Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in libexif
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in libexif
ID: MDKSA-2005:064
Distribution: Mandrake
Plattformen: Mandrake 10.0, Mandrake 10.1, Mandrake Corporate Server 3.0
Datum: Fr, 1. April 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0664
Applikationen: libexif

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: libexif
Advisory ID: MDKSA-2005:064
Date: March 31st, 2005

Affected versions: 10.0, 10.1, Corporate 3.0
______________________________________________________________________

Problem Description:

A buffer overflow was discovered in the way libexif parses EXIF tags.
An attacker could exploit this by creating a special EXIF image file
which could cause image viewers linked against libexif to crash.

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0664
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
7f98f8c823d04b1aec8ec8bf3082e540
10.0/RPMS/libexif9-0.5.12-3.1.100mdk.i586.rpm
784f8431abd3cbda25abc8294682c96b
10.0/RPMS/libexif9-devel-0.5.12-3.1.100mdk.i586.rpm
2423d8e2cc1e3e8c71066d21d17d72a7 10.0/SRPMS/libexif-0.5.12-3.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
8f83a355fabca8f769d1c9dad47d0702
amd64/10.0/RPMS/lib64exif9-0.5.12-3.1.100mdk.amd64.rpm
81d7acb71bd8e37dbc0fe5d9973d4863
amd64/10.0/RPMS/lib64exif9-devel-0.5.12-3.1.100mdk.amd64.rpm
2423d8e2cc1e3e8c71066d21d17d72a7
amd64/10.0/SRPMS/libexif-0.5.12-3.1.100mdk.src.rpm

Mandrakelinux 10.1:
e7c6cba5d064421751f62fe97a27a246
10.1/RPMS/libexif9-0.5.12-3.1.101mdk.i586.rpm
12f5698199b00e594a7b839415fc34ce
10.1/RPMS/libexif9-devel-0.5.12-3.1.101mdk.i586.rpm
d610996df4ade2cd8379ede0246624ba 10.1/SRPMS/libexif-0.5.12-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
62a6bd730ed477e3eaad9cbcc1fafcd7
x86_64/10.1/RPMS/lib64exif9-0.5.12-3.1.101mdk.x86_64.rpm
737f9820611343813338fa5135f7ec2e
x86_64/10.1/RPMS/lib64exif9-devel-0.5.12-3.1.101mdk.x86_64.rpm
d610996df4ade2cd8379ede0246624ba
x86_64/10.1/SRPMS/libexif-0.5.12-3.1.101mdk.src.rpm

Corporate 3.0:
1f6db50292973824440d2c5018fda499
corporate/3.0/RPMS/libexif9-0.5.12-3.1.C30mdk.i586.rpm
efa51f02a658c456a1a78f5d72eff888
corporate/3.0/RPMS/libexif9-devel-0.5.12-3.1.C30mdk.i586.rpm
062ba77c9d11fae7e66c9d7c6ba2b4d7
corporate/3.0/SRPMS/libexif-0.5.12-3.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
6372fdf5cf79f247869e5c3087fb8ecf
x86_64/corporate/3.0/RPMS/lib64exif9-0.5.12-3.1.C30mdk.x86_64.rpm
6fc1cb6724795624d8c4569834487039
x86_64/corporate/3.0/RPMS/lib64exif9-devel-0.5.12-3.1.C30mdk.x86_64.rpm
062ba77c9d11fae7e66c9d7c6ba2b4d7
x86_64/corporate/3.0/SRPMS/libexif-0.5.12-3.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCTFPhmqjQ0CJFipgRAjlSAKDjOdJ2dryyZGJ1o84LHT+fUZJFZgCg0Nz+
KpJUoCmD5nPepXNdnvcT2gk=
=qUUW
-----END PGP SIGNATURE-----


____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung