LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: libexif vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Victor Stinner discovered that libexif did not correctly validate the size of some EXIF header fields. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to crash, resulting in a denial of service.
=========================================================== 
Ubuntu Security Notice USN-471-1              June 11, 2007
libexif vulnerability
CVE-2007-2645
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libexif12                                0.6.12-2ubuntu0.1

Ubuntu 6.10:
  libexif12                                0.6.13-4ubuntu0.1

Ubuntu 7.04:
  libexif12                                0.6.13-5ubuntu0.1

After a standard system upgrade you need to restart your session to
effect the necessary changes.

Details follow:

Victor Stinner discovered that libexif did not correctly validate the
size of some EXIF header fields.  By tricking a user into opening an
image with specially crafted EXIF headers, a remote attacker could cause
the application using libexif to crash, resulting in a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.12-2ubuntu0.1.diff.gz
      Size/MD5:     3799 404b94c6dc02fded399d2015829b35ee
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.12-2ubuntu0.1.dsc
      Size/MD5:      600 ba2fd679c82d39a8fd22845c3244cf38
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.12.orig.tar.gz
      Size/MD5:   537829 69501aaf0862a79aaeeb73e81e8c1306

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.12-2ubuntu0.1_amd64.deb
      Size/MD5:    77634 abcac032c95e9128eb9562fd3e8c9c3c
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.12-2ubuntu0.1_amd64.deb
      Size/MD5:    61804 4d4bff0d5f7a0fbd55baea101638440a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.12-2ubuntu0.1_i386.deb
      Size/MD5:    72878 53d6a23f8515d65645711d1b74630fbf
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.12-2ubuntu0.1_i386.deb
      Size/MD5:    57686 032f3abaf88451cbb08dbf8f6a74b90f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.12-2ubuntu0.1_powerpc.deb
      Size/MD5:    78066 0402629c14b6396692a18aceefa17de7
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.12-2ubuntu0.1_powerpc.deb
      Size/MD5:    60642 800f64893ff9eeb837443c92726c5784

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.12-2ubuntu0.1_sparc.deb
      Size/MD5:    75652 8a8ff09cd40054c01305bfaaa738e28c
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.12-2ubuntu0.1_sparc.deb
      Size/MD5:    58672 62e3912837cd84c59d87f8b5cef94927

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13-4ubuntu0.1.diff.gz
      Size/MD5:     4090 7bb28740d6996a32944568fd5752279f
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13-4ubuntu0.1.dsc
      Size/MD5:      619 5106e84640dc952172c2418b832506d1
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13.orig.tar.gz
      Size/MD5:   727418 e5ad93c170bfb4fed6dc3e1c7a7948cb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.13-4ubuntu0.1_amd64.deb
      Size/MD5:  1005486 27c44f76b5356c2e5252cf74109cc948
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.13-4ubuntu0.1_amd64.deb
      Size/MD5:    69208 c374d298d31ffcc1e66490c8a625f3a5

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.13-4ubuntu0.1_i386.deb
      Size/MD5:   995998 ff15d1e752e6b6d10e411546376af0e7
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.13-4ubuntu0.1_i386.deb
      Size/MD5:    66008 951d7e9445cf0e2167a85031525be878

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.13-4ubuntu0.1_powerpc.deb
      Size/MD5:  1005170 240c110c041580afc02b588340471c80
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.13-4ubuntu0.1_powerpc.deb
      Size/MD5:    64638 c4aef67ceac06a7296348efdacad3184

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.13-4ubuntu0.1_sparc.deb
      Size/MD5:  1002480 018082e64ad3d8f90dbea766f6331f4f
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.13-4ubuntu0.1_sparc.deb
      Size/MD5:    64536 c7beaa479951d01dadae0cb42b2fc20c

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13-5ubuntu0.1.diff.gz
      Size/MD5:     9109 7e344567afce19f3260b9e01d0a5467b
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13-5ubuntu0.1.dsc
      Size/MD5:      703 2a77275783bcf3640094d7211030baf3
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13.orig.tar.gz
      Size/MD5:   727418 e5ad93c170bfb4fed6dc3e1c7a7948cb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.13-5ubuntu0.1_amd64.deb
      Size/MD5:  1005748 c4a6dee59ed66a7da794a1e3e5e2a115
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.13-5ubuntu0.1_amd64.deb
      Size/MD5:    70130 c42288b602f05f883b77c96a98b17ff3

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.13-5ubuntu0.1_i386.deb
      Size/MD5:   996420 7c04dd612e03148d48e6b789e45eae24
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.13-5ubuntu0.1_i386.deb
      Size/MD5:    67134 2f2a1b6842687460da7b538d25328d4b

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.13-5ubuntu0.1_powerpc.deb
      Size/MD5:  1005978 f1f145431e46cbf64578f5f5303affad
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.13-5ubuntu0.1_powerpc.deb
      Size/MD5:    67722 1e7ffec961515ad044eac32f5d22c94f

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.13-5ubuntu0.1_sparc.deb
      Size/MD5:  1002944 3264007332abd428dc4c26e3a67c36cc
    http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.13-5ubuntu0.1_sparc.deb
      Size/MD5:    65436 44b4d989149fc1f88e1acf4e88e16c33


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.