Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-478-1: libexif vulnerability
Posted by Bob on: 06/27/2007 01:10 AM [ Print | 0 comment(s) ]
A new libexif vulnerability update is available for Ubuntu Linux. Here the announcement:
Ubuntu Security Notice USN-478-1 June 26, 2007
libexif vulnerability
CVE-2006-4168
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libexif12 0.6.12-2ubuntu0.2
Ubuntu 6.10:
libexif12 0.6.13-4ubuntu0.2
Ubuntu 7.04:
libexif12 0.6.13-5ubuntu0.2
After a standard system upgrade you need to restart your session to
effect the necessary changes.
Details follow:
Sean Larsson discovered that libexif did not correctly verify the size of
EXIF components. By tricking a user into opening an image with specially
crafted EXIF headers, a remote attacker could cause the application
using libexif to execute arbitrary code with user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.12=
-2ubuntu0.2.diff.gz
Size/MD5: 4113 730eb735217c43b8db8c01791cc75d5c
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.12=
-2ubuntu0.2.dsc
Size/MD5: 600 8143e72ccb227ae06480b0868df01c37
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.12=
.orig.tar.gz
Size/MD5: 537829 69501aaf0862a79aaeeb73e81e8c1306
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.12-2ubuntu0.2_amd64.deb
Size/MD5: 77656 1dbbb161ee2e8d59fe27037f8f2e0f5c
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
12-2ubuntu0.2_amd64.deb
Size/MD5: 61838 efb782c9eb16161a11c9ff1e3c00c0af
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.12-2ubuntu0.2_i386.deb
Size/MD5: 72906 891aaf10c9f8dace3a874b931205a12c
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
12-2ubuntu0.2_i386.deb
Size/MD5: 57728 547f46acb443f242b0a6c5664551ee7e
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.12-2ubuntu0.2_powerpc.deb
Size/MD5: 78108 26600c84d77cb0f8d75a47459a6e6cf5
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
12-2ubuntu0.2_powerpc.deb
Size/MD5: 60704 a42302bcd4ea27d14872504c217ef874
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.12-2ubuntu0.2_sparc.deb
Size/MD5: 75670 05a51fd9479e467e9355b19498296354
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
12-2ubuntu0.2_sparc.deb
Size/MD5: 58684 d9c28f243e65dc8135d4824563c1f78f
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
-4ubuntu0.2.diff.gz
Size/MD5: 4423 cc5af5645683e8805b099f682d49a94d
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
-4ubuntu0.2.dsc
Size/MD5: 619 8a933c06a735c10ab877aeb0ed67cbac
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
.orig.tar.gz
Size/MD5: 727418 e5ad93c170bfb4fed6dc3e1c7a7948cb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-4ubuntu0.2_amd64.deb
Size/MD5: 1005552 0188fc8815a6d86800de62ac63d5a72e
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-4ubuntu0.2_amd64.deb
Size/MD5: 69232 34cb35ec853dfddc67dc22b74f48a9a6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-4ubuntu0.2_i386.deb
Size/MD5: 996198 26ae4434d2bdb7e8c885fb111b7ef2f5
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-4ubuntu0.2_i386.deb
Size/MD5: 66058 cf044c342776fe0962041c850f88dfcb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-4ubuntu0.2_powerpc.deb
Size/MD5: 1005436 2e219fd5df0a5bde51f158e9fa0c9a00
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-4ubuntu0.2_powerpc.deb
Size/MD5: 64676 0152c1995cd0841e0918e883180a4942
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-4ubuntu0.2_sparc.deb
Size/MD5: 1002600 e7bbfac1c041f27681ffb78089c5b537
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-4ubuntu0.2_sparc.deb
Size/MD5: 64582 a8be73af4baf2e8e04e6a1f91740ed5b
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
-5ubuntu0.2.diff.gz
Size/MD5: 9428 5406de6855d2d0831291338ab2064688
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
-5ubuntu0.2.dsc
Size/MD5: 703 7bd3f9b317d450bba43694e44d9ef323
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
.orig.tar.gz
Size/MD5: 727418 e5ad93c170bfb4fed6dc3e1c7a7948cb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-5ubuntu0.2_amd64.deb
Size/MD5: 1005804 ab89d560bf2821e5cf65ae70b2394670
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-5ubuntu0.2_amd64.deb
Size/MD5: 70162 f6c60f358334dcadea3852ff4fa5374b
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-5ubuntu0.2_i386.deb
Size/MD5: 996514 7519fab6a1e61589697a873a432dca9e
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-5ubuntu0.2_i386.deb
Size/MD5: 67160 6a1de2a9cfb7d06c0e6e74931cf74e38
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-5ubuntu0.2_powerpc.deb
Size/MD5: 1006210 9877b5b91a1fcb3e1a8148a3d76f0652
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-5ubuntu0.2_powerpc.deb
Size/MD5: 67728 ce5b2421a8e85e006f0eb0d523ad3a3e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-5ubuntu0.2_sparc.deb
Size/MD5: 1003148 229be831664b3053d47edca4286898c9
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-5ubuntu0.2_sparc.deb
Size/MD5: 65468 dda5d0a49e0fcfd48f9d0dc4dcd160f4
--FN+gV9K+162wdwwF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGgarqH/9LqRcGPm0RAkSBAJ9DA3W1XZOGQq/4avWQayW37+nJ6gCfWY/k
0pgR2gSeabnN14+51JCBZfs=
=mH82
-----END PGP SIGNATURE-----
libexif vulnerability
CVE-2006-4168
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libexif12 0.6.12-2ubuntu0.2
Ubuntu 6.10:
libexif12 0.6.13-4ubuntu0.2
Ubuntu 7.04:
libexif12 0.6.13-5ubuntu0.2
After a standard system upgrade you need to restart your session to
effect the necessary changes.
