Login
Newsletter
Werbung

Sicherheit: Zahlenüberlauf in libexif
Aktuelle Meldungen Distributionen
Name: Zahlenüberlauf in libexif
ID: MDKSA-2007:128
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Corporate 4.0, Mandriva 2007.0, Mandriva 2007.1
Datum: Mi, 20. Juni 2007, 03:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168
Applikationen: libexif

Originalnachricht

This is a multi-part message in MIME format...

------------=_1182301599-8862-9005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:128
http://www.mandriva.com/security/
_______________________________________________________________________

Package : libexif
Date : June 19, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Another integer overflow was found in the way libexif parses EXIF
image tags. An individual who opened a carefully-crafted EXIF image
file could cause the application linked against libexif to crash or
possibly execute arbitrary code.

Updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
aea52b8b415d79199555b138040dc117
2007.0/i586/libexif12-0.6.13-2.2mdv2007.0.i586.rpm
235324d550727d73e80953bf0b70b7fe
2007.0/i586/libexif12-devel-0.6.13-2.2mdv2007.0.i586.rpm
77a2d90649912764b5f23b94fbc09bf9
2007.0/SRPMS/libexif-0.6.13-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
c6bf402af2d36bc636a4b53682b4279d
2007.0/x86_64/lib64exif12-0.6.13-2.2mdv2007.0.x86_64.rpm
7c16cb8228769253a61fb223e6ac5015
2007.0/x86_64/lib64exif12-devel-0.6.13-2.2mdv2007.0.x86_64.rpm
77a2d90649912764b5f23b94fbc09bf9
2007.0/SRPMS/libexif-0.6.13-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
76ac34860308ac16c0ddc0457684ac39
2007.1/i586/libexif12-0.6.13-4.2mdv2007.1.i586.rpm
4610d01483922b4b8e18a586405257f7
2007.1/i586/libexif12-devel-0.6.13-4.2mdv2007.1.i586.rpm
de1465368f5eca18797b77287bd0e425
2007.1/SRPMS/libexif-0.6.13-4.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
1a92e5266b5a92e39f4b9343fc16554a
2007.1/x86_64/lib64exif12-0.6.13-4.2mdv2007.1.x86_64.rpm
d2d151b5163ae6ffe99ccba69d3afcce
2007.1/x86_64/lib64exif12-devel-0.6.13-4.2mdv2007.1.x86_64.rpm
de1465368f5eca18797b77287bd0e425
2007.1/SRPMS/libexif-0.6.13-4.2mdv2007.1.src.rpm

Corporate 3.0:
d35e56a5dbee270b4dac92cd0e23bf10
corporate/3.0/i586/libexif9-0.5.12-3.3.C30mdk.i586.rpm
0b519895a69a6c03134a02c1ec8f1fbd
corporate/3.0/i586/libexif9-devel-0.5.12-3.3.C30mdk.i586.rpm
7739d6573e2bf53148532394a6467af7
corporate/3.0/SRPMS/libexif-0.5.12-3.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
9edbd655e6fd38a12f6e7722dbb5d50f
corporate/3.0/x86_64/lib64exif9-0.5.12-3.3.C30mdk.x86_64.rpm
d2a879e2b1a030012eb6e49764b8869d
corporate/3.0/x86_64/lib64exif9-devel-0.5.12-3.3.C30mdk.x86_64.rpm
d35e56a5dbee270b4dac92cd0e23bf10
corporate/3.0/x86_64/libexif9-0.5.12-3.3.C30mdk.i586.rpm
7739d6573e2bf53148532394a6467af7
corporate/3.0/SRPMS/libexif-0.5.12-3.3.C30mdk.src.rpm

Corporate 4.0:
1aa75c3c68ba6a52c513a3c96238d12e
corporate/4.0/i586/libexif12-0.6.12-2.2.20060mlcs4.i586.rpm
cde17b0c57044d132016a3be579bbbae
corporate/4.0/i586/libexif12-devel-0.6.12-2.2.20060mlcs4.i586.rpm
1a09002fd17721aca1c29fc4e971c38b
corporate/4.0/SRPMS/libexif-0.6.12-2.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
41c47eed02c3780cd5394a93f9d793f6
corporate/4.0/x86_64/lib64exif12-0.6.12-2.2.20060mlcs4.x86_64.rpm
78b6c776e2b71d96d6125c32838a6584
corporate/4.0/x86_64/lib64exif12-devel-0.6.12-2.2.20060mlcs4.x86_64.rpm
1aa75c3c68ba6a52c513a3c96238d12e
corporate/4.0/x86_64/libexif12-0.6.12-2.2.20060mlcs4.i586.rpm
cde17b0c57044d132016a3be579bbbae
corporate/4.0/x86_64/libexif12-devel-0.6.12-2.2.20060mlcs4.i586.rpm
1a09002fd17721aca1c29fc4e971c38b
corporate/4.0/SRPMS/libexif-0.6.12-2.2.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGeEekmqjQ0CJFipgRAmhJAJ9zUqX5PY2gtCcWewFIPsTk4LT7uQCggWmo
70HSRJ9MNadqZ46Ui1UAuk0=
=Fwpz
-----END PGP SIGNATURE-----


------------=_1182301599-8862-9005
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1182301599-8862-9005--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung