From Fedora Project Wiki

< FSA‎ | F7
Revision as of 14:13, 24 May 2008 by fp-wiki>ImportUser (Imported from MoinMoin)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

[SECURITY] Fedora 7 Update: libexif-0.6.15-2.fc7

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-0414
2007-06-13 14:10:45.110754
--------------------------------------------------------------------------------

Name        : libexif
Product     : Fedora 7
Version     : 0.6.15
Release     : 2.fc7
Summary     : Library for extracting extra information from image files
Description :
Most digital cameras produce EXIF files, which are JPEG files with
extra tags that contain information about the image. The EXIF library
allows you to parse an EXIF file and read the data from those tags.

--------------------------------------------------------------------------------
Update Information:

The libexif package contains the EXIF library. Applications
use this library to parse EXIF image files.

An integer overflow flaw was found in the way libexif parses
EXIF image tags. If a victim opens a carefully crafted EXIF
image file it could cause the application linked against
libexif to execute arbitrary code or crash. (CVE-2007-4168)

Users of libexif should upgrade to these updated packages,
which contain a backported patch and are not vulnerable to
this issue.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 13 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.15-2
- Add patch for CVE-2007-4168. Fix bug #243892
* Wed May 30 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.15-1
- Update to 0.6.15
- Drop obsolete patch
* Thu May 24 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.13-4
- Add patch for CVE-2007-2645.
--------------------------------------------------------------------------------
References:

[ 1 ]  Bug #243890
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243890
[ 2 ]  CVE-2007-4168
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168
--------------------------------------------------------------------------------
Updated packages:

10cce6c94291f0470e8cb4de3bb1f6b2996a9f08 libexif-devel-0.6.15-2.fc7.ppc64.rpm
cd56142d945ece535cf3c0c02e5300d872326af4 libexif-0.6.15-2.fc7.ppc64.rpm
091289552c8397a8a54414252c9633812158dddc libexif-debuginfo-0.6.15-2.fc7.ppc64.rpm
2d6e1ceaf1941cc77d4ecb05915c5541d1c33f6e libexif-devel-0.6.15-2.fc7.i386.rpm
cf8f484124bcc88ec71529b8a1f56f1a83cefbac libexif-0.6.15-2.fc7.i386.rpm
b3efabe81a30002d39f2eb2993ff95492f102be3 libexif-debuginfo-0.6.15-2.fc7.i386.rpm
27926dbb021313d7d3b1fac7c140abfa6738f34d libexif-debuginfo-0.6.15-2.fc7.x86_64.rpm
8bb1e505f0f5f54942e42292871a608654eac6e5 libexif-devel-0.6.15-2.fc7.x86_64.rpm
b8dbe6182dc5cc18f66f5d5fba78c4324310906b libexif-0.6.15-2.fc7.x86_64.rpm
89b8fcd78fa45984ba8aed9e19cc8833a519e46f libexif-devel-0.6.15-2.fc7.ppc.rpm
efd2be2d1ce6b5f042964f7106c4d204d289be0f libexif-0.6.15-2.fc7.ppc.rpm
1c551c06052a4ed21969b4fdf2e3e2ef27c864d5 libexif-debuginfo-0.6.15-2.fc7.ppc.rpm
2b7824199c20411b1ba6cf6546e09baf861c53ea libexif-0.6.15-2.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------