RHSA-2007:0501-01 Moderate: libexif integer overflow
Posted on: 06/14/2007 09:20 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: libexif integer overflow
Advisory ID: RHSA-2007:0501-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0501.html
Issue date: 2007-06-14
Updated on: 2007-06-14
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-4168
- ---------------------------------------------------------------------

1. Summary:

Updated libexif packages that fix an integer overflow flaw are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The libexif package contains the EXIF library. Applications use this
library to parse EXIF image files.

An integer overflow flaw was found in the way libexif parses EXIF image
tags. If a victim opens a carefully crafted EXIF image file it could cause
the application linked against libexif to execute arbitrary code or crash.
(CVE-2007-4168)

Users of libexif should upgrade to these updated packages, which contain a
backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

243888 - CVE-2007-4168 libexif integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libexif-0.5.12-5.1.0.2.src.rpm
cc95784382095e50dbe7635f481aa9cf libexif-0.5.12-5.1.0.2.src.rpm

i386:
6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm
4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
991754de75656c3bb52f65973ff6c26f libexif-devel-0.5.12-5.1.0.2.i386.rpm

ia64:
6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm
f68c9026317026b58dd196bfd4af4bbf libexif-0.5.12-5.1.0.2.ia64.rpm
4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
11d6259eaff76f0469a0098c8bfe2d85 libexif-debuginfo-0.5.12-5.1.0.2.ia64.rpm
ecfce96bd377840f0cee4de6d2c4d1e8 libexif-devel-0.5.12-5.1.0.2.ia64.rpm

ppc:
fdac438a4a9fd5bd08cc6a44391f23f6 libexif-0.5.12-5.1.0.2.ppc.rpm
af678c093c8adf776902b70fbb3c871e libexif-0.5.12-5.1.0.2.ppc64.rpm
1d22c89d2bc5225093c422518bff34f1 libexif-debuginfo-0.5.12-5.1.0.2.ppc.rpm
f2d48c3e7a09ae433c77f2a8071d98b5 libexif-debuginfo-0.5.12-5.1.0.2.ppc64.rpm
9ab46f02a84a771fea33d5308b255f40 libexif-devel-0.5.12-5.1.0.2.ppc.rpm

s390:
e9985c79bc041d36f97af618830aace1 libexif-0.5.12-5.1.0.2.s390.rpm
cb1d6ec562f75373948fd0b6334779b2 libexif-debuginfo-0.5.12-5.1.0.2.s390.rpm
8747b11f434c1482c1ed32d024d9965e libexif-devel-0.5.12-5.1.0.2.s390.rpm

s390x:
e9985c79bc041d36f97af618830aace1 libexif-0.5.12-5.1.0.2.s390.rpm
f5a748f9e3401d7ca637294f0a303e19 libexif-0.5.12-5.1.0.2.s390x.rpm
cb1d6ec562f75373948fd0b6334779b2 libexif-debuginfo-0.5.12-5.1.0.2.s390.rpm
8fd53184708b6fd4673090aaaf6162b1 libexif-debuginfo-0.5.12-5.1.0.2.s390x.rpm
822e8e8f5f5b7bdb47225604cf1d4373 libexif-devel-0.5.12-5.1.0.2.s390x.rpm

x86_64:
6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm
1734951e779ec59b4bfc3f2e179238d7 libexif-0.5.12-5.1.0.2.x86_64.rpm
4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
40376173f752db73fcbb5bd44bed94f3 libexif-debuginfo-0.5.12-5.1.0.2.x86_64.rpm
470280d57b9b8a4684f6ae22fce1884d libexif-devel-0.5.12-5.1.0.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libexif-0.5.12-5.1.0.2.src.rpm
cc95784382095e50dbe7635f481aa9cf libexif-0.5.12-5.1.0.2.src.rpm

i386:
6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm
4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
991754de75656c3bb52f65973ff6c26f libexif-devel-0.5.12-5.1.0.2.i386.rpm

