enterprise-watch-list June 2007 archive
Main Archive Page > Month Archives  > enterprise-watch-list archives
enterprise-watch-list: [RHSA-2007:0501-01] Moderate: libexif int

[RHSA-2007:0501-01] Moderate: libexif integer overflow

From: <bugzilla_at_nospam>
Date: Thu Jun 14 2007 - 18:18:25 GMT
To: enterprise-watch-list@redhat.com


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

  • --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Moderate: libexif integer overflow Advisory ID: RHSA-2007:0501-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0501.html Issue date: 2007-06-14 Updated on: 2007-06-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-4168 - ---------------------------------------------------------------------
  1. Summary:

Updated libexif packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The libexif package contains the EXIF library. Applications use this library to parse EXIF image files.

An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

243888 - CVE-2007-4168 libexif integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libexif-0.5.12-5.1.0.2.src.rpm cc95784382095e50dbe7635f481aa9cf libexif-0.5.12-5.1.0.2.src.rpm

i386: 6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm 4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm 991754de75656c3bb52f65973ff6c26f libexif-devel-0.5.12-5.1.0.2.i386.rpm

ia64: 6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm f68c9026317026b58dd196bfd4af4bbf libexif-0.5.12-5.1.0.2.ia64.rpm 4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm 11d6259eaff76f0469a0098c8bfe2d85 libexif-debuginfo-0.5.12-5.1.0.2.ia64.rpm ecfce96bd377840f0cee4de6d2c4d1e8 libexif-devel-0.5.12-5.1.0.2.ia64.rpm

ppc: fdac438a4a9fd5bd08cc6a44391f23f6 libexif-0.5.12-5.1.0.2.ppc.rpm af678c093c8adf776902b70fbb3c871e libexif-0.5.12-5.1.0.2.ppc64.rpm 1d22c89d2bc5225093c422518bff34f1 libexif-debuginfo-0.5.12-5.1.0.2.ppc.rpm f2d48c3e7a09ae433c77f2a8071d98b5 libexif-debuginfo-0.5.12-5.1.0.2.ppc64.rpm 9ab46f02a84a771fea33d5308b255f40 libexif-devel-0.5.12-5.1.0.2.ppc.rpm

s390: e9985c79bc041d36f97af618830aace1 libexif-0.5.12-5.1.0.2.s390.rpm cb1d6ec562f75373948fd0b6334779b2 libexif-debuginfo-0.5.12-5.1.0.2.s390.rpm 8747b11f434c1482c1ed32d024d9965e libexif-devel-0.5.12-5.1.0.2.s390.rpm

s390x: e9985c79bc041d36f97af618830aace1 libexif-0.5.12-5.1.0.2.s390.rpm f5a748f9e3401d7ca637294f0a303e19 libexif-0.5.12-5.1.0.2.s390x.rpm cb1d6ec562f75373948fd0b6334779b2 libexif-debuginfo-0.5.12-5.1.0.2.s390.rpm 8fd53184708b6fd4673090aaaf6162b1 libexif-debuginfo-0.5.12-5.1.0.2.s390x.rpm 822e8e8f5f5b7bdb47225604cf1d4373 libexif-devel-0.5.12-5.1.0.2.s390x.rpm

x86_64: 6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm 1734951e779ec59b4bfc3f2e179238d7 libexif-0.5.12-5.1.0.2.x86_64.rpm 4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm 40376173f752db73fcbb5bd44bed94f3 libexif-debuginfo-0.5.12-5.1.0.2.x86_64.rpm 470280d57b9b8a4684f6ae22fce1884d libexif-devel-0.5.12-5.1.0.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libexif-0.5.12-5.1.0.2.src.rpm cc95784382095e50dbe7635f481aa9cf libexif-0.5.12-5.1.0.2.src.rpm

i386: 6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm 4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm 991754de75656c3bb52f65973ff6c26f libexif-devel-0.5.12-5.1.0.2.i386.rpm

x86_64: 6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm 1734951e779ec59b4bfc3f2e179238d7 libexif-0.5.12-5.1.0.2.x86_64.rpm 4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm 40376173f752db73fcbb5bd44bed94f3 libexif-debuginfo-0.5.12-5.1.0.2.x86_64.rpm 470280d57b9b8a4684f6ae22fce1884d libexif-devel-0.5.12-5.1.0.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libexif-0.5.12-5.1.0.2.src.rpm cc95784382095e50dbe7635f481aa9cf libexif-0.5.12-5.1.0.2.src.rpm

i386: 6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm 4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm 991754de75656c3bb52f65973ff6c26f libexif-devel-0.5.12-5.1.0.2.i386.rpm

ia64: 6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm f68c9026317026b58dd196bfd4af4bbf libexif-0.5.12-5.1.0.2.ia64.rpm 4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm 11d6259eaff76f0469a0098c8bfe2d85 libexif-debuginfo-0.5.12-5.1.0.2.ia64.rpm ecfce96bd377840f0cee4de6d2c4d1e8 libexif-devel-0.5.12-5.1.0.2.ia64.rpm

x86_64: 6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm 1734951e779ec59b4bfc3f2e179238d7 libexif-0.5.12-5.1.0.2.x86_64.rpm 4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm 40376173f752db73fcbb5bd44bed94f3 libexif-debuginfo-0.5.12-5.1.0.2.x86_64.rpm 470280d57b9b8a4684f6ae22fce1884d libexif-devel-0.5.12-5.1.0.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libexif-0.5.12-5.1.0.2.src.rpm cc95784382095e50dbe7635f481aa9cf libexif-0.5.12-5.1.0.2.src.rpm

i386: 6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm 4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm 991754de75656c3bb52f65973ff6c26f libexif-devel-0.5.12-5.1.0.2.i386.rpm