Details follow:
Sean Larsson discovered that libexif did not correctly verify the size of
EXIF components. By tricking a user into opening an image with specially
crafted EXIF headers, a remote attacker could cause the application
using libexif to execute arbitrary code with user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.12=
-2ubuntu0.2.diff.gz
Size/MD5: 4113 730eb735217c43b8db8c01791cc75d5c
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.12=
-2ubuntu0.2.dsc
Size/MD5: 600 8143e72ccb227ae06480b0868df01c37
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.12=
.orig.tar.gz
Size/MD5: 537829 69501aaf0862a79aaeeb73e81e8c1306
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.12-2ubuntu0.2_amd64.deb
Size/MD5: 77656 1dbbb161ee2e8d59fe27037f8f2e0f5c
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
12-2ubuntu0.2_amd64.deb
Size/MD5: 61838 efb782c9eb16161a11c9ff1e3c00c0af
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.12-2ubuntu0.2_i386.deb
Size/MD5: 72906 891aaf10c9f8dace3a874b931205a12c
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
12-2ubuntu0.2_i386.deb
Size/MD5: 57728 547f46acb443f242b0a6c5664551ee7e
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.12-2ubuntu0.2_powerpc.deb
Size/MD5: 78108 26600c84d77cb0f8d75a47459a6e6cf5
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
12-2ubuntu0.2_powerpc.deb
Size/MD5: 60704 a42302bcd4ea27d14872504c217ef874
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.12-2ubuntu0.2_sparc.deb
Size/MD5: 75670 05a51fd9479e467e9355b19498296354
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
12-2ubuntu0.2_sparc.deb
Size/MD5: 58684 d9c28f243e65dc8135d4824563c1f78f
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
-4ubuntu0.2.diff.gz
Size/MD5: 4423 cc5af5645683e8805b099f682d49a94d
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
-4ubuntu0.2.dsc
Size/MD5: 619 8a933c06a735c10ab877aeb0ed67cbac
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
.orig.tar.gz
Size/MD5: 727418 e5ad93c170bfb4fed6dc3e1c7a7948cb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-4ubuntu0.2_amd64.deb
Size/MD5: 1005552 0188fc8815a6d86800de62ac63d5a72e
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-4ubuntu0.2_amd64.deb
Size/MD5: 69232 34cb35ec853dfddc67dc22b74f48a9a6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-4ubuntu0.2_i386.deb
Size/MD5: 996198 26ae4434d2bdb7e8c885fb111b7ef2f5
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-4ubuntu0.2_i386.deb
Size/MD5: 66058 cf044c342776fe0962041c850f88dfcb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-4ubuntu0.2_powerpc.deb
Size/MD5: 1005436 2e219fd5df0a5bde51f158e9fa0c9a00
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-4ubuntu0.2_powerpc.deb
Size/MD5: 64676 0152c1995cd0841e0918e883180a4942
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-4ubuntu0.2_sparc.deb
Size/MD5: 1002600 e7bbfac1c041f27681ffb78089c5b537
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-4ubuntu0.2_sparc.deb
Size/MD5: 64582 a8be73af4baf2e8e04e6a1f91740ed5b
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
-5ubuntu0.2.diff.gz
Size/MD5: 9428 5406de6855d2d0831291338ab2064688
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
-5ubuntu0.2.dsc
Size/MD5: 703 7bd3f9b317d450bba43694e44d9ef323
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
.orig.tar.gz
Size/MD5: 727418 e5ad93c170bfb4fed6dc3e1c7a7948cb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-5ubuntu0.2_amd64.deb
Size/MD5: 1005804 ab89d560bf2821e5cf65ae70b2394670
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-5ubuntu0.2_amd64.deb
Size/MD5: 70162 f6c60f358334dcadea3852ff4fa5374b
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-5ubuntu0.2_i386.deb
Size/MD5: 996514 7519fab6a1e61589697a873a432dca9e
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-5ubuntu0.2_i386.deb
Size/MD5: 67160 6a1de2a9cfb7d06c0e6e74931cf74e38
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-5ubuntu0.2_powerpc.deb
Size/MD5: 1006210 9877b5b91a1fcb3e1a8148a3d76f0652
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-5ubuntu0.2_powerpc.deb
Size/MD5: 67728 ce5b2421a8e85e006f0eb0d523ad3a3e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-5ubuntu0.2_sparc.deb
Size/MD5: 1003148 229be831664b3053d47edca4286898c9
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-5ubuntu0.2_sparc.deb
Size/MD5: 65468 dda5d0a49e0fcfd48f9d0dc4dcd160f4
--FN+gV9K+162wdwwF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGgarqH/9LqRcGPm0RAkSBAJ9DA3W1XZOGQq/4avWQayW37+nJ6gCfWY/k
0pgR2gSeabnN14+51JCBZfs=
=mH82
-----END PGP SIGNATURE-----
