Ubuntu Security Notice 3639-1 - It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to obtain sensitive information.
1fc3fbf597cccf7fd928a85115857acead1223147b3f004234900be8be1ee465
==========================================================================
Ubuntu Security Notice USN-3639-1
May 08, 2018
libraw vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in LibRaw.
Software Description:
- libraw: raw image decoder library
Details:
It was discovered that LibRaw incorrectly handled certain files.
An attacker could possibly use this to execute arbitrary code.
(CVE-2018-10528)
It was discovered that LibRaw incorrectly handled certain files.
An attacker could possibly use this to obtain sensitive information.
(CVE-2018-10529)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libraw16 0.18.8-1ubuntu0.1
Ubuntu 17.10:
libraw16 0.18.2-2ubuntu0.3
Ubuntu 16.04 LTS:
libraw15 0.17.1-1ubuntu0.3
After a standard system update you need to restart your session
to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3639-1
CVE-2018-10528, CVE-2018-10529
Package Information:
https://launchpad.net/ubuntu/+source/libraw/0.18.8-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libraw/0.18.2-2ubuntu0.3
https://launchpad.net/ubuntu/+source/libraw/0.17.1-1ubuntu0.3