ia64: 6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm f68c9026317026b58dd196bfd4af4bbf libexif-0.5.12-5.1.0.2.ia64.rpm 4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm 11d6259eaff76f0469a0098c8bfe2d85 libexif-debuginfo-0.5.12-5.1.0.2.ia64.rpm ecfce96bd377840f0cee4de6d2c4d1e8 libexif-devel-0.5.12-5.1.0.2.ia64.rpm

x86_64: 6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm 1734951e779ec59b4bfc3f2e179238d7 libexif-0.5.12-5.1.0.2.x86_64.rpm 4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm 40376173f752db73fcbb5bd44bed94f3 libexif-debuginfo-0.5.12-5.1.0.2.x86_64.rpm 470280d57b9b8a4684f6ae22fce1884d libexif-devel-0.5.12-5.1.0.2.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libexif-0.6.13-4.0.2.el5.src.rpm 9c1360d0a15e568b9b73def358e1e216 libexif-0.6.13-4.0.2.el5.src.rpm

i386:
930dedbd73cc50756f08d8da7e69d3cc libexif-0.6.13-4.0.2.el5.i386.rpm 67b189515a55c0197d5978fc741d40fb libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm

x86_64: 930dedbd73cc50756f08d8da7e69d3cc libexif-0.6.13-4.0.2.el5.i386.rpm e3130a9e84081d0ee5735e0bf027b186 libexif-0.6.13-4.0.2.el5.x86_64.rpm 67b189515a55c0197d5978fc741d40fb libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm 173cf3c2daefe7a78f5f2859803d4778 libexif-debuginfo-0.6.13-4.0.2.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libexif-0.6.13-4.0.2.el5.src.rpm 9c1360d0a15e568b9b73def358e1e216 libexif-0.6.13-4.0.2.el5.src.rpm

i386:
67b189515a55c0197d5978fc741d40fb libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm 6cc73cf44459c921979c87bb72c2423d libexif-devel-0.6.13-4.0.2.el5.i386.rpm

x86_64: 67b189515a55c0197d5978fc741d40fb libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm 173cf3c2daefe7a78f5f2859803d4778 libexif-debuginfo-0.6.13-4.0.2.el5.x86_64.rpm 6cc73cf44459c921979c87bb72c2423d libexif-devel-0.6.13-4.0.2.el5.i386.rpm 09804ed13ace52a3c98629e882652458 libexif-devel-0.6.13-4.0.2.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libexif-0.6.13-4.0.2.el5.src.rpm 9c1360d0a15e568b9b73def358e1e216 libexif-0.6.13-4.0.2.el5.src.rpm

i386: 930dedbd73cc50756f08d8da7e69d3cc libexif-0.6.13-4.0.2.el5.i386.rpm 67b189515a55c0197d5978fc741d40fb libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm 6cc73cf44459c921979c87bb72c2423d libexif-devel-0.6.13-4.0.2.el5.i386.rpm

ia64: bdd1e73d38fa157910bafa527fbbb9b8 libexif-0.6.13-4.0.2.el5.ia64.rpm 8ed3e35b3368418f65e27a29ab32089c libexif-debuginfo-0.6.13-4.0.2.el5.ia64.rpm 6c717cfbef081e91678f0077e2990aa2 libexif-devel-0.6.13-4.0.2.el5.ia64.rpm

ppc: a18174feefe9609197fc1965b10782ef libexif-0.6.13-4.0.2.el5.ppc.rpm 05756725b5317acf04a044fbb12f10eb libexif-0.6.13-4.0.2.el5.ppc64.rpm cd467ec90128a6c417b6edbe51856919 libexif-debuginfo-0.6.13-4.0.2.el5.ppc.rpm d0665b2a3d51d2370d44fdf79e90d927 libexif-debuginfo-0.6.13-4.0.2.el5.ppc64.rpm a27203f6f7f67880c890f298a29ef269 libexif-devel-0.6.13-4.0.2.el5.ppc.rpm f40b87f843489b5015b8325da0aeebe5 libexif-devel-0.6.13-4.0.2.el5.ppc64.rpm

s390x: 79ed6902bce120c38ebac83e374d9b82 libexif-0.6.13-4.0.2.el5.s390.rpm c2d896aef222c14fae8976b222c3cfbe libexif-0.6.13-4.0.2.el5.s390x.rpm 70c4cc7f2a088a417242c0eab635f9d8 libexif-debuginfo-0.6.13-4.0.2.el5.s390.rpm 28b288059199d9897659f0fb1e29cf20 libexif-debuginfo-0.6.13-4.0.2.el5.s390x.rpm 1afbb123d879e1a682b21fca1b9231fb libexif-devel-0.6.13-4.0.2.el5.s390.rpm fe8041e8b91383a74786a15ab0d8fc17 libexif-devel-0.6.13-4.0.2.el5.s390x.rpm

x86_64: 930dedbd73cc50756f08d8da7e69d3cc libexif-0.6.13-4.0.2.el5.i386.rpm e3130a9e84081d0ee5735e0bf027b186 libexif-0.6.13-4.0.2.el5.x86_64.rpm 67b189515a55c0197d5978fc741d40fb libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm 173cf3c2daefe7a78f5f2859803d4778 libexif-debuginfo-0.6.13-4.0.2.el5.x86_64.rpm 6cc73cf44459c921979c87bb72c2423d libexif-devel-0.6.13-4.0.2.el5.i386.rpm 09804ed13ace52a3c98629e882652458 libexif-devel-0.6.13-4.0.2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168 http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGcYZsXlSAg2UNWIIRAiUeAKCEYAC9HRbt7+RoAQU7cYpmdvm0fQCgoBcg AIGhqj1Rawghxkj7Hz+XFoU=
=OiK1
-----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list