—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1659
libimage-exiftool-perl security update
17 May 2021
===========================================================================
AusCERT Security Bulletin Summary
———————————
Product: libimage-exiftool-perl
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-22204
Reference: ESB-2021.1495
Original Bulletin:
https://www.debian.org/lts/security/2021/dla-2663
– ————————–BEGIN INCLUDED TEXT——————–
– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
– – ———————————————————————–
Debian LTS Advisory DLA-2663-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
May 16, 2021 https://wiki.debian.org/LTS
– – ———————————————————————–
Package : libimage-exiftool-perl
Version : 10.40-1+deb9u1
CVE ID : CVE-2021-22204
Debian Bug : 987505
A vulnerability was discovered in libimage-exiftool-perl, a library
and program to read and write meta information in multimedia files,
which may result in execution of arbitrary code if a malformed DjVu
file is processed.
For Debian 9 stretch, this problem has been fixed in version
10.40-1+deb9u1.
We recommend that you upgrade your libimage-exiftool-perl packages.
For the detailed security status of libimage-exiftool-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libimage-exiftool-perl
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
– —–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmCg6L4ACgkQgj6WdgbD
S5bw7A/8Cft82fHgwsU5ObmJTCXYG8xqtFzZ3AKOP20/WXoKaA2mHuGiB5OptKxv
pIj2Ha/CeWmiwlZ8bjJvwu5Y4wHulVZjChhrqasPEXqxr67Cqbac9Y9a2FvEZoDI
rOTlmmCmUuUczep82g4q5UNMzcS+2B0yIHMkUQ0kZN4zohODTm9R2nXu8Hh9t6vw
rlt5XMqqxrWxvMnsqAi0b5y4OPll8/ccC3gkKNExR4eg/snS241nAfrL/AjdwPua
6aFx3oAKY1YCRwfTWFywqJph8jCD5zRoyOzEKaIZUAbDUH5y84GXabIJZaejQ4ZQ
Y5RmMipOoBZF6SzMqCNfq+Uhyu/ljd3AHH92nwOPj6Tl0CKAop5BYVFvMzdmD08T
PcZE4mY+yaFwZIYeG1DiANQ7RV48I+fD3Dy05JyTEFFEO9Aocn/y/zhya6DEREua
QDElouSQijNjFvO1ND6JR1O994TOoJjKorczcvBzDURuzwtg30iLOJaOfBh8bGSX
CDyhCu4x5c6NviO02V5stQE6J9G42HY4BD8yBHvKa7/Vb0z/JMk3ezZMzHd2n/ve
QI/m7CeL2G4ITJYhEkNvt2jKY/UjSnAlZgrp+2UL2xMsa/1xdU0sTaNlkAcyUWkr
DJRkL5HJj6f66YxVr6PutYFC2tW+V+efr6jkxl5EcdFNODGwqXQ=
=zCiR
– —–END PGP SIGNATURE—–
– ————————–END INCLUDED TEXT——————–
You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYKGq6ONLKJtyKPYoAQjZJQ//VfoL38k7KT5Jvzwcpmn8YEmrlFAWh8Vh
Xg61IgzLhmCOPPY+tLi3W+DlqlxV6EutoESaxGcE3wIutJfFKxVt4D+n2Q2h0vju
yVFYNeSmEENSF60T5u1pNMZ6S+yHTgk88SBSaYMph6O4RkNfoo4VWKgEjle7Yxsj
hRoExJ0DWfzTN7c74S1TPsh3Q/1gEBN7eZGUXsH/DoztlKzBZKXBaWQ+HFVT7mEh
TolLjllISD1QFTn1vqel4NiKhv2e/aYmz35jcss1i5u1WqXdszwDOaa7rmWjYx9J
cXBBy8+n4mR26IZwV58V/qll/cUQ/oZlFeEytAS6+w9civqx+DnMfH9KdjJF5wYs
PB9uxZKZfuO06rdRsnWSeLBHXDfUlkuWYvyleuLWBUVyybhG/adnp+fteyUDlAuz
gqZB8G+r7ouCEzqCtv62U85O+16be951EF7TKi/Vdhqa6OESVSdumulKK/OX3+XZ
tgYkWGS7+610xym7P1QXlBkxalSPDMiPqUGiQkzmhFVcMvkEmxfjWk9fCcJSHQCk
eX1AK2iY24nLyUAAt4+R0PKoMO+kESxXm0F8uFS009ztOOg3KwzvrfOse9R6Cw2u
4M6iOho6Jf6xH8BXWnUNGc7U6+ULqY0wIg59YOyxIHMB/Ho+108UiB1dBQ9qeetD
lri34djWu8g=
=xfoS
—–END PGP SIGNATURE—–
The post ESB-2021.1659 – [Debian] libimage-exiftool-perl: Execute arbitrary code/commands – Existing account appeared first on Malware Devil.
https://malwaredevil.com/2021/05/17/esb-2021-1659-debian-libimage-exiftool-perl-execute-arbitrary-code-commands-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1659-debian-libimage-exiftool-perl-execute-arbitrary-code-commands-existing-account
No comments:
Post a Comment