LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora Core 6 Update: libexif-0.6.15-2.fc6 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-614
2007-06-27
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : libexif
Version     : 0.6.15
Release     : 2.fc6
Summary     : Library for extracting extra information from image files
Description :
Most digital cameras produce EXIF files, which are JPEG files with
extra tags that contain information about the image. The EXIF library
allows you to parse an EXIF file and read the data from those tags.

---------------------------------------------------------------------
Update Information:

The libexif package contains the EXIF library. Applications
use this library to parse EXIF image files.

An integer overflow flaw was found in the way libexif parses
EXIF image tags. If a victim opens a carefully crafted EXIF
image file it could cause the application linked against
libexif to execute arbitrary code or crash. (CVE-2007-4168)

Users of libexif should upgrade to these updated packages,
which contain a backported patch and are not vulnerable to
this issue.
---------------------------------------------------------------------
* Wed Jun 13 2007 Matthias Clasen  - 0.6.15-2
- Add patch for CVE-2007-4168. Fix bug #243892

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

0fd5f1acfb37de5bd85b973ecf3b00c69ff6d5e9  SRPMS/libexif-0.6.15-2.fc6.src.rpm
0fd5f1acfb37de5bd85b973ecf3b00c69ff6d5e9  noarch/libexif-0.6.15-2.fc6.src.rpm
f715aefa9558f7b827606e98c5d88bf919d9e5ff  ppc/debug/libexif-debuginfo-0.6.15-2.fc6.ppc.rpm
c9a85c20b950a5c8f829280f05281d3657dd2aa9  ppc/libexif-0.6.15-2.fc6.ppc.rpm
90ed3965fdd563b74bd8e5f2d4af01b12e58b0e6  ppc/libexif-devel-0.6.15-2.fc6.ppc.rpm
f86b69b898a3824c1dcbadb14933d2866c310473  x86_64/debug/libexif-debuginfo-0.6.15-2.fc6.x86_64.rpm
ad3fd34dad258162c4bc9aa65020790af273b1a5  x86_64/libexif-devel-0.6.15-2.fc6.x86_64.rpm
9a3b3e18968081440411426a9139d5ca39ad196e  x86_64/libexif-0.6.15-2.fc6.x86_64.rpm
4e10c52ad5dc5eca65d7d57bc9b86aba61b3b276  i386/libexif-0.6.15-2.fc6.i386.rpm
99ecbcfcdaeea08641c0a61b6d6c72c66530f214  i386/libexif-devel-0.6.15-2.fc6.i386.rpm
e583ddd0572027f1421a0d9ad1694d3769b1394e  i386/debug/libexif-debuginfo-0.6.15-2.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.