Get the LinuxSecurity news you want faster with RSS
Powered By
Mandrake: Updated libexif packages fix
Posted by Benjamin D. Thomas
A buffer overflow was discovered in the way libexif parses EXIF tags.
An attacker could exploit this by creating a special EXIF image file
which could cause image viewers linked against libexif to crash.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: libexif
Advisory ID: MDKSA-2005:064
Date: March 31st, 2005
Affected versions: 10.0, 10.1, Corporate 3.0
______________________________________________________________________
Problem Description:
A buffer overflow was discovered in the way libexif parses EXIF tags.
An attacker could exploit this by creating a special EXIF image file
which could cause image viewers linked against libexif to crash.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0664
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
7f98f8c823d04b1aec8ec8bf3082e540 10.0/RPMS/libexif9-0.5.12-3.1.100mdk.i586.rpm
784f8431abd3cbda25abc8294682c96b 10.0/RPMS/libexif9-devel-0.5.12-3.1.100mdk.i586.rpm
2423d8e2cc1e3e8c71066d21d17d72a7 10.0/SRPMS/libexif-0.5.12-3.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
8f83a355fabca8f769d1c9dad47d0702 amd64/10.0/RPMS/lib64exif9-0.5.12-3.1.100mdk.amd64.rpm
81d7acb71bd8e37dbc0fe5d9973d4863 amd64/10.0/RPMS/lib64exif9-devel-0.5.12-3.1.100mdk.amd64.rpm
2423d8e2cc1e3e8c71066d21d17d72a7 amd64/10.0/SRPMS/libexif-0.5.12-3.1.100mdk.src.rpm
Mandrakelinux 10.1:
e7c6cba5d064421751f62fe97a27a246 10.1/RPMS/libexif9-0.5.12-3.1.101mdk.i586.rpm
12f5698199b00e594a7b839415fc34ce 10.1/RPMS/libexif9-devel-0.5.12-3.1.101mdk.i586.rpm
d610996df4ade2cd8379ede0246624ba 10.1/SRPMS/libexif-0.5.12-3.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
62a6bd730ed477e3eaad9cbcc1fafcd7 x86_64/10.1/RPMS/lib64exif9-0.5.12-3.1.101mdk.x86_64.rpm
737f9820611343813338fa5135f7ec2e x86_64/10.1/RPMS/lib64exif9-devel-0.5.12-3.1.101mdk.x86_64.rpm
d610996df4ade2cd8379ede0246624ba x86_64/10.1/SRPMS/libexif-0.5.12-3.1.101mdk.src.rpm
Corporate 3.0:
1f6db50292973824440d2c5018fda499 corporate/3.0/RPMS/libexif9-0.5.12-3.1.C30mdk.i586.rpm
efa51f02a658c456a1a78f5d72eff888 corporate/3.0/RPMS/libexif9-devel-0.5.12-3.1.C30mdk.i586.rpm
062ba77c9d11fae7e66c9d7c6ba2b4d7 corporate/3.0/SRPMS/libexif-0.5.12-3.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
6372fdf5cf79f247869e5c3087fb8ecf x86_64/corporate/3.0/RPMS/lib64exif9-0.5.12-3.1.C30mdk.x86_64.rpm
6fc1cb6724795624d8c4569834487039 x86_64/corporate/3.0/RPMS/lib64exif9-devel-0.5.12-3.1.C30mdk.x86_64.rpm
062ba77c9d11fae7e66c9d7c6ba2b4d7 x86_64/corporate/3.0/SRPMS/libexif-0.5.12-3.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
