Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

Ubuntu 23.04 USN-6110-1 Critical: Jhead Denial Of Service

ubuntu
Calendar Grey May 29, 2023
Dist Ubuntu Esm H88
Security flaws identified in Jhead could result in system instability, posing a threat of service interruption on various Ubuntu releases. Prompt update recommended.
Jhead could be made to crash if it opened a specially crafted file.

Summary

Jhead could be made to crash if it opened a specially crafted

file.

Software Description:

- jhead: Manipulate the non-image part of Exif compliant JPEG files

Details:

It was discovered that Jhead did not properly handle certain crafted Canon

images when processing them. An attacker could possibly use this issue to

crash Jhead, resulting in a denial of service. (CVE-2021-3496)

It was discovered that Jhead did not properly handle certain crafted images

when printing Canon-specific information. An attacker could possibly use this

issue to crash Jhead, resulting in a denial of service. (CVE-2021-28275)

It was discovered that Jhead did not properly handle certain crafted images

when removing unknown sections. An attacker could possibly use this issue to

crash Jhead, resulting in a denial of service. (CVE-2021-28275)

Kyle Brown discovered that Jhead did not properly handle certain crafted

images when editing their comments. An attacker could possibly use this ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
   jhead                           1:3.06.0.1-6ubuntu0.23.04.1

Ubuntu 22.10:
   jhead                           1:3.06.0.1-2ubuntu0.22.10.2

Ubuntu 22.04 LTS (Available with Ubuntu Pro):
   jhead                           1:3.06.0.1-2ubuntu0.22.04.1+esm1

Ubuntu 20.04 LTS (Available with Ubuntu Pro):
   jhead                           1:3.04-1ubuntu0.2+esm1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   jhead                           1:3.00-8~ubuntu0.2+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   jhead                           1:3.00-4+deb9u1ubuntu0.1~esm3

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
   jhead                           1:2.97-1+deb8u2ubuntu0.1~esm3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6110-1

CVE-2021-28275, CVE-2021-28277, CVE-2021-3496, https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/2020068

Severity
critical
Lowest
Low
Medium
High
Critical

May 29, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.