Tuesday, January 27, 2015

Exiv2 Vulnerability Closed in Ubuntu 14.10

Canonical has published details in a security notice about an Exiv2 vulnerability in Ubuntu 14.10 (Utopic Unicorn) that has been found and corrected. This is not a major issue, but users should upgrade nonetheless.



Canonical has published details in a security notice about an Exiv2 vulnerability in Ubuntu 14.10 (Utopic Unicorn) that has been found and corrected. This is not a major issue, but users should upgrade nonetheless.
A number of problems were corrected in the past week or so and this latest Exiv2 problem is just one of them. From the looks of it, Exiv2 (EXIF/IPTC metadata manipulation tool) could have been made to crash under certain conditions.

"It was discovered that Exiv2 incorrectly handled certain tag values in video files. If a user or automated system were tricked into opening a specially-crafted video file, a remote attacker could cause Exiv2 to crash, resulting in a denial of service," reads the security notice.

For a more detailed description of the problems, you can see Canonical's securitynotification. The problem can be corrected if you upgrade your system(s) to the latest libexiv2-13 package. To apply the patch, you can simply run the Update Manager application, but you can also use the terminal if you don't like the provided GUI interface. Open a terminal and enter the following commands (you will need to be root):



Via http://linux.softpedia.com/

No comments:

Post a Comment