Linux Security
    Linux Security
    Linux Security

    Debian: New exiv2 packages fix arbitrary code execution

    Date 23 Jan 2008
    3711
    Posted By LinuxSecurity Advisories
    Meder Kydyraliev discovered an integer overflow in the thumbnail handling of libexif, the EXIF/IPTC metadata manipulation library, which could result in the execution of arbitrary code.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1474-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                       Moritz Muehlenhoff
    January 23, 2008                      https://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : exiv2
    Vulnerability  : integer overflow
    Problem type   : local(remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2007-6353
    
    Meder Kydyraliev discovered an integer overflow in the thumbnail
    handling of libexif, the EXIF/IPTC metadata manipulation library, which
    could result in the execution of arbitrary code.
    
    For the stable distribution (etch), this problem has been fixed in
    version 0.10-1.5.
    
    The old stable distribution (sarge) doesn't contain exiv2 packages.
    
    We recommend that you upgrade your exiv2 packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5.diff.gz
        Size/MD5 checksum:    31515 ff0fc3ef64872fbb591f7258620f5f0b
      https://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5.dsc
        Size/MD5 checksum:      660 ed1b77214142dfedc6c6d88d475987d9
      https://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10.orig.tar.gz
        Size/MD5 checksum:  2053756 5af2256fb9895d9331684e8c1865b956
    
    Architecture independent packages:
    
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-doc_0.10-1.5_all.deb
        Size/MD5 checksum:  1471716 ba3233f1b9cf71d3bf45ce0790942af9
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_alpha.deb
        Size/MD5 checksum:    82506 a1c6311554e0301f3e5707ce45b12c44
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_alpha.deb
        Size/MD5 checksum:   315770 08a274e26723b6644121a77718650df8
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_alpha.deb
        Size/MD5 checksum:   716946 65bd53cad7fe49bd5a8b52c18845531d
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_amd64.deb
        Size/MD5 checksum:    75710 214d62419a4da25d2c43119992adc1b8
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_amd64.deb
        Size/MD5 checksum:   546036 b1d63a71e00c934d14f3263d626466a2
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_amd64.deb
        Size/MD5 checksum:   282494 0b963505e15fc126583c08b4d6a8671e
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_arm.deb
        Size/MD5 checksum:    88084 05fbc6853bc2517e58e587bc2e45942c
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_arm.deb
        Size/MD5 checksum:   311516 12a1dbbc1dc560187fec31152836831e
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_arm.deb
        Size/MD5 checksum:   552870 9e6da478b70cac4cd297c1a2efe8713f
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_hppa.deb
        Size/MD5 checksum:   642320 b55a5e8930f4e4fec0e1b83fd2f8d9f8
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_hppa.deb
        Size/MD5 checksum:   349652 520fcd26a32bcb915f1221a7cc09d342
      https://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_hppa.deb
        Size/MD5 checksum:    82724 643c5f109ad8b0b1e4f2d9ee35cf8283
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_i386.deb
        Size/MD5 checksum:    75758 33830c83524ab3ea4fb72ed5fad9889a
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_i386.deb
        Size/MD5 checksum:   509668 5871ee4d12d7833b55434a0bd2c78804
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_i386.deb
        Size/MD5 checksum:   283882 32dc3334472467a5642b3ebf70d73f83
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_ia64.deb
        Size/MD5 checksum:   730890 47ae5bab36a976e9d4c9d20c7e059e06
      https://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_ia64.deb
        Size/MD5 checksum:    95450 1a14407cb292d2a7991a34434d971878
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_ia64.deb
        Size/MD5 checksum:   368756 4c9297fa105c67af45b7971f0b00c299
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_mips.deb
        Size/MD5 checksum:   271654 811dc70c015b27cdcc94bad7147a0fa4
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_mips.deb
        Size/MD5 checksum:   586988 fbd433a7f7369be1cff39f9d79b1395e
      https://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_mips.deb
        Size/MD5 checksum:    73684 beaaf91359bb0b3d0f3a22a1cade1505
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_mipsel.deb
        Size/MD5 checksum:   583038 de9ddb262ef8f49e0512119206ef63b0
      https://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_mipsel.deb
        Size/MD5 checksum:    73176 f5d016a0b5e2ec60ef2e2d3446e363b3
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_mipsel.deb
        Size/MD5 checksum:   267776 68fa9f26c0c3fbbda74bd6139e332615
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_powerpc.deb
        Size/MD5 checksum:   296440 a306748aafa37fa4d7874f817520f71f
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_powerpc.deb
        Size/MD5 checksum:   569730 cbf10c6a2166a27406dee3e151ec498b
      https://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_powerpc.deb
        Size/MD5 checksum:    76080 dd8f0bfdddf9896fa21dd455a8c30052
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_s390.deb
        Size/MD5 checksum:    70088 6a1550294fdf218741ca998c621825b5
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_s390.deb
        Size/MD5 checksum:   534022 d2b1f2455e02e16a300f0478c4b40779
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_s390.deb
        Size/MD5 checksum:   288842 2134f38671787dd40a582deda5771824
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_sparc.deb
        Size/MD5 checksum:   306884 0cff748083910cd2359765fef3d3b6e0
      https://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_sparc.deb
        Size/MD5 checksum:   511544 97c2efefdb8d3067d88b82763e7eba6e
      https://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_sparc.deb
        Size/MD5 checksum:    73494 89d72b486036f6bfabde2cbfc1c16986
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.