Advisories

Mandriva Advisories

Package name	libexif
Date	June 8th, 2007
Advisory ID	MDKSA-2007:118
Affected versions	CS3.0, 2007.0, CS4.0, 2007.1
Synopsis	Updated libexif packages fix crash and possible arbitrary code execution issue

Problem Description

Integer overflow in the exif_data_load_data_entry function in
exif-data.c in libexif before 0.6.14 allows user-assisted remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via crafted EXIF data.

Updated packages have been patched to prevent this issue.

Updated Packages

Corporate Server 3.0

 7006c28a35c773a399990c5920093996  corporate/3.0/i586/libexif9-0.5.12-3.2.C30mdk.i586.rpm
 513cc72e7240fec7f445aec15411ecf6  corporate/3.0/i586/libexif9-devel-0.5.12-3.2.C30mdk.i586.rpm 
 aa33d9f4305d33eedb1dcb03e0160340  corporate/3.0/SRPMS/libexif-0.5.12-3.2.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 2ed9200d78941a8e8028d0863edf21ef  corporate/3.0/x86_64/lib64exif9-0.5.12-3.2.C30mdk.x86_64.rpm
 d6782377ec44ed36da7b79e314889298  corporate/3.0/x86_64/lib64exif9-devel-0.5.12-3.2.C30mdk.x86_64.rpm 
 aa33d9f4305d33eedb1dcb03e0160340  corporate/3.0/SRPMS/libexif-0.5.12-3.2.C30mdk.src.rpm

Mandriva Linux 2007

 8de9838c6688aa2502eb58fda312003a  2007.0/i586/libexif12-0.6.13-2.1mdv2007.0.i586.rpm
 580e145204195974bc7c952172c446b3  2007.0/i586/libexif12-devel-0.6.13-2.1mdv2007.0.i586.rpm 
 d844f09d409daecc2389db2676e50873  2007.0/SRPMS/libexif-0.6.13-2.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 3a12325160f97f932e9219204cbc7530  2007.0/x86_64/lib64exif12-0.6.13-2.1mdv2007.0.x86_64.rpm
 923cd72076fad582cf2c4797205f40e9  2007.0/x86_64/lib64exif12-devel-0.6.13-2.1mdv2007.0.x86_64.rpm 
 d844f09d409daecc2389db2676e50873  2007.0/SRPMS/libexif-0.6.13-2.1mdv2007.0.src.rpm

Corporate Server 4.0

 59c79de51e734476082d2e8441b37379  corporate/4.0/i586/libexif12-0.6.12-2.1.20060mlcs4.i586.rpm
 bdd1f9b7048916221b20ef6beca09046  corporate/4.0/i586/libexif12-devel-0.6.12-2.1.20060mlcs4.i586.rpm 
 fb63127c388f24483317139078f311f4  corporate/4.0/SRPMS/libexif-0.6.12-2.1.20060mlcs4.src.rpm

Corporate Server 4.0/X86_64

 b7e02d89a1ecd4b70e581f86d347b0f5  corporate/4.0/x86_64/lib64exif12-0.6.12-2.1.20060mlcs4.x86_64.rpm
 caa2c7e5c2ac078626ae89b1fab07406  corporate/4.0/x86_64/lib64exif12-devel-0.6.12-2.1.20060mlcs4.x86_64.rpm 
 fb63127c388f24483317139078f311f4  corporate/4.0/SRPMS/libexif-0.6.12-2.1.20060mlcs4.src.rpm

Mandriva Linux 2007.1

 72c028dc116ab801193597474a97b5dd  2007.1/i586/libexif12-0.6.13-4.1mdv2007.1.i586.rpm
 1603116edb2e3c2ff7dab21e55918c37  2007.1/i586/libexif12-devel-0.6.13-4.1mdv2007.1.i586.rpm 
 af9f57cbcb05284a5b3b9f40cb9ebfb0  2007.1/SRPMS/libexif-0.6.13-4.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64

 cd26e48c6bb15bad651254f893e73e1f  2007.1/x86_64/lib64exif12-0.6.13-4.1mdv2007.1.x86_64.rpm
 e7b605766d1c4a345d6691a725defc87  2007.1/x86_64/lib64exif12-devel-0.6.13-4.1mdv2007.1.x86_64.rpm 
 af9f57cbcb05284a5b3b9f40cb9ebfb0  2007.1/SRPMS/libexif-0.6.13-4.1mdv2007.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2645

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer