| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 08 Jun 2007 15:22:07 -0600 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDKSA-2007:118 ] - Updated libexif packages fix crash and possible arbitrary code execution issue -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:118 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libexif Date : June 8, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data. Updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2645 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 8de9838c6688aa2502eb58fda312003a 2007.0/i586/libexif12-0.6.13-2.1mdv2007.0.i586.rpm 580e145204195974bc7c952172c446b3 2007.0/i586/libexif12-devel-0.6.13-2.1mdv2007.0.i586.rpm d844f09d409daecc2389db2676e50873 2007.0/SRPMS/libexif-0.6.13-2.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 3a12325160f97f932e9219204cbc7530 2007.0/x86_64/lib64exif12-0.6.13-2.1mdv2007.0.x86_64.rpm 923cd72076fad582cf2c4797205f40e9 2007.0/x86_64/lib64exif12-devel-0.6.13-2.1mdv2007.0.x86_64.rpm d844f09d409daecc2389db2676e50873 2007.0/SRPMS/libexif-0.6.13-2.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 72c028dc116ab801193597474a97b5dd 2007.1/i586/libexif12-0.6.13-4.1mdv2007.1.i586.rpm 1603116edb2e3c2ff7dab21e55918c37 2007.1/i586/libexif12-devel-0.6.13-4.1mdv2007.1.i586.rpm af9f57cbcb05284a5b3b9f40cb9ebfb0 2007.1/SRPMS/libexif-0.6.13-4.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: cd26e48c6bb15bad651254f893e73e1f 2007.1/x86_64/lib64exif12-0.6.13-4.1mdv2007.1.x86_64.rpm e7b605766d1c4a345d6691a725defc87 2007.1/x86_64/lib64exif12-devel-0.6.13-4.1mdv2007.1.x86_64.rpm af9f57cbcb05284a5b3b9f40cb9ebfb0 2007.1/SRPMS/libexif-0.6.13-4.1mdv2007.1.src.rpm Corporate 3.0: 7006c28a35c773a399990c5920093996 corporate/3.0/i586/libexif9-0.5.12-3.2.C30mdk.i586.rpm 513cc72e7240fec7f445aec15411ecf6 corporate/3.0/i586/libexif9-devel-0.5.12-3.2.C30mdk.i586.rpm aa33d9f4305d33eedb1dcb03e0160340 corporate/3.0/SRPMS/libexif-0.5.12-3.2.C30mdk.src.rpm Corporate 3.0/X86_64: 2ed9200d78941a8e8028d0863edf21ef corporate/3.0/x86_64/lib64exif9-0.5.12-3.2.C30mdk.x86_64.rpm d6782377ec44ed36da7b79e314889298 corporate/3.0/x86_64/lib64exif9-devel-0.5.12-3.2.C30mdk.x86_64.rpm aa33d9f4305d33eedb1dcb03e0160340 corporate/3.0/SRPMS/libexif-0.5.12-3.2.C30mdk.src.rpm Corporate 4.0: 59c79de51e734476082d2e8441b37379 corporate/4.0/i586/libexif12-0.6.12-2.1.20060mlcs4.i586.rpm bdd1f9b7048916221b20ef6beca09046 corporate/4.0/i586/libexif12-devel-0.6.12-2.1.20060mlcs4.i586.rpm fb63127c388f24483317139078f311f4 corporate/4.0/SRPMS/libexif-0.6.12-2.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: b7e02d89a1ecd4b70e581f86d347b0f5 corporate/4.0/x86_64/lib64exif12-0.6.12-2.1.20060mlcs4.x86_64.rpm caa2c7e5c2ac078626ae89b1fab07406 corporate/4.0/x86_64/lib64exif12-devel-0.6.12-2.1.20060mlcs4.x86_64.rpm fb63127c388f24483317139078f311f4 corporate/4.0/SRPMS/libexif-0.6.12-2.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGaZ0KmqjQ0CJFipgRAqEJAKDDwR4i+fRIXeY+YZdsKh3uJkYiwACcDsaB Kd06KyCkkSIKZ+qWDpxO3CQ= =5OTS -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists