Mandriva 1271 Published by

Updated libexif packages are available for Mandrakelinux
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: libexif
Advisory ID: MDKSA-2005:064
Date: March 31st, 2005

Affected versions: 10.0, 10.1, Corporate 3.0
______________________________________________________________________

Problem Description:

A buffer overflow was discovered in the way libexif parses EXIF tags. An attacker could exploit this by creating a special EXIF image file which could cause image viewers linked against libexif to crash.

The updated packages have been patched to correct these issues.



_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0664
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
7f98f8c823d04b1aec8ec8bf3082e540 10.0/RPMS/libexif9-0.5.12-3.1.100mdk.i586.rpm
784f8431abd3cbda25abc8294682c96b 10.0/RPMS/libexif9-devel-0.5.12-3.1.100mdk.i586.rpm
2423d8e2cc1e3e8c71066d21d17d72a7 10.0/SRPMS/libexif-0.5.12-3.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
8f83a355fabca8f769d1c9dad47d0702 amd64/10.0/RPMS/lib64exif9-0.5.12-3.1.100mdk.amd64.rpm
81d7acb71bd8e37dbc0fe5d9973d4863 amd64/10.0/RPMS/lib64exif9-devel-0.5.12-3.1.100mdk.amd64.rpm
2423d8e2cc1e3e8c71066d21d17d72a7 amd64/10.0/SRPMS/libexif-0.5.12-3.1.100mdk.src.rpm

Mandrakelinux 10.1:
e7c6cba5d064421751f62fe97a27a246 10.1/RPMS/libexif9-0.5.12-3.1.101mdk.i586.rpm
12f5698199b00e594a7b839415fc34ce 10.1/RPMS/libexif9-devel-0.5.12-3.1.101mdk.i586.rpm
d610996df4ade2cd8379ede0246624ba 10.1/SRPMS/libexif-0.5.12-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
62a6bd730ed477e3eaad9cbcc1fafcd7 x86_64/10.1/RPMS/lib64exif9-0.5.12-3.1.101mdk.x86_64.rpm
737f9820611343813338fa5135f7ec2e x86_64/10.1/RPMS/lib64exif9-devel-0.5.12-3.1.101mdk.x86_64.rpm
d610996df4ade2cd8379ede0246624ba x86_64/10.1/SRPMS/libexif-0.5.12-3.1.101mdk.src.rpm

Corporate 3.0:
1f6db50292973824440d2c5018fda499 corporate/3.0/RPMS/libexif9-0.5.12-3.1.C30mdk.i586.rpm
efa51f02a658c456a1a78f5d72eff888 corporate/3.0/RPMS/libexif9-devel-0.5.12-3.1.C30mdk.i586.rpm
062ba77c9d11fae7e66c9d7c6ba2b4d7 corporate/3.0/SRPMS/libexif-0.5.12-3.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
6372fdf5cf79f247869e5c3087fb8ecf x86_64/corporate/3.0/RPMS/lib64exif9-0.5.12-3.1.C30mdk.x86_64.rpm
6fc1cb6724795624d8c4569834487039 x86_64/corporate/3.0/RPMS/lib64exif9-devel-0.5.12-3.1.C30mdk.x86_64.rpm
062ba77c9d11fae7e66c9d7c6ba2b4d7 x86_64/corporate/3.0/SRPMS/libexif-0.5.12-3.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com