Login
Newsletter
Werbung

Sicherheit: Zahlenüberlauf in libexif
Aktuelle Meldungen Distributionen
Name: Zahlenüberlauf in libexif
ID: MDKSA-2007:118
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Corporate 4.0, Mandriva 2007.0, Mandriva 2007.1
Datum: Sa, 9. Juni 2007, 00:22
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2645
Applikationen: libexif

Originalnachricht

This is a multi-part message in MIME format...

------------=_1181338585-8862-8248


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:118
http://www.mandriva.com/security/
_______________________________________________________________________

Package : libexif
Date : June 8, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Integer overflow in the exif_data_load_data_entry function in
exif-data.c in libexif before 0.6.14 allows user-assisted remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via crafted EXIF data.

Updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2645
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
8de9838c6688aa2502eb58fda312003a
2007.0/i586/libexif12-0.6.13-2.1mdv2007.0.i586.rpm
580e145204195974bc7c952172c446b3
2007.0/i586/libexif12-devel-0.6.13-2.1mdv2007.0.i586.rpm
d844f09d409daecc2389db2676e50873
2007.0/SRPMS/libexif-0.6.13-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
3a12325160f97f932e9219204cbc7530
2007.0/x86_64/lib64exif12-0.6.13-2.1mdv2007.0.x86_64.rpm
923cd72076fad582cf2c4797205f40e9
2007.0/x86_64/lib64exif12-devel-0.6.13-2.1mdv2007.0.x86_64.rpm
d844f09d409daecc2389db2676e50873
2007.0/SRPMS/libexif-0.6.13-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
72c028dc116ab801193597474a97b5dd
2007.1/i586/libexif12-0.6.13-4.1mdv2007.1.i586.rpm
1603116edb2e3c2ff7dab21e55918c37
2007.1/i586/libexif12-devel-0.6.13-4.1mdv2007.1.i586.rpm
af9f57cbcb05284a5b3b9f40cb9ebfb0
2007.1/SRPMS/libexif-0.6.13-4.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
cd26e48c6bb15bad651254f893e73e1f
2007.1/x86_64/lib64exif12-0.6.13-4.1mdv2007.1.x86_64.rpm
e7b605766d1c4a345d6691a725defc87
2007.1/x86_64/lib64exif12-devel-0.6.13-4.1mdv2007.1.x86_64.rpm
af9f57cbcb05284a5b3b9f40cb9ebfb0
2007.1/SRPMS/libexif-0.6.13-4.1mdv2007.1.src.rpm

Corporate 3.0:
7006c28a35c773a399990c5920093996
corporate/3.0/i586/libexif9-0.5.12-3.2.C30mdk.i586.rpm
513cc72e7240fec7f445aec15411ecf6
corporate/3.0/i586/libexif9-devel-0.5.12-3.2.C30mdk.i586.rpm
aa33d9f4305d33eedb1dcb03e0160340
corporate/3.0/SRPMS/libexif-0.5.12-3.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
2ed9200d78941a8e8028d0863edf21ef
corporate/3.0/x86_64/lib64exif9-0.5.12-3.2.C30mdk.x86_64.rpm
d6782377ec44ed36da7b79e314889298
corporate/3.0/x86_64/lib64exif9-devel-0.5.12-3.2.C30mdk.x86_64.rpm
aa33d9f4305d33eedb1dcb03e0160340
corporate/3.0/SRPMS/libexif-0.5.12-3.2.C30mdk.src.rpm

Corporate 4.0:
59c79de51e734476082d2e8441b37379
corporate/4.0/i586/libexif12-0.6.12-2.1.20060mlcs4.i586.rpm
bdd1f9b7048916221b20ef6beca09046
corporate/4.0/i586/libexif12-devel-0.6.12-2.1.20060mlcs4.i586.rpm
fb63127c388f24483317139078f311f4
corporate/4.0/SRPMS/libexif-0.6.12-2.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
b7e02d89a1ecd4b70e581f86d347b0f5
corporate/4.0/x86_64/lib64exif12-0.6.12-2.1.20060mlcs4.x86_64.rpm
caa2c7e5c2ac078626ae89b1fab07406
corporate/4.0/x86_64/lib64exif12-devel-0.6.12-2.1.20060mlcs4.x86_64.rpm
fb63127c388f24483317139078f311f4
corporate/4.0/SRPMS/libexif-0.6.12-2.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGaZ0KmqjQ0CJFipgRAqEJAKDDwR4i+fRIXeY+YZdsKh3uJkYiwACcDsaB
Kd06KyCkkSIKZ+qWDpxO3CQ=
=5OTS
-----END PGP SIGNATURE-----


------------=_1181338585-8862-8248
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1181338585-8862-8248--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung