Ubuntu Security Notice USN-655-1
14th October, 2008
exiv2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.04 LTS
- Ubuntu 7.10
- Ubuntu 7.04
Software description
- exiv2
Details
Meder Kydyraliev discovered that exiv2 did not correctly handle certain
EXIF headers. If a user or automated system were tricked into processing
a specially crafted image, a remote attacker could cause the application
linked against libexiv2 to crash, leading to a denial of service, or
possibly executing arbitrary code with user privileges. (CVE-2007-6353)
Joakim Bildrulle discovered that exiv2 did not correctly handle Nikon
lens EXIF information. If a user or automated system were tricked into
processing a specially crafted image, a remote attacker could cause the
application linked against libexiv2 to crash, leading to a denial of
service. (CVE-2008-2696)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 8.04 LTS:
- libexiv2-2 0.16-3ubuntu1.1
- Ubuntu 7.10:
- libexiv2-0 0.15-1ubuntu2.1
- Ubuntu 7.04:
- libexiv2-0.12 0.12-0ubuntu2.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart your session to effect
the necessary changes.