Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Ubuntu 18.04 LTS: USN-3639-1 Critical: LibRaw Code Execution Risk

Calendar May 08, 2018 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory information leak code execution ubuntu libraw
Several security issues were fixed in LibRaw. 
=========================================================================Ubuntu Security Notice USN-3639-1
May 08, 2018

libraw vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in LibRaw.

Software Description:
- libraw: raw image decoder library

Details:

It was discovered that LibRaw incorrectly handled certain files.
An attacker could possibly use this to execute arbitrary code.
(CVE-2018-10528)

It was discovered that LibRaw incorrectly handled certain files.
An attacker could possibly use this to obtain sensitive information.
(CVE-2018-10529)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libraw16                        0.18.8-1ubuntu0.1

Ubuntu 17.10:
  libraw16                        0.18.2-2ubuntu0.3

Ubuntu 16.04 LTS:
  libraw15                        0.17.1-1ubuntu0.3

After a standard system update you need to restart your session
to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3639-1
  CVE-2018-10528, CVE-2018-10529

Package Information:
  https://launchpad.net/ubuntu/+source/libraw/0.18.8-1ubuntu0.1
  
  https://launchpad.net/ubuntu/+source/libraw/0.17.1-1ubuntu0.3

Ubuntu 18.04 LTS: USN-3639-1 Critical: LibRaw Code Execution Risk

ubuntu
Calendar Grey May 8, 2018
Dist Ubuntu Esm H88
Uncover vulnerabilities patched in Ubuntu libraw impacting several LTS editions. Upgrade for enhanced safety.
Several security issues were fixed in LibRaw.

Summary

Topics%20covered

Topics Covered

security advisory information leak code execution ubuntu libraw

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS:   libraw16                        0.18.8-1ubuntu0.1 Ubuntu 17.10:   libraw16                        0.18.2-2ubuntu0.3 Ubuntu 16.04 LTS:   libraw15                        0.17.1-1ubuntu0.3 After a standard system update you need to restart your session to make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3639-1

  CVE-2018-10528, CVE-2018-10529

Severity
critical
Lowest
Low
Medium
High
Critical

May 08, 2018

Topics%20covered

Topics Covered

security advisory information leak code execution ubuntu libraw

Package Information

  https://launchpad.net/ubuntu/+source/libraw/0.18.8-1ubuntu0.1     https://launchpad.net/ubuntu/+source/libraw/0.17.1-1ubuntu0.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here