- ------------------------------------------------------------------------Debian Security Advisory DSA-1474-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
January 23, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package        : exiv2
Vulnerability  : integer overflow
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2007-6353

Meder Kydyraliev discovered an integer overflow in the thumbnail
handling of libexif, the EXIF/IPTC metadata manipulation library, which
could result in the execution of arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 0.10-1.5.

The old stable distribution (sarge) doesn't contain exiv2 packages.

We recommend that you upgrade your exiv2 packages.

Upgrade instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian (stable)
- ---------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:    31515 ff0fc3ef64872fbb591f7258620f5f0b
      Size/MD5 checksum:      660 ed1b77214142dfedc6c6d88d475987d9
      Size/MD5 checksum:  2053756 5af2256fb9895d9331684e8c1865b956

Architecture independent packages:

      Size/MD5 checksum:  1471716 ba3233f1b9cf71d3bf45ce0790942af9

alpha architecture (DEC Alpha)

      Size/MD5 checksum:    82506 a1c6311554e0301f3e5707ce45b12c44
      Size/MD5 checksum:   315770 08a274e26723b6644121a77718650df8
      Size/MD5 checksum:   716946 65bd53cad7fe49bd5a8b52c18845531d

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:    75710 214d62419a4da25d2c43119992adc1b8
      Size/MD5 checksum:   546036 b1d63a71e00c934d14f3263d626466a2
      Size/MD5 checksum:   282494 0b963505e15fc126583c08b4d6a8671e

arm architecture (ARM)

      Size/MD5 checksum:    88084 05fbc6853bc2517e58e587bc2e45942c
      Size/MD5 checksum:   311516 12a1dbbc1dc560187fec31152836831e
      Size/MD5 checksum:   552870 9e6da478b70cac4cd297c1a2efe8713f

hppa architecture (HP PA RISC)

      Size/MD5 checksum:   642320 b55a5e8930f4e4fec0e1b83fd2f8d9f8
      Size/MD5 checksum:   349652 520fcd26a32bcb915f1221a7cc09d342
      Size/MD5 checksum:    82724 643c5f109ad8b0b1e4f2d9ee35cf8283

i386 architecture (Intel ia32)

      Size/MD5 checksum:    75758 33830c83524ab3ea4fb72ed5fad9889a
      Size/MD5 checksum:   509668 5871ee4d12d7833b55434a0bd2c78804
      Size/MD5 checksum:   283882 32dc3334472467a5642b3ebf70d73f83

ia64 architecture (Intel ia64)

      Size/MD5 checksum:   730890 47ae5bab36a976e9d4c9d20c7e059e06
      Size/MD5 checksum:    95450 1a14407cb292d2a7991a34434d971878
      Size/MD5 checksum:   368756 4c9297fa105c67af45b7971f0b00c299

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   271654 811dc70c015b27cdcc94bad7147a0fa4
      Size/MD5 checksum:   586988 fbd433a7f7369be1cff39f9d79b1395e
      Size/MD5 checksum:    73684 beaaf91359bb0b3d0f3a22a1cade1505

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:   583038 de9ddb262ef8f49e0512119206ef63b0
      Size/MD5 checksum:    73176 f5d016a0b5e2ec60ef2e2d3446e363b3
      Size/MD5 checksum:   267776 68fa9f26c0c3fbbda74bd6139e332615

powerpc architecture (PowerPC)

      Size/MD5 checksum:   296440 a306748aafa37fa4d7874f817520f71f
      Size/MD5 checksum:   569730 cbf10c6a2166a27406dee3e151ec498b
      Size/MD5 checksum:    76080 dd8f0bfdddf9896fa21dd455a8c30052

s390 architecture (IBM S/390)

      Size/MD5 checksum:    70088 6a1550294fdf218741ca998c621825b5
      Size/MD5 checksum:   534022 d2b1f2455e02e16a300f0478c4b40779
      Size/MD5 checksum:   288842 2134f38671787dd40a582deda5771824

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   306884 0cff748083910cd2359765fef3d3b6e0
      Size/MD5 checksum:   511544 97c2efefdb8d3067d88b82763e7eba6e
      Size/MD5 checksum:    73494 89d72b486036f6bfabde2cbfc1c16986


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New exiv2 packages fix arbitrary code execution

January 23, 2008
Meder Kydyraliev discovered an integer overflow in the thumbnail handling of libexif, the EXIF/IPTC metadata manipulation library, which could result in the execution of arbitrar...

Summary

Severity

Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved