USN-4964-1: Exiv2 vulnerabilities

Releases

• Ubuntu 21.04
• Ubuntu 20.10
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM

Packages

• exiv2 - EXIF/IPTC/XMP metadata manipulation tool

Details

It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04.
(CVE-2021-29463)

It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04.
(CVE-2021-29464)

It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-29473, CVE-2021-32617)

It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04.
(CVE-2021-29623)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.04

• exiv2 - 0.27.3-3ubuntu1.3
• libexiv2-27 - 0.27.3-3ubuntu1.3

Ubuntu 20.10

• exiv2 - 0.27.3-3ubuntu0.4
• libexiv2-27 - 0.27.3-3ubuntu0.4

Ubuntu 20.04

• exiv2 - 0.27.2-8ubuntu2.4
• libexiv2-27 - 0.27.2-8ubuntu2.4

Ubuntu 18.04

• exiv2 - 0.25-3.1ubuntu0.18.04.9
• libexiv2-14 - 0.25-3.1ubuntu0.18.04.9

Ubuntu 16.04

• exiv2 - 0.25-2.1ubuntu16.04.7+esm2
  Available with Ubuntu Pro
• libexiv2-14 - 0.25-2.1ubuntu16.04.7+esm2
  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

• CVE-2021-29464
• CVE-2021-29463
• CVE-2021-32617
• CVE-2021-29623
• CVE-2021-29473