[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1147-1] exiv2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : exiv2
Version        : 0.23-1+deb7u2
CVE ID         : CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 
                 CVE-2017-14864
Debian Bug     : 876893

The exiv2 library is vulnerable to multiple issues that can all lead
to denial of service of the applications relying on the library to parse
images' metadata.

CVE-2017-11591

    Denial of service via floating point exception in
    the Exiv2::ValueType function.

CVE-2017-11683

    Denial of service through failing assertion triggered by
    crafted image.

CVE-2017-14859 / CVE-2017-14862 / CVE-2017-14864

    Denial of service through invalid memory access triggered by a crafted
    image.

For Debian 7 "Wheezy", these problems have been fixed in version
0.23-1+deb7u2.

We recommend that you upgrade your exiv2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
-----BEGIN PGP SIGNATURE-----
Comment: Signed by Raphael Hertzog

iQEzBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAlnyFMkACgkQA4gdq+vC
mrmRmQf/R3pDU+VnZFfaWgOcGRBfwDo/WxgnhfKwvwmcihnvTp2Yt5ojwnhXS83+
BGawVQhw0w66xlkDouHV2nHBUojD2UGlIwGS7XkTaiOz4GB7wO7HNQBnNojaM2sh
5ulqACieZ88qwG2LxwurLOFJdGTfKZoQj3Z8r6WzHv/i15sgMsvsQ3QPEh4pxn/a
oXeHHFA5ESQ7eaR7/OHmICjwpju1HOHhCSWRL+ca5SebMYPCb0FZ3OnylWqfXTBl
8dZG8jgptWm+DpbzzZyt64Lj4VyCpEIohIyw4lBUIrGqZlZUPXnUapMW5Z17uDw/
GA51Co1dK4F/jDPiyhQewpP0/b4MvA==
=XU66
-----END PGP SIGNATURE-----


Reply to: