Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-655-1: exiv2 vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-655-1: exiv2 vulnerabilities
# 1  
Old 10-14-2008
USN-655-1: exiv2 vulnerabilities
Referenced CVEs:
CVE-2007-6353, CVE-2008-2696


Description:
=========================================================== Ubuntu Security Notice USN-655-1 October 15, 2008 exiv2 vulnerabilities CVE-2007-6353, CVE-2008-2696 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: libexiv2-0.12 0.12-0ubuntu2.1 Ubuntu 7.10: libexiv2-0 0.15-1ubuntu2.1 Ubuntu 8.04 LTS: libexiv2-2 0.16-3ubuntu1.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: Meder Kydyraliev discovered that exiv2 did not correctly handle certain EXIF headers. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service, or possibly executing arbitrary code with user privileges. (CVE-2007-6353) Joakim Bildrulle discovered that exiv2 did not correctly handle Nikon lens EXIF information. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service. (CVE-2008-2696)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT MOJAVE

irb

IRB(1)							 Ruby Programmer's Reference Guide						    IRB(1)

NAME

     irb -- Interactive Ruby Shell

SYNOPSIS

     irb [--version] [-dfm] [-I directory] [-r library] [--[no]inspect] [--[no]readline] [--prompt mode] [--prompt-mode mode] [--inf-ruby-mode]
	 [--simple-prompt] [--noprompt] [--tracer] [--back-trace-limit n] [--irb_debug n] [--] [program_file] [argument ...]

DESCRIPTION

     irb is the REPL(read-eval-print loop) environment for Ruby programs.

OPTIONS

     --version	    Prints the version of irb.

     -E external[:internal]
     --encoding external[:internal]
		    Same as `ruby -E' .  Specifies the default value(s) for external encodings and internal encoding. Values should be separated
		    with colon (:).

		    You can omit the one for internal encodings, then the value (Encoding.default_internal) will be nil.

     -I path	    Same as `ruby -I' .  Specifies $LOAD_PATH directory

     -U 	    Same as `ruby -U' .  Sets the default value for internal encodings (Encoding.default_internal) to UTF-8.

     -d 	    Same as `ruby -d' .  Sets $DEBUG to true.

     -f 	    Suppresses read of ~/.irbrc.

     -h
     --help	    Prints a summary of the options.

     -m 	    Bc mode (load mathn, fraction or matrix are available)

     -r library     Same as `ruby -r'.	Causes irb to load the library using require.

     --inspect	    Uses `inspect' for output (default except for bc mode)

     --noinspect    Doesn't use inspect for output

     --readline     Uses Readline extension module.

     --noreadline   Doesn't use Readline extension module.

     --prompt mode
     --prompt-mode mode
		    Switch prompt mode. Pre-defined prompt modes are `default', `simple', `xmp' and `inf-ruby'.

     --inf-ruby-mode
		    Uses prompt appropriate for inf-ruby-mode on emacs.  Suppresses --readline.

     --simple-prompt
		    Makes prompts simple.

     --noprompt     No prompt mode.

     --tracer	    Displays trace for each execution of commands.

     --back-trace-limit n
		    Displays backtrace top n and tail n.  The default value is 16.

     --irb_debug n  Sets internal debug level to n (not for popular use)

ENVIRONMENT

     IRBRC

     Also irb depends on same variables as ruby(1).

FILES

     ~/.irbrc			       Personal irb initialization.

EXAMPLES

	   % irb
	   irb(main):001:0> 1 + 1
	   2
	   irb(main):002:0> def t(x)
	   irb(main):003:1> x+1
	   irb(main):004:1> end
	   => nil
	   irb(main):005:0> t(3)
	   => 4
	   irb(main):006:0> if t(3) == 4
	   irb(main):007:1> p :ok
	   irb(main):008:1> end
	   :ok
	   => :ok
	   irb(main):009:0> quit
	   %

SEE ALSO

     ruby(1).

REPORTING BUGS

     o	 Security vulnerabilities should be reported via an email to security@ruby-lang.org.  Reported problems will be published after being
	 fixed.

     o	 Other bugs and feature requests can be reported via the Ruby Issue Tracking System (http://bugs.ruby-lang.org).  Do not report security
	 vulnerabilities via this system because it publishes the vulnerabilities immediately.

AUTHORS

     Written by Keiju ISHITSUKA.

UNIX
								 November 15, 2012							      UNIX