Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 602
Alerts This Week
Warning Icon 1 602

Fedora 31: FEDORA-2019-948e6ebaeb Critical jhead Denial of Service

fedora
Calendar Grey November 30, 2019
Dist Fedora Esm H88
Fedora 31 has upgraded jhead to version 3.04, which resolves CVE-2019-19035 that impacts EXIF data management potentially leading to Denial of Service.
updated to 3.04 (CVE-2019-19035)

Summary

Jhead displays and manipulates the non-image portions of EXIF formatted

JPEG images, such as the images produced by most digital cameras.

updated to 3.04 (CVE-2019-19035)

* Fri Nov 22 2019 Adrian Reber - 3.04-1

- updated to 3.04 (CVE-2019-19035)

[ 1 ] Bug #1775098 - CVE-2019-19035 jhead: heap based over-read in ReadJpegSections and process_SOFn in jpgfile.c leads to denial of service

https://bugzilla.redhat.com/show_bug.cgi?id=1775098

su -c 'dnf upgrade --advisory FEDORA-2019-948e6ebaeb' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 31
Version: 3.04
Release: 1.fc31
Summary: Tool for displaying EXIF data embedded in JPEG images

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.