Debian: New libexif packages fix arbitrary code execution

    Date15 Apr 2005
    CategoryDebian
    5288
    Posted ByJoe Shakespeare
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 709-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    April 15th, 2005                        http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : libexif
    Vulnerability  : buffer overflow
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-0664
    Debian Bug     : 298464
    
    Sylvain Defresne discovered a buffer overflow in libexif, a library
    that parses EXIF files (such as JPEG files with extra tags).  This bug
    could be exploited to crash the application and maybe to execute
    arbitrary code as well.
    
    For the stable distribution (woody) this problem has been fixed in
    version 0.5.0-1woody1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 0.6.9-5.
    
    We recommend that you upgrade your libexif package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0-1woody1.dsc
          Size/MD5 checksum:      588 c5f9941eb60839a174b36ca5ef2e05ab
        http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0-1woody1.diff.gz
          Size/MD5 checksum:     2414 64f21ec303cd05c2d0bf15521e7707a0
        http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0.orig.tar.gz
          Size/MD5 checksum:   178556 76dd5547de0f0e707d5049fe751c4679
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_alpha.deb
          Size/MD5 checksum:    33402 68eca22ffef823e64bedf3db14c7778a
        http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_alpha.deb
          Size/MD5 checksum:    27170 f8b1016e5dc5acad95e315d6efb8c639
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_arm.deb
          Size/MD5 checksum:    26968 3f551f779beb9881bda8a0cdf5c2914b
        http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_arm.deb
          Size/MD5 checksum:    22208 6097611fbdc6de79c47569f3e3b6722f
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_i386.deb
          Size/MD5 checksum:    25932 42107613e27b51fab7d912d8fefdc064
        http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_i386.deb
          Size/MD5 checksum:    22334 c02b68cc168a284783c027d7d24d699b
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_ia64.deb
          Size/MD5 checksum:    35582 390a36964cfcd55de7038226565012c7
        http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_ia64.deb
          Size/MD5 checksum:    31536 0f2278ae6a257b58071b2e2ffa6eb3f9
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_hppa.deb
          Size/MD5 checksum:    30670 861713e3c4e355071c42087c9621dad1
        http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_hppa.deb
          Size/MD5 checksum:    25502 f8d1d59f8d9c61e0b1392d102dcc2b13
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_m68k.deb
          Size/MD5 checksum:    25280 34e605f3bbaa451da389328383948887
        http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_m68k.deb
          Size/MD5 checksum:    22670 610afa47c67a3bbbe3e214f2be62eba2
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_mips.deb
          Size/MD5 checksum:    29450 96459f3d71b380ebc8f77e21355cf817
        http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_mips.deb
          Size/MD5 checksum:    22534 52575f793b537c62e759c7f3abef57be
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_mipsel.deb
          Size/MD5 checksum:    29252 8b2f66fbacd87d306cb004c927469fce
        http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_mipsel.deb
          Size/MD5 checksum:    22274 3e29e52d3ab8df5b32527be2d4322d7a
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_powerpc.deb
          Size/MD5 checksum:    30602 17fcace29b3eceb732c244b4dba36e5c
        http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_powerpc.deb
          Size/MD5 checksum:    24140 ebc50f77e7085340b37dacd6dd9f62d7
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_s390.deb
          Size/MD5 checksum:    26324 0d9e42b9723d95844b63a24f2fdfe369
        http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_s390.deb
          Size/MD5 checksum:    23288 876b66520ca55e4791fdf4fc3f58aed2
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_sparc.deb
          Size/MD5 checksum:    28568 dd158a4009865418c60a6124292264c0
        http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_sparc.deb
          Size/MD5 checksum:    26168 06671f5d93b1ffa49b90bce5f36a33c5
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.