=========================================================== 
Ubuntu Security Notice USN-478-1              June 26, 2007
libexif vulnerability
CVE-2006-4168
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libexif12                                0.6.12-2ubuntu0.2

Ubuntu 6.10:
  libexif12                                0.6.13-4ubuntu0.2

Ubuntu 7.04:
  libexif12                                0.6.13-5ubuntu0.2

After a standard system upgrade you need to restart your session to
effect the necessary changes.

Details follow:

Sean Larsson discovered that libexif did not correctly verify the size of
EXIF components.  By tricking a user into opening an image with specially
crafted EXIF headers, a remote attacker could cause the application
using libexif to execute arbitrary code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:     4113 730eb735217c43b8db8c01791cc75d5c
          Size/MD5:      600 8143e72ccb227ae06480b0868df01c37
          Size/MD5:   537829 69501aaf0862a79aaeeb73e81e8c1306

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:    77656 1dbbb161ee2e8d59fe27037f8f2e0f5c
          Size/MD5:    61838 efb782c9eb16161a11c9ff1e3c00c0af

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:    72906 891aaf10c9f8dace3a874b931205a12c
          Size/MD5:    57728 547f46acb443f242b0a6c5664551ee7e

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:    78108 26600c84d77cb0f8d75a47459a6e6cf5
          Size/MD5:    60704 a42302bcd4ea27d14872504c217ef874

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:    75670 05a51fd9479e467e9355b19498296354
          Size/MD5:    58684 d9c28f243e65dc8135d4824563c1f78f

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:     4423 cc5af5645683e8805b099f682d49a94d
          Size/MD5:      619 8a933c06a735c10ab877aeb0ed67cbac
          Size/MD5:   727418 e5ad93c170bfb4fed6dc3e1c7a7948cb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:  1005552 0188fc8815a6d86800de62ac63d5a72e
          Size/MD5:    69232 34cb35ec853dfddc67dc22b74f48a9a6

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   996198 26ae4434d2bdb7e8c885fb111b7ef2f5
          Size/MD5:    66058 cf044c342776fe0962041c850f88dfcb

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:  1005436 2e219fd5df0a5bde51f158e9fa0c9a00
          Size/MD5:    64676 0152c1995cd0841e0918e883180a4942

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:  1002600 e7bbfac1c041f27681ffb78089c5b537
          Size/MD5:    64582 a8be73af4baf2e8e04e6a1f91740ed5b

Updated packages for Ubuntu 7.04:

  Source archives:

          Size/MD5:     9428 5406de6855d2d0831291338ab2064688
          Size/MD5:      703 7bd3f9b317d450bba43694e44d9ef323
          Size/MD5:   727418 e5ad93c170bfb4fed6dc3e1c7a7948cb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:  1005804 ab89d560bf2821e5cf65ae70b2394670
          Size/MD5:    70162 f6c60f358334dcadea3852ff4fa5374b

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   996514 7519fab6a1e61589697a873a432dca9e
          Size/MD5:    67160 6a1de2a9cfb7d06c0e6e74931cf74e38

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:  1006210 9877b5b91a1fcb3e1a8148a3d76f0652
          Size/MD5:    67728 ce5b2421a8e85e006f0eb0d523ad3a3e

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:  1003148 229be831664b3053d47edca4286898c9
          Size/MD5:    65468 dda5d0a49e0fcfd48f9d0dc4dcd160f4


--FN+gV9K+162wdwwF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGgarqH/9LqRcGPm0RAkSBAJ9DA3W1XZOGQq/4avWQayW37+nJ6gCfWY/k
0pgR2gSeabnN14+51JCBZfs=mH82
-----END PGP SIGNATURE-------FN+gV9K+162wdwwF--
--==============q47054372699127367=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============q47054372699127367==--

Ubuntu: libexif vulnerability

June 29, 2007
Sean Larsson discovered that libexif did not correctly verify the size of EXIF components

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-478-1 June 26, 2007

Package Information

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved