Tuesday, May 6, 2025

[USN-7485-1] LibRaw vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmgaA3YFAwAAAAAACgkQuGrtzot7pOcL
jAv+L8K0bewLKQ2vCEKNnYGQ7sKHaJY72Khn9q+eXCKK1sPbrE0fdEPok2WXWKb8XpiOuX0WhGd2
8H8NUSQ/2SpNmJyJJcCleUBLz3UXUqWMw/mNI8tWsHT8UeI15ddtJo1uLBb4MRR30Zm3LBCnPlzQ
GmX9xpSDKvT0hRKxowv5cM6iP1QyquBjuAweEqMJcHXyjlNN3vXHLTO2rdkkz96WYwrvhTPz2MhA
4m0ZrM/g5im5anJco7+sbg7gU4DTd8sMeNY80vtnp0kGsGONmqG1UR5wYXxflNVN1RjD6VHpDrN8
lJndpzbwZafT/Bw0kZUbBMg0VqA1rwaHH3EbMOW88qIZuQt/SnSub58C4Ozeux3oQVqRb8t/88GQ
GOjC6JRW2858O6m7k4rHePLq70O213BjZW1iVWDQOrfXSvHWdQdMdeFPPzRc9avvJjU0nIetNyBx
+Nkb/PGKh5Mq+kHiBFsQAWi6sYiRE4BJwUAhBz4lUR6CgmJh19CHh7drexfU
=Fap+
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7485-1
May 06, 2025

libraw vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

LibRaw could be made to crash if it received specially crafted input.

Software Description:
- libraw: raw image decoder library

Details:

It was discovered that LibRaw could be made to read out of bounds. An
attacker could possibly use this issue to cause applications using LibRaw
to crash, resulting in a denial of service. (CVE-2025-43961,
CVE-2025-43962, CVE-2025-43963, CVE-2025-43964)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  libraw-bin                      0.21.3-1ubuntu0.25.04.1
  libraw23t64                     0.21.3-1ubuntu0.25.04.1

Ubuntu 24.10
  libraw-bin                      0.21.2-2.1ubuntu0.24.10.1
  libraw23t64                     0.21.2-2.1ubuntu0.24.10.1

Ubuntu 24.04 LTS
  libraw-bin                      0.21.2-2.1ubuntu0.24.04.1
  libraw23t64                     0.21.2-2.1ubuntu0.24.04.1

Ubuntu 22.04 LTS
  libraw-bin                      0.20.2-2ubuntu2.22.04.2
  libraw20                        0.20.2-2ubuntu2.22.04.2

Ubuntu 20.04 LTS
  libraw-bin                      0.19.5-1ubuntu1.4
  libraw19                        0.19.5-1ubuntu1.4

Ubuntu 18.04 LTS
  libraw-bin                      0.18.8-1ubuntu0.4+esm1
                                  Available with Ubuntu Pro
  libraw16                        0.18.8-1ubuntu0.4+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libraw-bin                      0.17.1-1ubuntu0.5+esm1
                                  Available with Ubuntu Pro
  libraw15                        0.17.1-1ubuntu0.5+esm1
                                  Available with Ubuntu Pro

After a standard system update you need to restart your session to make all
the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7485-1
  CVE-2025-43961, CVE-2025-43962, CVE-2025-43963, CVE-2025-43964

Package Information:
https://launchpad.net/ubuntu/+source/libraw/0.21.3-1ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/libraw/0.21.2-2.1ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/libraw/0.21.2-2.1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/libraw/0.20.2-2ubuntu2.22.04.2
  https://launchpad.net/ubuntu/+source/libraw/0.19.5-1ubuntu1.4

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)