x86_64:
6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm
1734951e779ec59b4bfc3f2e179238d7 libexif-0.5.12-5.1.0.2.x86_64.rpm
4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
40376173f752db73fcbb5bd44bed94f3 libexif-debuginfo-0.5.12-5.1.0.2.x86_64.rpm
470280d57b9b8a4684f6ae22fce1884d libexif-devel-0.5.12-5.1.0.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libexif-0.5.12-5.1.0.2.src.rpm
cc95784382095e50dbe7635f481aa9cf libexif-0.5.12-5.1.0.2.src.rpm

i386:
6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm
4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
991754de75656c3bb52f65973ff6c26f libexif-devel-0.5.12-5.1.0.2.i386.rpm

ia64:
6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm
f68c9026317026b58dd196bfd4af4bbf libexif-0.5.12-5.1.0.2.ia64.rpm
4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
11d6259eaff76f0469a0098c8bfe2d85 libexif-debuginfo-0.5.12-5.1.0.2.ia64.rpm
ecfce96bd377840f0cee4de6d2c4d1e8 libexif-devel-0.5.12-5.1.0.2.ia64.rpm

x86_64:
6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm
1734951e779ec59b4bfc3f2e179238d7 libexif-0.5.12-5.1.0.2.x86_64.rpm
4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
40376173f752db73fcbb5bd44bed94f3 libexif-debuginfo-0.5.12-5.1.0.2.x86_64.rpm
470280d57b9b8a4684f6ae22fce1884d libexif-devel-0.5.12-5.1.0.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libexif-0.5.12-5.1.0.2.src.rpm
cc95784382095e50dbe7635f481aa9cf libexif-0.5.12-5.1.0.2.src.rpm

i386:
6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm
4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
991754de75656c3bb52f65973ff6c26f libexif-devel-0.5.12-5.1.0.2.i386.rpm

ia64:
6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm
f68c9026317026b58dd196bfd4af4bbf libexif-0.5.12-5.1.0.2.ia64.rpm
4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
11d6259eaff76f0469a0098c8bfe2d85 libexif-debuginfo-0.5.12-5.1.0.2.ia64.rpm
ecfce96bd377840f0cee4de6d2c4d1e8 libexif-devel-0.5.12-5.1.0.2.ia64.rpm

x86_64:
6da6c2967783bcb980aecdc144d6dd02 libexif-0.5.12-5.1.0.2.i386.rpm
1734951e779ec59b4bfc3f2e179238d7 libexif-0.5.12-5.1.0.2.x86_64.rpm
4ef568e43b4db35b77c5d55dd6ba3343 libexif-debuginfo-0.5.12-5.1.0.2.i386.rpm
40376173f752db73fcbb5bd44bed94f3 libexif-debuginfo-0.5.12-5.1.0.2.x86_64.rpm
470280d57b9b8a4684f6ae22fce1884d libexif-devel-0.5.12-5.1.0.2.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libexif-0.6.13-4.0.2.el5.src.rpm
9c1360d0a15e568b9b73def358e1e216 libexif-0.6.13-4.0.2.el5.src.rpm

i386:
930dedbd73cc50756f08d8da7e69d3cc libexif-0.6.13-4.0.2.el5.i386.rpm
67b189515a55c0197d5978fc741d40fb libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm

x86_64:
930dedbd73cc50756f08d8da7e69d3cc libexif-0.6.13-4.0.2.el5.i386.rpm
e3130a9e84081d0ee5735e0bf027b186 libexif-0.6.13-4.0.2.el5.x86_64.rpm
67b189515a55c0197d5978fc741d40fb libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm
173cf3c2daefe7a78f5f2859803d4778 libexif-debuginfo-0.6.13-4.0.2.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libexif-0.6.13-4.0.2.el5.src.rpm
9c1360d0a15e568b9b73def358e1e216 libexif-0.6.13-4.0.2.el5.src.rpm

i386:
67b189515a55c0197d5978fc741d40fb libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm
6cc73cf44459c921979c87bb72c2423d libexif-devel-0.6.13-4.0.2.el5.i386.rpm

