[SECURITY] [DLA 1691-1] exiv2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
From: Thorsten Alteholz <debian@alteholz.de>
To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1691-1] exiv2 security update
Package : exiv2
Version : 0.24-4.1+deb8u3
CVE ID : CVE-2018-17581 CVE-2018-19107 CVE-2018-19108
CVE-2018-19535 CVE-2018-20097
Several issues have been found in exiv2, a EXIF/IPTC/XMP metadata
manipulation tool.
CVE-2018-17581
A stack overflow due to a recursive function call causing excessive
stack consumption which leads to denial of service.
CVE-2018-19107
A heap based buffer over-read caused by an integer overflow could
result in a denial of service via a crafted file.
CVE-2018-19108
There seems to be an infinite loop inside a function that can be
activated by a crafted image.
CVE-2018-19535
A heap based buffer over-read caused could result in a denial of
service via a crafted file.
CVE-2018-20097
A crafted image could result in a denial of service.
For Debian 8 "Jessie", these problems have been fixed in version
0.24-4.1+deb8u3.
We recommend that you upgrade your exiv2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlx1rO1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd/fQ/+O2W/sm2Ygzl9nXoGCxZ4FHK2batc0Q15L25Xn4OnSmC7vY5HTuJfu1Jb
knoMNnPeeMbVjseaRgAzrBKOecvoXFDNj41WWCi5TRPFwgRxR7c5VOGWz2QAC7If
q1pTSgPWUwjf+3fjKn2AfOdpx1UtuMtAcb2ETkDJ6elw3RFFEBhjXPJ5hU21ZK1B
frbqMceEjhh4hjd0pPiVxZyb21iYlpnZLo3admzYs6JIz7mvwXlcY9Sfc77M1AnR
Iccpr2XuuemLYCUREr1ZotdTeIH+zDXUKpDiGvviVk5WNMK8m7HMODZkY7Rb3cwe
G6WYUecexCwK2J3WugC3IDvwdW+wIve1avhzBWSk/DIkkDMarG8xkCQUAvaKfXVV
YIi7WUqnWXGJ19WczMx1Jh0dM6g7UEubNVyE3j0uzyNcZSqzu/ZPzIqjb/SWsah2
QCyJKuDbQDaWIgneBsniMH0qBwMsPCcHg8tRuV9JG/sc+lJlTjb7hzJaBTzMbjNc
vTEgVa/6u8NYPxhurUeKbz1HX9ypZqwDJ6AaH1Kqd93Z2oTPQBw+npKl5TL8PSIJ
gRA38yV44O6xksJfCuccFEEw6pOuDg1OmiZESYXlSe13KzO7LaqD1YY13LfajhSH
+Afhmlv9ICWiEA5TtuP59+Ku3LVw1aoitGzEwqDShoJinM5KTzY=
=tH8D
-----END PGP SIGNATURE-----
Reply to: