[SECURITY] [DLA 2249-1] libexif security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : libexif
Version : 0.6.21-2+deb8u4
CVE ID : CVE-2020-0182 CVE-2020-0198
Debian Bug : 962345
The following CVE(s) were reported against src:libexif.
CVE-2020-0182
In exif_entry_get_value of exif-entry.c, there is a possible
out of bounds read due to a missing bounds check. This could
lead to local information disclosure with no additional execution
privileges needed. User interaction is not needed for
exploitation.
CVE-2020-0198
In exif_data_load_data_content of exif-data.c, there is a
possible UBSAN abort due to an integer overflow. This could lead
to remote denial of service with no additional execution
privileges needed. User interaction is needed for exploitation.
For Debian 8 "Jessie", these problems have been fixed in version
0.6.21-2+deb8u4.
We recommend that you upgrade your libexif packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl7k+pgACgkQgj6WdgbD
S5ZGmhAAyqJ8nCcR0CqNGRSnSdytQ9BhK/YOv1tmubkaLwBMaQtNOfxYby39b4CR
gvDcXNc7wpn7gKkMfPsFlzYHINiFJz5wBKMM0gwzgh0kX8UHOvcqMwWTRLgMb8K0
CqKF/zx2gZfl4AhvfmFvwzTXdXTEMYM1Dn9A/PUvyFa1Juz/Dga5toeD7+/vESa/
ZBDQKgMd6QG2e5vMNPcH7atVzd97qzbGwcQgh6uz+WSUNzQCte8x8tYgn6tAaCed
aB19lk12ZlogFqfvMtHFNzKLK279AbHCbHsyntzGXMNTuvdC1uMDewWm8zzwbxce
cPoorJI73STZkEYsKlsfx6A+Va/n6NT+kma3g6QW20HAYHrhM5mhhkg3LmRBaYpN
shkd5PsLbyc4lPyoJU7EHBqhqLaP+gxbuFbsRpFIBkkucSLIdusnzKZzx5bolpCT
CMzINV8yBs+krW+zWyMKQPxFAR1ogKw2MQ1jgkei7L74T3u1Dwx+zlG0x1Yva0RY
YWT3OCeIGwHRLIaBbmJlbVLNw4qtRF+p6DQCtcfpCwIgZI9Y2jjlYSbTSCAD4afa
CVGzmIJNUacqMoHvWXoPD/0Q/VztteY6Evssv9urcrBSZ7QDItauNkNuYQi9zXGw
85XTZaFByLhPSkwddPUbCpHVYON/PMXelsv/+83O5+L9m6e4JLQ=
=Cx04
-----END PGP SIGNATURE-----
Reply to: