaw-0.18.11 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1576801

[ 2 ] Bug #1574326 - CVE-2018-10529 LibRaw: Out-of-bounds read in X3F property table list functionality in libraw_x3f.cpp and libraw_cxx.cpp [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1574326

[ 3 ] Bug #1574322 - CVE-2018-10528 LibRaw: Stack-based buffer overflow in libraw_cxx.cpp:utf2char() allows for potential code execution [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1574322

[ 4 ] Bug #1574486 - LibRaw-0.18.10 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1574486

su -c 'dnf upgrade --advisory FEDORA-2018-08ea7a5f0b' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory Fedora out of bounds LibRaw stack overrun

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 0.18.11
Release: 1.fc27
URL: https://www.libraw.org/
Summary: Library for reading RAW files obtained from digital photo cameras

Topics%20covered

Topics Covered

security advisory Fedora out of bounds LibRaw stack overrun

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here