Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 17.04: USN-3379-1 High Severity Vulnerability in Shotwell App

ubuntu
Calendar Grey August 7, 2017
Dist Ubuntu Esm H88
Affecting various Ubuntu releases, this notice highlights Shotwell's potential data vulnerability via network access, necessitating a prompt corrective action.
Shotwell could be made to expose sensitive information over the network.

Summary

Shotwell could be made to expose sensitive information over the

network.

Software Description:

- shotwell: digital photo organizer

Details:

It was discovered that Shotwell is vulnerable to an information

disclosure in the web publishing plugins resulting in potential

password and oauth token plaintext transmission.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  shotwell                        0.22.0+git20160108.r1.f2fb1f7-0ubuntu3.1
  shotwell-common                 0.22.0+git20160108.r1.f2fb1f7-0ubuntu3.1

Ubuntu 16.04 LTS:
  shotwell                        0.22.0+git20160108.r1.f2fb1f7-0ubuntu1.1
  shotwell-common                 0.22.0+git20160108.r1.f2fb1f7-0ubuntu1.1

Ubuntu 14.04 LTS:
  shotwell                        0.18.0-0ubuntu4.5
  shotwell-common                 0.18.0-0ubuntu4.5

In general, a standard system update will make all the necessary
changes.

References

 

  CVE-2017-1000024

August 07, 2017

Package Information

  2fb1f7-0ubuntu3.1
  2fb1f7-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/shotwell/0.18.0-0ubuntu4.5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here