LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Moderate: libexif integer overflow Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated libexif packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: libexif integer overflow
Advisory ID:       RHSA-2007:0501-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0501.html
Issue date:        2007-06-14
Updated on:        2007-06-14
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-4168 
- ---------------------------------------------------------------------

1. Summary:

Updated libexif packages that fix an integer overflow flaw are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The libexif package contains the EXIF library. Applications use this
library to parse EXIF image files.

An integer overflow flaw was found in the way libexif parses EXIF image
tags. If a victim opens a carefully crafted EXIF image file it could cause
the application linked against libexif to execute arbitrary code or crash.
(CVE-2007-4168)

Users of libexif should upgrade to these updated packages, which contain a
backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

243888 - CVE-2007-4168 libexif integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libexif-0.5.12-5.1.0.2.src.rpm
cc95784382095e50dbe7635f481aa9cf  libexif-0.5.12-5.1.0.2.src.rpm

i386:
6da6c2967783bcb980aecdc144d6dd02  libexif-0.5.12-5.1.0.2.i386.rpm
4ef568e43b4db35b77c5d55dd6ba3343  libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
991754de75656c3bb52f65973ff6c26f  libexif-devel-0.5.12-5.1.0.2.i386.rpm

ia64:
6da6c2967783bcb980aecdc144d6dd02  libexif-0.5.12-5.1.0.2.i386.rpm
f68c9026317026b58dd196bfd4af4bbf  libexif-0.5.12-5.1.0.2.ia64.rpm
4ef568e43b4db35b77c5d55dd6ba3343  libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
11d6259eaff76f0469a0098c8bfe2d85  libexif-debuginfo-0.5.12-5.1.0.2.ia64.rpm
ecfce96bd377840f0cee4de6d2c4d1e8  libexif-devel-0.5.12-5.1.0.2.ia64.rpm

ppc:
fdac438a4a9fd5bd08cc6a44391f23f6  libexif-0.5.12-5.1.0.2.ppc.rpm
af678c093c8adf776902b70fbb3c871e  libexif-0.5.12-5.1.0.2.ppc64.rpm
1d22c89d2bc5225093c422518bff34f1  libexif-debuginfo-0.5.12-5.1.0.2.ppc.rpm
f2d48c3e7a09ae433c77f2a8071d98b5  libexif-debuginfo-0.5.12-5.1.0.2.ppc64.rpm
9ab46f02a84a771fea33d5308b255f40  libexif-devel-0.5.12-5.1.0.2.ppc.rpm

s390:
e9985c79bc041d36f97af618830aace1  libexif-0.5.12-5.1.0.2.s390.rpm
cb1d6ec562f75373948fd0b6334779b2  libexif-debuginfo-0.5.12-5.1.0.2.s390.rpm
8747b11f434c1482c1ed32d024d9965e  libexif-devel-0.5.12-5.1.0.2.s390.rpm

s390x:
e9985c79bc041d36f97af618830aace1  libexif-0.5.12-5.1.0.2.s390.rpm
f5a748f9e3401d7ca637294f0a303e19  libexif-0.5.12-5.1.0.2.s390x.rpm
cb1d6ec562f75373948fd0b6334779b2  libexif-debuginfo-0.5.12-5.1.0.2.s390.rpm
8fd53184708b6fd4673090aaaf6162b1  libexif-debuginfo-0.5.12-5.1.0.2.s390x.rpm
822e8e8f5f5b7bdb47225604cf1d4373  libexif-devel-0.5.12-5.1.0.2.s390x.rpm

x86_64:
6da6c2967783bcb980aecdc144d6dd02  libexif-0.5.12-5.1.0.2.i386.rpm
1734951e779ec59b4bfc3f2e179238d7  libexif-0.5.12-5.1.0.2.x86_64.rpm
4ef568e43b4db35b77c5d55dd6ba3343  libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
40376173f752db73fcbb5bd44bed94f3  libexif-debuginfo-0.5.12-5.1.0.2.x86_64.rpm
470280d57b9b8a4684f6ae22fce1884d  libexif-devel-0.5.12-5.1.0.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libexif-0.5.12-5.1.0.2.src.rpm
cc95784382095e50dbe7635f481aa9cf  libexif-0.5.12-5.1.0.2.src.rpm

i386:
6da6c2967783bcb980aecdc144d6dd02  libexif-0.5.12-5.1.0.2.i386.rpm
4ef568e43b4db35b77c5d55dd6ba3343  libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
991754de75656c3bb52f65973ff6c26f  libexif-devel-0.5.12-5.1.0.2.i386.rpm

