FEDORA-2018-fc9c5969b4 — security update for exiv2

stable

exiv2-0.26-10.fc27

FEDORA-2018-fc9c5969b4 created by rdieter 7 years ago for Fedora 27

Security update for CVE-2017-17723, CVE-2017-17725, CVE-2018-5772

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-fc9c5969b4

This update has been submitted for testing by rdieter.

7 years ago

This update has been pushed to testing.

7 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

7 years ago

This update has been submitted for batched by rdieter.

7 years ago

This update has been submitted for stable by bodhi.

7 years ago

This update has been pushed to stable.

7 years ago

Please log in to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-5

Stable by Karma

disabled

Stable by Time

disabled

Dates

submitted

7 years ago

in testing

7 years ago

in stable

7 years ago

Builds

exiv2-0.26-10.fc27

BZ#1536904 CVE-2018-5772 exiv2: Uncontrolled recursion in image.cpp:Exiv2::Image::printIFDStructure() can allow a remote attacker to cause a denial of service via a crafted tif file

BZ#1536905 CVE-2018-5772 exiv2: Uncontrolled recursion in image.cpp:Exiv2::Image::printIFDStructure() can allow a remote attacker to cause a denial of service via a crafted tif file [fedora-all]

BZ#1545232 CVE-2017-17725 exiv2: heap-based buffer over-read in Exiv2::getULong function in types.cpp

BZ#1545233 CVE-2017-17725 exiv2: heap-based buffer over-read in Exiv2::getULong function in types.cpp [fedora-all]

BZ#1545249 CVE-2017-17723 exiv2: heap-based buffer over-read in Exiv2::Image::byteSwap4 in image.cpp

BZ#1545250 CVE-2017-17723 exiv2: heap-based buffer over-read in Exiv2::Image::byteSwap4 in image.cpp [fedora-all]

exiv2-0.26-10.fc27

Automated Test Results

ignored