LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New libexif packages fix integer overflow Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitary code via malformed EXIF data.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1309-1                  security@debian.org
http://www.debian.org/security/                               Steve Kemp
June 16, 2007
- ------------------------------------------------------------------------

Package        : libexif (0.6.9-6sarge1)
Vulnerability  : integer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2006-4168
Debian Bug     : 424775


A vulnerability has been discovered in libexif, a library to parse EXIF
files, which allows denial of service and possible execution of arbitary
code via malformed EXIF data.

For the old-stable distribution (sarge), this problem has been fixed
in version 0.6.9-6sarge1.

We recommend that you upgrade your libexif (0.6.9-6sarge1) package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (oldstable)
- ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge1.diff.gz
    Size/MD5 checksum:     4786 7f1c3acc1bd7a5cbba3d5902243641f3
  http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge1.dsc
    Size/MD5 checksum:      591 42d25baee97586f3ea1498a8f48ccf4a
  http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9.orig.tar.gz
    Size/MD5 checksum:   520956 0aa142335a8a00c32bb6c7dbfe95fc24

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_alpha.deb
    Size/MD5 checksum:    87472 b89fd309bcdbffe922868fdc94ae3995
  http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_alpha.deb
    Size/MD5 checksum:    87512 dfe1e955fa930314229d7bb60e3ff836

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_amd64.deb
    Size/MD5 checksum:    82032 4c5f701021eb2000bc3ef6f883567ce2
  http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_amd64.deb
    Size/MD5 checksum:    67686 16b056d71ca768c86008dcee30866f60

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_arm.deb
    Size/MD5 checksum:    77166 2aa58aba802cace8d19c69bde064353f
  http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_arm.deb
    Size/MD5 checksum:    63856 c4d53b9592202e1fdd33488fd60c6d34

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_hppa.deb
    Size/MD5 checksum:    72520 ee8e668619021e6b7835008ff995b7d9
  http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_hppa.deb
    Size/MD5 checksum:    87552 98de1cc25069f89469b2d27163f5899b

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_i386.deb
    Size/MD5 checksum:    81852 c160054570be46b37aea3eab9b4eaccb
  http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_i386.deb
    Size/MD5 checksum:    67106 d068596d9648d1ce07eab1cc960cc64c

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_ia64.deb
    Size/MD5 checksum:    84206 0246ab59dabd154efd976ff66bc92f41
  http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_ia64.deb
    Size/MD5 checksum:    95380 154b1660da3aa9de555d2a01771069f6

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_m68k.deb
    Size/MD5 checksum:    79144 d4efcd6b0d598fbdb5f63a8737f49964
  http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_m68k.deb
    Size/MD5 checksum:    57968 d746fafbc55a58c83920a6630b416365

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_mips.deb
    Size/MD5 checksum:    68116 231d9384f29995322dca3d138aa0bd41
  http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_mips.deb
    Size/MD5 checksum:    77876 d245ced8cef61e9b29c01891fb28be83

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_mipsel.deb
    Size/MD5 checksum:    77066 a803eeb2551df736a9ad6bfbcd4aec5d
  http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_mipsel.deb
    Size/MD5 checksum:    67570 a4962d489742e261878d1e76072de447

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_s390.deb
    Size/MD5 checksum:    69688 921fe72654e3fb1d8f43dc40c67f2196
  http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_s390.deb
    Size/MD5 checksum:    82194 e452ad17bc755a7896789d72ba6a19ef

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_sparc.deb
    Size/MD5 checksum:    80210 5af15c3f4ba80c2349b22e31fdace319
  http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_sparc.deb
    Size/MD5 checksum:    66224 eff51355ec2cc7ad61a8cafd51b7827d


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google Fixes 12 Vulnerabilities in Chrome 36
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.