Canonical has published details in a security notice about an Exiv2 vulnerability in Ubuntu 14.10 (Utopic Unicorn) that has been found and corrected. This is not a major issue, but users should upgrade nonetheless.A number of problems were corrected in the past week or so and this latest Exiv2 problem is just one of them. From the looks of it, Exiv2 (EXIF/IPTC metadata manipulation tool) could have been made to crash under certain conditions.
"It was discovered that Exiv2 incorrectly handled certain tag values in video files. If a user or automated system were tricked into opening a specially-crafted video file, a remote attacker could cause Exiv2 to crash, resulting in a denial of service," reads the security notice.
For a more detailed description of the problems, you can see Canonical's securitynotification. The problem can be corrected if you upgrade your system(s) to the latest libexiv2-13 package. To apply the patch, you can simply run the Update Manager application, but you can also use the terminal if you don't like the provided GUI interface. Open a terminal and enter the following commands (you will need to be root):
Post a Comment