x86_64:
67b189515a55c0197d5978fc741d40fb libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm
173cf3c2daefe7a78f5f2859803d4778 libexif-debuginfo-0.6.13-4.0.2.el5.x86_64.rpm
6cc73cf44459c921979c87bb72c2423d libexif-devel-0.6.13-4.0.2.el5.i386.rpm
09804ed13ace52a3c98629e882652458 libexif-devel-0.6.13-4.0.2.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libexif-0.6.13-4.0.2.el5.src.rpm
9c1360d0a15e568b9b73def358e1e216 libexif-0.6.13-4.0.2.el5.src.rpm

i386:
930dedbd73cc50756f08d8da7e69d3cc libexif-0.6.13-4.0.2.el5.i386.rpm
67b189515a55c0197d5978fc741d40fb libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm
6cc73cf44459c921979c87bb72c2423d libexif-devel-0.6.13-4.0.2.el5.i386.rpm

ia64:
bdd1e73d38fa157910bafa527fbbb9b8 libexif-0.6.13-4.0.2.el5.ia64.rpm
8ed3e35b3368418f65e27a29ab32089c libexif-debuginfo-0.6.13-4.0.2.el5.ia64.rpm
6c717cfbef081e91678f0077e2990aa2 libexif-devel-0.6.13-4.0.2.el5.ia64.rpm

ppc:
a18174feefe9609197fc1965b10782ef libexif-0.6.13-4.0.2.el5.ppc.rpm
05756725b5317acf04a044fbb12f10eb libexif-0.6.13-4.0.2.el5.ppc64.rpm
cd467ec90128a6c417b6edbe51856919 libexif-debuginfo-0.6.13-4.0.2.el5.ppc.rpm
d0665b2a3d51d2370d44fdf79e90d927 libexif-debuginfo-0.6.13-4.0.2.el5.ppc64.rpm
a27203f6f7f67880c890f298a29ef269 libexif-devel-0.6.13-4.0.2.el5.ppc.rpm
f40b87f843489b5015b8325da0aeebe5 libexif-devel-0.6.13-4.0.2.el5.ppc64.rpm

s390x:
79ed6902bce120c38ebac83e374d9b82 libexif-0.6.13-4.0.2.el5.s390.rpm
c2d896aef222c14fae8976b222c3cfbe libexif-0.6.13-4.0.2.el5.s390x.rpm
70c4cc7f2a088a417242c0eab635f9d8 libexif-debuginfo-0.6.13-4.0.2.el5.s390.rpm
28b288059199d9897659f0fb1e29cf20 libexif-debuginfo-0.6.13-4.0.2.el5.s390x.rpm
1afbb123d879e1a682b21fca1b9231fb libexif-devel-0.6.13-4.0.2.el5.s390.rpm
fe8041e8b91383a74786a15ab0d8fc17 libexif-devel-0.6.13-4.0.2.el5.s390x.rpm

x86_64:
930dedbd73cc50756f08d8da7e69d3cc libexif-0.6.13-4.0.2.el5.i386.rpm
e3130a9e84081d0ee5735e0bf027b186 libexif-0.6.13-4.0.2.el5.x86_64.rpm
67b189515a55c0197d5978fc741d40fb libexif-debuginfo-0.6.13-4.0.2.el5.i386.rpm
173cf3c2daefe7a78f5f2859803d4778 libexif-debuginfo-0.6.13-4.0.2.el5.x86_64.rpm
6cc73cf44459c921979c87bb72c2423d libexif-devel-0.6.13-4.0.2.el5.i386.rpm
09804ed13ace52a3c98629e882652458 libexif-devel-0.6.13-4.0.2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGcYZsXlSAg2UNWIIRAiUeAKCEYAC9HRbt7+RoAQU7cYpmdvm0fQCgoBcg
AIGhqj1Rawghxkj7Hz+XFoU=
=OiK1
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20070501_01_moderate_libexif_integer_overflow.html)