GNOME security, bug fix, and enhancement update

dleyna-renderer 0.6.0-3 - Add a manual Resolves: 1612579 frei0r-plugins 1.6.1-7 - Rebuild with newer annobin to fix rpmdiff problems - Fix the build with a newer opencv - Resolves: rhbz1703994 gdm 3.28.3-34 - Fix file descriptor leak Resolves: 1877853 3.28.3-33 - Fix problem with Xorg fallback...

Moderate: Red Hat Security Advisory: GNOME security, bug fix, and enhancement update

An update for GNOME is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

LibRaw: lack of thumbnail size range check can lead to buffer overflow

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength occurs without validating T.tlength...

RHEL 8 : GNOME (RHSA-2020:4451)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4451 advisory. GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version:...

RLSA-2020:4451 Moderate: GNOME security, bug fix, and enhancement update

GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop 0.1.8, pipewire 0.3.6, vte291 0.52.4, webkit2gtk3 2.28.4, xdg-desktop-portal 1.6.0, xdg-desktop-portal-gtk 1.6.0. BZ1775345, BZ1779691, BZ1817143,...

ALSA-2020:4451 Moderate: GNOME security, bug fix, and enhancement update

GNOME is the default desktop environment of AlmaLinux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop 0.1.8, pipewire 0.3.6, vte291 0.52.4, webkit2gtk3 2.28.4, xdg-desktop-portal 1.6.0, xdg-desktop-portal-gtk 1.6.0. BZ1775345, BZ1779691, BZ1817143,...

GLSA-202010-05 : LibRaw: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202010-05 LibRaw: Multiple vulnerabilities Multiple vulnerabilities have been discovered in LibRaw. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially...

LibRaw: Multiple vulnerabilities

Background LibRaw is a library for reading RAW files obtained from digital photo cameras. Description Multiple vulnerabilities have been discovered in LibRaw. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted...

OSV-2020-1992 Use-of-uninitialized-value in LibRaw::ljpeg_diff

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26184 Crash type: Use-of-uninitialized-value Crash state: LibRaw::ljpegdiff LibRaw::pentaxloadraw LibRaw::unpack...

Fedora 33 : LibRaw (2020-2d9d628dd2)

Patch for CVE-2020-24890 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Securit...

imagemagick:enhance_fuzzer: Use-of-uninitialized-value in LibRaw::ljpeg_diff

Detailed Report: https://oss-fuzz.com/testcase?key=4761222404374528 Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: enhancefuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: LibRaw::ljpegdiff...

[SECURITY] Fedora 33 Update: LibRaw-0.20.0-3.fc33

LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. LibRaw is based on the source codes of the dcraw utility, where part of drawbacks have already been eliminated and part will be fixed in future...

Fedora: Security Advisory for LibRaw (FEDORA-2020-2d9d628dd2)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-24890

libraw 20.0 has a null pointer dereference vulnerability in parsetiffifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way...

CVE-2020-24889

A buffer overflow vulnerability in LibRaw version 20.0 LibRaw::GetNormalizedModel in src/metadata/normalizemodel.cpp may lead to context-dependent arbitrary code execution...

MGASA-2020-0368 Updated libraw packages fix a security vulnerability

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength occurs without validating T.tlength. CVE-2020-15503...

Updated libraw packages fix a security vulnerability

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength occurs without validating T.tlength. CVE-2020-15503...

LibRaw Buffer Overflow Vulnerability (CNVD-2020-59710)

LibRaw is a C++ library from the LibRaw team for processing RAW CRW/CR2, NEF, RAF, DNG, andothers format images. A buffer overflow vulnerability exists in LibRaw versions prior to 20.0. The vulnerability originates from LibRaw:: GetNormalizedModel in src/metadata/normalizemodel.cpp. An attacker c...

LibRaw Null Pointer Dereference Vulnerability

libraw is a C++ library for processing RAWCRW/CR2,NEF,RAF,DNG,andothers format images, supporting various operating systems. A code issue vulnerability exists in LibRaw version 20.0, which originates from a null pointer dereference cpp in parsetiffifd of src/metadata/tiff, which can be exploited ...

CVE-2020-24890

libraw 20.0 has a null pointer dereference vulnerability in parsetiffifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way...