ELA-747-1 libraw security update

Debian 9894 Published by

A libraw security update security update has been released for Debian GNU/Linux 9 Extended LTS to address multiple security issues.



ELA-747-1 libraw security update

Package : libraw
Version : 0.17.2-6+deb9u4 (stretch)

Related CVEs :
CVE-2017-16909
CVE-2020-15503

This update fixes two more memory access violations. CVE-2017-16909 was
reported as fixed via DLA-2903-1 earlier, but that update really fixed
CVE-2017-16910.
CVE-2017-16909
An error related to the "LibRaw::panasonic_load_raw()" function
(dcraw_common.cpp) can be exploited to cause a heap-based buffer
overflow and subsequently cause a crash via a specially crafted
TIFF image.

CVE-2020-15503
LibRaw lacks a thumbnail size range check. This affects
decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and
utils/thumb_utils.cpp. For example,
malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without
validating T.tlength.

  ELA-747-1 libraw security update

USN-5743-2: LibTIFF vulnerability

tvOS 16.2 Beta 4 released

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...