• libexif vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Tue Feb 11 21:10:07 2020
    libexif vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS
    * Ubuntu 14.04 ESM
    * Ubuntu 12.04 ESM

    Summary

    Several security issues were fixed in libexif.

    Software Description

    * libexif - library to parse EXIF files

    Details

    Liu Bingchang discovered that libexif incorrectly handled certain
    files. An attacker could possibly use this issue to access
    sensitive information or cause a denial of service. This issue
    only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04
    LTS. (CVE-2016-6328)

    Lili Xu and Bingchang Liu discovered that libexif incorrectly
    handled certain files. An attacker could possibly use this issue
    to access sensitive information or cause a denial of service. This
    issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu
    16.04 LTS. (CVE-2017-7544)

    It was discovered that libexif incorrectly handled certain files.
    An attacker could possibly use this issue to execute arbitrary
    code. (CVE-2019-9278)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    libexif12 - 0.6.21-5.1ubuntu0.1

    Ubuntu 18.04 LTS
    libexif12 - 0.6.21-4ubuntu0.1

    Ubuntu 16.04 LTS
    libexif12 - 0.6.21-2ubuntu0.1

    Ubuntu 14.04 ESM
    libexif12 - 0.6.21-1ubuntu1+esm1

    Ubuntu 12.04 ESM
    libexif12 - 0.6.20-2ubuntu0.2

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to restart your session to
    effect the necessary changes.

    References

    * CVE-2016-6328
    * CVE-2017-7544
    * CVE-2019-9278

    --- Mystic BBS v1.12 A44 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Wed May 13 20:10:02 2020
    libexif vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS
    * Ubuntu 14.04 ESM
    * Ubuntu 12.04 ESM

    Summary

    Several security issues were fixed in libexif.

    Software Description

    * libexif - library to parse EXIF files

    Details

    It was discovered that libexif incorrectly handled certain tags.
    An attacker could possibly use this issue to cause a denial of
    service. (CVE-2018-20030)

    It was discovered that libexif incorrectly handled certain inputs.
    An attacker could possibly use this issue to cause a crash.
    (CVE-2020-12767)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    libexif12 - 0.6.21-6ubuntu0.1

    Ubuntu 19.10
    libexif12 - 0.6.21-5.1ubuntu0.2

    Ubuntu 18.04 LTS
    libexif12 - 0.6.21-4ubuntu0.2

    Ubuntu 16.04 LTS
    libexif12 - 0.6.21-2ubuntu0.2

    Ubuntu 14.04 ESM
    libexif12 - 0.6.21-1ubuntu1+esm2

    Ubuntu 12.04 ESM
    libexif12 - 0.6.20-2ubuntu0.3

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to restart your session to
    effect the necessary changes.

    References

    * CVE-2018-20030
    * CVE-2020-12767

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Tue Jun 16 16:10:02 2020
    libexif vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS
    * Ubuntu 14.04 ESM
    * Ubuntu 12.04 ESM

    Summary

    Several security issues were fixed in libexif.

    Software Description

    * libexif - library to parse EXIF files

    Details

    It was discovered that libexif incorrectly handled certain inputs.
    An attacker could possibly use this issue to expose sensitive
    information. (CVE-2020-0093, CVE-2020-0182)

    It was discovered that libexif incorrectly handled certain inputs.
    An attacker could possibly use this issue to cause a remote denial
    of service. (CVE-2020-0198)

    It was discovered that libexif incorrectly handled certain inputs.
    An attacker could possibly use this issue to expose sensitive
    information or cause a crash. (CVE-2020-13112)

    It was discovered that libexif incorrectly handled certain inputs.
    An attacker could possibly use this issue to cause a crash.
    (CVE-2020-13113)

    It was discovered libexif incorrectly handled certain inputs. An
    attacker could possibly use this issue to cause a denial of
    service. (CVE-2020-13114)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    libexif12 - 0.6.21-6ubuntu0.3

    Ubuntu 19.10
    libexif12 - 0.6.21-5.1ubuntu0.5

    Ubuntu 18.04 LTS
    libexif12 - 0.6.21-4ubuntu0.5

    Ubuntu 16.04 LTS
    libexif12 - 0.6.21-2ubuntu0.5

    Ubuntu 14.04 ESM
    libexif12 - 0.6.21-1ubuntu1+esm5

    Ubuntu 12.04 ESM
    libexif12 - 0.6.20-2ubuntu0.6

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to restart your session to
    effect the necessary changes.

    References

    * CVE-2020-0093
    * CVE-2020-0182
    * CVE-2020-0198
    * CVE-2020-13112
    * CVE-2020-13113
    * CVE-2020-13114

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)