Home > Security > Advisories

Advisories

Mandriva Advisories

Package name libexif
Date March 31st, 2005
Advisory ID MDKSA-2005:064
Affected versions 10.0, 10.1, CS3.0
Synopsis Updated libexif packages fix vulnerability

Problem Description

A buffer overflow was discovered in the way libexif parses EXIF tags.
An attacker could exploit this by creating a special EXIF image file
which could cause image viewers linked against libexif to crash.

The updated packages have been patched to correct these issues.

Updated Packages

Mandrakelinux 10.0

 7f98f8c823d04b1aec8ec8bf3082e540  10.0/RPMS/libexif9-0.5.12-3.1.100mdk.i586.rpm
784f8431abd3cbda25abc8294682c96b  10.0/RPMS/libexif9-devel-0.5.12-3.1.100mdk.i586.rpm
2423d8e2cc1e3e8c71066d21d17d72a7  10.0/SRPMS/libexif-0.5.12-3.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 8f83a355fabca8f769d1c9dad47d0702  amd64/10.0/RPMS/lib64exif9-0.5.12-3.1.100mdk.amd64.rpm
81d7acb71bd8e37dbc0fe5d9973d4863  amd64/10.0/RPMS/lib64exif9-devel-0.5.12-3.1.100mdk.amd64.rpm
2423d8e2cc1e3e8c71066d21d17d72a7  amd64/10.0/SRPMS/libexif-0.5.12-3.1.100mdk.src.rpm

Mandrakelinux 10.1

 e7c6cba5d064421751f62fe97a27a246  10.1/RPMS/libexif9-0.5.12-3.1.101mdk.i586.rpm
12f5698199b00e594a7b839415fc34ce  10.1/RPMS/libexif9-devel-0.5.12-3.1.101mdk.i586.rpm
d610996df4ade2cd8379ede0246624ba  10.1/SRPMS/libexif-0.5.12-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 62a6bd730ed477e3eaad9cbcc1fafcd7  x86_64/10.1/RPMS/lib64exif9-0.5.12-3.1.101mdk.x86_64.rpm
737f9820611343813338fa5135f7ec2e  x86_64/10.1/RPMS/lib64exif9-devel-0.5.12-3.1.101mdk.x86_64.rpm
d610996df4ade2cd8379ede0246624ba  x86_64/10.1/SRPMS/libexif-0.5.12-3.1.101mdk.src.rpm

Corporate Server 3.0

 1f6db50292973824440d2c5018fda499  corporate/3.0/RPMS/libexif9-0.5.12-3.1.C30mdk.i586.rpm
efa51f02a658c456a1a78f5d72eff888  corporate/3.0/RPMS/libexif9-devel-0.5.12-3.1.C30mdk.i586.rpm
062ba77c9d11fae7e66c9d7c6ba2b4d7  corporate/3.0/SRPMS/libexif-0.5.12-3.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 6372fdf5cf79f247869e5c3087fb8ecf  x86_64/corporate/3.0/RPMS/lib64exif9-0.5.12-3.1.C30mdk.x86_64.rpm
6fc1cb6724795624d8c4569834487039  x86_64/corporate/3.0/RPMS/lib64exif9-devel-0.5.12-3.1.C30mdk.x86_64.rpm
062ba77c9d11fae7e66c9d7c6ba2b4d7  x86_64/corporate/3.0/SRPMS/libexif-0.5.12-3.1.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0664

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.