x86_64:
6da6c2967783bcb980aecdc144d6dd02  libexif-0.5.12-5.1.0.2.i386.rpm
1734951e779ec59b4bfc3f2e179238d7  libexif-0.5.12-5.1.0.2.x86_64.rpm
4ef568e43b4db35b77c5d55dd6ba3343  libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
40376173f752db73fcbb5bd44bed94f3  libexif-debuginfo-0.5.12-5.1.0.2.x86_64.rpm
470280d57b9b8a4684f6ae22fce1884d  libexif-devel-0.5.12-5.1.0.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libexif-0.5.12-5.1.0.2.src.rpm
cc95784382095e50dbe7635f481aa9cf  libexif-0.5.12-5.1.0.2.src.rpm

i386:
6da6c2967783bcb980aecdc144d6dd02  libexif-0.5.12-5.1.0.2.i386.rpm
4ef568e43b4db35b77c5d55dd6ba3343  libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
991754de75656c3bb52f65973ff6c26f  libexif-devel-0.5.12-5.1.0.2.i386.rpm

ia64:
6da6c2967783bcb980aecdc144d6dd02  libexif-0.5.12-5.1.0.2.i386.rpm
f68c9026317026b58dd196bfd4af4bbf  libexif-0.5.12-5.1.0.2.ia64.rpm
4ef568e43b4db35b77c5d55dd6ba3343  libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
11d6259eaff76f0469a0098c8bfe2d85  libexif-debuginfo-0.5.12-5.1.0.2.ia64.rpm
ecfce96bd377840f0cee4de6d2c4d1e8  libexif-devel-0.5.12-5.1.0.2.ia64.rpm

x86_64:
6da6c2967783bcb980aecdc144d6dd02  libexif-0.5.12-5.1.0.2.i386.rpm
1734951e779ec59b4bfc3f2e179238d7  libexif-0.5.12-5.1.0.2.x86_64.rpm
4ef568e43b4db35b77c5d55dd6ba3343  libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
40376173f752db73fcbb5bd44bed94f3  libexif-debuginfo-0.5.12-5.1.0.2.x86_64.rpm
470280d57b9b8a4684f6ae22fce1884d  libexif-devel-0.5.12-5.1.0.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libexif-0.5.12-5.1.0.2.src.rpm
cc95784382095e50dbe7635f481aa9cf  libexif-0.5.12-5.1.0.2.src.rpm

i386:
6da6c2967783bcb980aecdc144d6dd02  libexif-0.5.12-5.1.0.2.i386.rpm
4ef568e43b4db35b77c5d55dd6ba3343  libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
991754de75656c3bb52f65973ff6c26f  libexif-devel-0.5.12-5.1.0.2.i386.rpm

ia64:
6da6c2967783bcb980aecdc144d6dd02  libexif-0.5.12-5.1.0.2.i386.rpm
f68c9026317026b58dd196bfd4af4bbf  libexif-0.5.12-5.1.0.2.ia64.rpm
4ef568e43b4db35b77c5d55dd6ba3343  libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
11d6259eaff76f0469a0098c8bfe2d85  libexif-debuginfo-0.5.12-5.1.0.2.ia64.rpm
ecfce96bd377840f0cee4de6d2c4d1e8  libexif-devel-0.5.12-5.1.0.2.ia64.rpm

x86_64:
6da6c2967783bcb980aecdc144d6dd02  libexif-0.5.12-5.1.0.2.i386.rpm
1734951e779ec59b4bfc3f2e179238d7  libexif-0.5.12-5.1.0.2.x86_64.rpm
4ef568e43b4db35b77c5d55dd6ba3343  libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
40376173f752db73fcbb5bd44bed94f3  libexif-debuginfo-0.5.12-5.1.0.2.x86_64.rpm
470280d57b9b8a4684f6ae22fce1884d  libexif-devel-0.5.12-5.1.0.2.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libexif-0.6.13-4.0.2.el5.src.rpm
9c1360d0a15e568b9b73def358e1e216  libexif-0.6.13-4.0.2.el5.src.rpm

i386:
930dedbd73cc50756f08d8da7e69d3cc  libexif-0.6.13-4.0.2.el5.i386.rpm
67b189515a55c0197d5978fc741d40fb  libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm

x86_64:
930dedbd73cc50756f08d8da7e69d3cc  libexif-0.6.13-4.0.2.el5.i386.rpm
e3130a9e84081d0ee5735e0bf027b186  libexif-0.6.13-4.0.2.el5.x86_64.rpm
67b189515a55c0197d5978fc741d40fb  libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm
173cf3c2daefe7a78f5f2859803d4778  libexif-debuginfo-0.6.13-4.0.2.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libexif-0.6.13-4.0.2.el5.src.rpm
9c1360d0a15e568b9b73def358e1e216  libexif-0.6.13-4.0.2.el5.src.rpm

i386:
67b189515a55c0197d5978fc741d40fb  libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm
6cc73cf44459c921979c87bb72c2423d  libexif-devel-0.6.13-4.0.2.el5.i386.rpm

x86_64:
67b189515a55c0197d5978fc741d40fb  libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm
173cf3c2daefe7a78f5f2859803d4778  libexif-debuginfo-0.6.13-4.0.2.el5.x86_64.rpm
6cc73cf44459c921979c87bb72c2423d  libexif-devel-0.6.13-4.0.2.el5.i386.rpm
09804ed13ace52a3c98629e882652458  libexif-devel-0.6.13-4.0.2.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libexif-0.6.13-4.0.2.el5.src.rpm
9c1360d0a15e568b9b73def358e1e216  libexif-0.6.13-4.0.2.el5.src.rpm

i386:
930dedbd73cc50756f08d8da7e69d3cc  libexif-0.6.13-4.0.2.el5.i386.rpm
67b189515a55c0197d5978fc741d40fb  libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm
6cc73cf44459c921979c87bb72c2423d  libexif-devel-0.6.13-4.0.2.el5.i386.rpm

ia64:
bdd1e73d38fa157910bafa527fbbb9b8  libexif-0.6.13-4.0.2.el5.ia64.rpm
8ed3e35b3368418f65e27a29ab32089c  libexif-debuginfo-0.6.13-4.0.2.el5.ia64.rpm
6c717cfbef081e91678f0077e2990aa2  libexif-devel-0.6.13-4.0.2.el5.ia64.rpm

ppc:
a18174feefe9609197fc1965b10782ef  libexif-0.6.13-4.0.2.el5.ppc.rpm
05756725b5317acf04a044fbb12f10eb  libexif-0.6.13-4.0.2.el5.ppc64.rpm
cd467ec90128a6c417b6edbe51856919  libexif-debuginfo-0.6.13-4.0.2.el5.ppc.rpm
d0665b2a3d51d2370d44fdf79e90d927  libexif-debuginfo-0.6.13-4.0.2.el5.ppc64.rpm
a27203f6f7f67880c890f298a29ef269  libexif-devel-0.6.13-4.0.2.el5.ppc.rpm
f40b87f843489b5015b8325da0aeebe5  libexif-devel-0.6.13-4.0.2.el5.ppc64.rpm

s390x:
79ed6902bce120c38ebac83e374d9b82  libexif-0.6.13-4.0.2.el5.s390.rpm
c2d896aef222c14fae8976b222c3cfbe  libexif-0.6.13-4.0.2.el5.s390x.rpm
70c4cc7f2a088a417242c0eab635f9d8  libexif-debuginfo-0.6.13-4.0.2.el5.s390.rpm
28b288059199d9897659f0fb1e29cf20  libexif-debuginfo-0.6.13-4.0.2.el5.s390x.rpm
1afbb123d879e1a682b21fca1b9231fb  libexif-devel-0.6.13-4.0.2.el5.s390.rpm
fe8041e8b91383a74786a15ab0d8fc17  libexif-devel-0.6.13-4.0.2.el5.s390x.rpm

x86_64:
930dedbd73cc50756f08d8da7e69d3cc  libexif-0.6.13-4.0.2.el5.i386.rpm
e3130a9e84081d0ee5735e0bf027b186  libexif-0.6.13-4.0.2.el5.x86_64.rpm
67b189515a55c0197d5978fc741d40fb  libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm
173cf3c2daefe7a78f5f2859803d4778  libexif-debuginfo-0.6.13-4.0.2.el5.x86_64.rpm
6cc73cf44459c921979c87bb72c2423d  libexif-devel-0.6.13-4.0.2.el5.i386.rpm
09804ed13ace52a3c98629e882652458  libexif-devel-0.6.13-4.0.2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
How Cops and Hackers Could Abuse California’s New Phone Kill-Switch Law
Why Russian hackers are beating us
DQ Breach? HQ Says No, But Would it Know?
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.