GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Sep 15, 2013 7:26 am Post subject: [ GLSA 201309-09 ] LibRaw, libkdcraw: Multiple vulnerabiliti |
|
|
Gentoo Linux Security Advisory
Title: LibRaw, libkdcraw: Multiple vulnerabilities (GLSA 201309-09)
Severity: normal
Exploitable: remote
Date: September 15, 2013
Bug(s): #471694, #482926
ID: 201309-09
Synopsis
Multiple vulnerabilities have been found in LibRaw and libkdcraw,
the worst of which may lead to arbitrary code execution.
Background
LibRaw is a library for reading RAW files obtained from digital photo
cameras. libkdcraw is a wrapper for LibRaw within KDE.
Affected Packages
Package: media-libs/libraw
Vulnerable: < 0.15.4
Unaffected: >= 0.15.4
Architectures: All supported architectures
Package: kde-base/libkdcraw
Vulnerable: < 4.10.5-r1
Unaffected: >= 4.10.5-r1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in LibRaw and libkdcraw.
Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to open a specially crafted file,
possibly resulting in arbitrary code execution or Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All LibRaw users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libraw-0.15.4"
| All libkdcraw users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/libkdcraw-4.10.5-r1"
|
References
CVE-2013-1438
CVE-2013-1439
CVE-2013-2126
CVE-2013-2127
Last edited by GLSA on Mon Dec 02, 2013 4:31 am; edited 2 times in total |
|