Debian: New exiftags packages fix several vulnerabilities
Summary
CVE-2007-6354
Inadequate EXIF property validation could lead to invalid memory
accesses if executed on a maliciously crafted image, potentially
including heap corruption and the execution of arbitrary code.
CVE-2007-6355
Flawed data validation could lead to integer overflows, causing
other invalid memory accesses, also with the potential for memory
corruption or arbitrary code execution.
CVE-2007-6356
Cyclical EXIF image file directory (IFD) references could cause
a denial of service (infinite loop).
For the stable distribution (etch), these problems have been fixed in
version 0.98-1.1+etch1.
For the oldstable distribution (sarge), these problems have been fixed
in version 0.98-1.1+0sarge1.
For the unstable distribution (sid), these problems have been fixed in
version 1.01-0.1.
Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Size/MD5 checksum: 5131 3baa30a42f531580a502a3f3818ead56
Size/MD5 checksum: 50195 5a8a4057c4dac1d765da5f9ef4527bdf
Size/MD5 checksum: 873 b85e0a4a382cac6a844af52e42c670bb
alpha architecture (DEC Alpha)
Size/MD5 checksum: 63406 d4b9ee67dcfb07ef1bc6ab143bd50496
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 56656 83688a1b3ec9c359a734f04bb985350d
arm architecture (ARM)
Size/MD5 checksum: 56064 eb60a8336c020a588458bb07fb57c1bc
hppa architecture (HP PA RISC)
Size/MD5 checksum: 59824 be52ea467c6651b65a371895948005b4
i386 architecture (Intel ia32)
Size/MD5 checksum: 52514 1850fa2d6b54fe1029553605509ef7cf
ia64 architecture (Intel ia64)
Size/MD5 checksum: 76252 ce03fb64e959c8a2f24ad3744ca80fd5
m68k architecture (Motorola Mc680x0)
Size/MD5 checksum: 53120 8c98a08982680a42e1c6aab585faf487
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 60736 14cbe8b15c5260b969961cf4107da991
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 60040 3bdbbf546125a75c00800cb4039b25ab
powerpc architecture (PowerPC)
Size/MD5 checksum: 54812 8d33fe8cb068bf1f02ce0c4a8cd3c8d0
s390 architecture (IBM S/390)
Size/MD5 checksum: 58208 9e7eeadcaefc2fe90aa11ece173348e2
Debian GNU/Linux 4.0 alias etch
Size/MD5 checksum: 577 7b8743189acd9b4c0a7a25cabb5b753d
Size/MD5 checksum: 5128 2f82244bd73046f31b07e77a7381dd15
Size/MD5 checksum: 50195 5a8a4057c4dac1d765da5f9ef4527bdf
alpha architecture (DEC Alpha)
Size/MD5 checksum: 62970 e481f4f8ce70b25a648a2d3678d48e07
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 57924 a5a6906e8d05beeffc763379a9c45ba2
arm architecture (ARM)
Size/MD5 checksum: 56278 b06bf3f7722f034096719c7153fae5bd
i386 architecture (Intel ia32)
Size/MD5 checksum: 52558 ceed89333fd99a11d26765390ae35871
ia64 architecture (Intel ia64)
Size/MD5 checksum: 75164 ca893189af6fe68536774bac7dd357a1
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 61010 a5415b5fb389903c20c431a245fcb3fb
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 60064 2961a652e3cb269a0671fe2281b2f017
powerpc architecture (PowerPC)
Size/MD5 checksum: 54734 23a4389bb781e0a054c1687986ac1b1a
s390 architecture (IBM S/390)
Size/MD5 checksum: 58988 38bf328294b2afe633ef99a5b97f3f1e
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 56132 d2e1cd3190fe528527beaacc2ef6be3f
These files will probably be moved into the stable distribution on
its next update.
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org