============================================================================ Ubuntu Security Notice USN-1513-1 July 23, 2012 libexif vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: libexif could be made to crash, run programs as your login, or expose sensitive information if it opened a specially crafted file. Software Description: - libexif: library to parse EXIF files Details: Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information. (CVE-2012-2812, CVE-2012-2813) Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2012-2814) Yunho Kim discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information. (CVE-2012-2836) Yunho Kim discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service. (CVE-2012-2837) Dan Fandrich discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2012-2840, CVE-2012-2841) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libexif12 0.6.20-2ubuntu0.1 Ubuntu 11.10: libexif12 0.6.20-1ubuntu0.1 Ubuntu 11.04: libexif12 0.6.20-0ubuntu1.1 Ubuntu 10.04 LTS: libexif12 0.6.19-1ubuntu0.1 Ubuntu 8.04 LTS: libexif12 0.6.16-2.1ubuntu0.2 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1513-1 CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841 Package Information: https://launchpad.net/ubuntu/+source/libexif/0.6.20-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libexif/0.6.20-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libexif/0.6.20-0ubuntu1.1 https://launchpad.net/ubuntu/+source/libexif/0.6.19-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libexif/0.6.16-2.1ubuntu0.2