[SECURITY] [DLA 1147-1] exiv2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : exiv2
Version : 0.23-1+deb7u2
CVE ID : CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862
CVE-2017-14864
Debian Bug : 876893
The exiv2 library is vulnerable to multiple issues that can all lead
to denial of service of the applications relying on the library to parse
images' metadata.
CVE-2017-11591
Denial of service via floating point exception in
the Exiv2::ValueType function.
CVE-2017-11683
Denial of service through failing assertion triggered by
crafted image.
CVE-2017-14859 / CVE-2017-14862 / CVE-2017-14864
Denial of service through invalid memory access triggered by a crafted
image.
For Debian 7 "Wheezy", these problems have been fixed in version
0.23-1+deb7u2.
We recommend that you upgrade your exiv2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
-----BEGIN PGP SIGNATURE-----
Comment: Signed by Raphael Hertzog
iQEzBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAlnyFMkACgkQA4gdq+vC
mrmRmQf/R3pDU+VnZFfaWgOcGRBfwDo/WxgnhfKwvwmcihnvTp2Yt5ojwnhXS83+
BGawVQhw0w66xlkDouHV2nHBUojD2UGlIwGS7XkTaiOz4GB7wO7HNQBnNojaM2sh
5ulqACieZ88qwG2LxwurLOFJdGTfKZoQj3Z8r6WzHv/i15sgMsvsQ3QPEh4pxn/a
oXeHHFA5ESQ7eaR7/OHmICjwpju1HOHhCSWRL+ca5SebMYPCb0FZ3OnylWqfXTBl
8dZG8jgptWm+DpbzzZyt64Lj4VyCpEIohIyw4lBUIrGqZlZUPXnUapMW5Z17uDw/
GA51Co1dK4F/jDPiyhQewpP0/b4MvA==
=XU66
-----END PGP SIGNATURE-----
Reply to: