========================================================================== Ubuntu Security Notice USN-3700-1 July 03, 2018 exiv2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Exiv2. Software Description: - exiv2: EXIF/IPTC/XMP metadata manipulation tool Details: It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2018-10958, CVE-2018-10998) It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this to access sensitive information. (CVE-2018-10999) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-11531) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to access sensitive information. (CVE-2018-12264, CVE-2018-12265) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: exiv2 0.25-3.1ubuntu0.18.04.1 libexiv2-14 0.25-3.1ubuntu0.18.04.1 Ubuntu 17.10: exiv2 0.25-3.1ubuntu0.17.10.1 libexiv2-14 0.25-3.1ubuntu0.17.10.1 Ubuntu 16.04 LTS: exiv2 0.25-2.1ubuntu16.04.2 libexiv2-14 0.25-2.1ubuntu16.04.2 Ubuntu 14.04 LTS: exiv2 0.23-1ubuntu2.1 libexiv2-12 0.23-1ubuntu2.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3700-1 CVE-2018-10958, CVE-2018-10998, CVE-2018-10999, CVE-2018-11531, CVE-2018-12264, CVE-2018-12265 Package Information: https://launchpad.net/ubuntu/+source/exiv2/0.25-3.1ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/exiv2/0.25-3.1ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/exiv2/0.25-2.1ubuntu16.04.2 https://launchpad.net/ubuntu/+source/exiv2/0.23-1ubuntu2.1