USN-655-1: exiv2 vulnerabilities

15 October 2008

exiv2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.04 LTS
  • Ubuntu 7.10
  • Ubuntu 7.04

Software Description

  • exiv2

Details

Meder Kydyraliev discovered that exiv2 did not correctly handle certain EXIF headers. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service, or possibly executing arbitrary code with user privileges. (CVE-2007-6353)

Joakim Bildrulle discovered that exiv2 did not correctly handle Nikon lens EXIF information. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service. (CVE-2008-2696)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.04 LTS
libexiv2-2 - 0.16-3ubuntu1.1
Ubuntu 7.10
libexiv2-0 - 0.15-1ubuntu2.1
Ubuntu 7.04
libexiv2-0.12 - 0.12-0ubuntu2.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart your session to effect the necessary changes.

References