Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Fedora 28: 2018-54c29139b3 Critical Exiv2 Buffer Overflow Update

fedora
Calendar Grey May 19, 2018
Dist Fedora Esm H88
Crucial exiv2 library patch for Fedora 28 addresses critical vulnerabilities such as service disruption and memory over-read.
Security update for CVE-2017-17723, CVE-2017-17725, CVE-2018-5772

Summary

A command line utility to access image metadata, allowing one to:

* print the Exif metadata of Jpeg images as summary info, interpreted values,

or the plain data for each tag

* print the Iptc metadata of Jpeg images

* print the Jpeg comment of Jpeg images

* set, add and delete Exif and Iptc metadata of Jpeg images

* adjust the Exif timestamp (that's how it all started...)

* rename Exif image files according to the Exif timestamp

* extract, insert and delete Exif metadata (including thumbnails),

Iptc metadata and Jpeg comments

Security update for CVE-2017-17723, CVE-2017-17725, CVE-2018-5772

* Thu May 3 2018 Germano Massullo - 0.26-10

- added patches that fix CVE-2017-17723 CVE-2017-17725 CVE-2017-5772

- moved 0006-1296-Fix-submitted.patch file from sources to package tree

* Tue Feb 20 2018 Rex Dieter - 0.26-9

- BR: gcc-c++

[ 1 ] Bug #1536904 - CVE-2018-5772 exiv2: Uncontrolled recursion in image.cpp:Exiv2::Image::printIFDStructure() can allow a remote attacker to cause a denial of service via a crafted tif file

https://bugzilla.redhat.com/show_bug.cgi?id=1536904

[ 2 ] Bug #1545232 - CVE-2017-17725 exiv2: heap-based buffer over-read in Exiv2::getULong function in types.cpp

https://bugzilla.redhat.com/show_bug.cgi?id=1545232

[ 3 ] Bug #1545249 - CVE-2017-17723 exiv2: heap-based buffer over-read in Exiv2::Image::byteSwap4 in image.cpp

https://bugzilla.redhat.com/show_bug.cgi?id=1545249

su -c 'dnf upgrade --advisory FEDORA-2018-54c29139b3' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TSFVKTLL2TM4AYXVBIQOLXGBD7WXAQU/

Topics%20covered

Topics Covered

security advisory denial of service security update fedora critical exiv2 buffer over-read

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 0.26
Release: 10.fc28
URL: Summary : Exif and Iptc metadata manipulation library

Topics%20covered

Topics Covered

security advisory denial of service security update fedora critical exiv2 buffer over-read

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here