Debian: New libexif packages fix several vulnerabilities

    Date08 Feb 2008
    CategoryDebian
    3545
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the EXIF parsing code of the libexif library, which can lead to denial of service or the xecution of arbitrary code if a user is tricked into opening a malformed image.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1487-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    February 08, 2008                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : libexif
    Vulnerability  : several
    Problem type   : local(remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2007-2645 CVE-2007-6351 CVE-2007-6352
    
    Several vulnerabilities have been discovered in the EXIF parsing code
    of the libexif library, which can lead to denial of service or the 
    xecution of arbitrary code if a user is tricked into opening a
    malformed image.
    
    CVE-2007-2645
    
        Victor Stinner discovered an integer overflow, which may result in
        denial of service or potentially the execution of arbitrary code.
    
    CVE-2007-6351
    
        Meder Kydyraliev discovered an infinite loop, which may result in
        denial of service.
    
    CVE-2007-6352
    
        Victor Stinner discovered an integer overflow, which may result
        in denial of service or potentially the execution of arbitrary
        code.
    
    This update also fixes two potential NULL pointer deferences.
    
    For the stable distribution (etch), these problems have been fixed in
    version 0.6.13-5etch2.
    
    For the old stable distribution (sarge), these problems have been
    fixed in 0.6.9-6sarge2.
    
    
    We recommend that you upgrade your libexif packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 3.1 (oldstable)
    - ----------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9.orig.tar.gz
        Size/MD5 checksum:   520956 0aa142335a8a00c32bb6c7dbfe95fc24
      http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge2.dsc
        Size/MD5 checksum:      591 1ab880b25e1e3ba979d2b6441a3367d5
      http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge2.diff.gz
        Size/MD5 checksum:     5162 47e515e0688cd1c661456df1b5d77601
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_alpha.deb
        Size/MD5 checksum:    87534 d7d3df515250467671cbc2d9f158269e
      http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_alpha.deb
        Size/MD5 checksum:    87554 ee4573f7453ca96efda9cd094d106e30
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_amd64.deb
        Size/MD5 checksum:    67756 af682500abe0346627ba15e941fa0b1a
      http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_amd64.deb
        Size/MD5 checksum:    82068 37e1b283512138577147b1acb9717ed7
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_arm.deb
        Size/MD5 checksum:    64146 62d0c51dbb3339746066bb04d787af45
      http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_arm.deb
        Size/MD5 checksum:    77004 0d1a7247d251ca72ff84e4da7dcca53b
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_i386.deb
        Size/MD5 checksum:    81194 bed6762757bd00b262a0829419cd6634
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_i386.deb
        Size/MD5 checksum:    66828 8cc90864578b2854bc71255638e47fb5
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_ia64.deb
        Size/MD5 checksum:    84318 4a59f435077564e89aca96c95d026a10
      http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_ia64.deb
        Size/MD5 checksum:    95484 e4ac3f25989bcfc22bc87b1e0d95772e
    
    m68k architecture (Motorola Mc680x0)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_m68k.deb
        Size/MD5 checksum:    58050 7fef4665ccd47cc42632a329500e70a5
      http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_m68k.deb
        Size/MD5 checksum:    79196 46342bf50631c9d64ed103511b1b893c
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_mips.deb
        Size/MD5 checksum:    69282 708a8d5c33c9a55a4ab4756710839206
      http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_mips.deb
        Size/MD5 checksum:    77082 97212d583943be6d83afcec731e27ac1
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_mipsel.deb
        Size/MD5 checksum:    67646 c857ec6882ed8cbb47e051a90df7ca96
      http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_mipsel.deb
        Size/MD5 checksum:    77138 47e7a22eb17e671e2ccb500a775a85d1
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_powerpc.deb
        Size/MD5 checksum:    81332 72847874c73086de64a25d03f48a2780
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_powerpc.deb
        Size/MD5 checksum:    69112 c4584d2f07fbdb932c85e2633ca9b2a8
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_s390.deb
        Size/MD5 checksum:    82268 3f308fb9b59f68ffdbf7390e76f570c2
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_s390.deb
        Size/MD5 checksum:    69724 21b6aa80c1a1c1a1b3e8bcd9165c8c43
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_sparc.deb
        Size/MD5 checksum:    66296 ee6bceace68322f90e171c89c441e4c6
      http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_sparc.deb
        Size/MD5 checksum:    80280 4e9b6787b57c526192bdc2de9d5d6a7f
    
    Debian 4.0 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13.orig.tar.gz
        Size/MD5 checksum:   727418 e5ad93c170bfb4fed6dc3e1c7a7948cb
      http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch2.dsc
        Size/MD5 checksum:      611 31d21b75dede8ab7357d68dc10f31b03
      http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch2.diff.gz
        Size/MD5 checksum:     9821 99a0a91ef86facebe77eb309e84187ee
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_alpha.deb
        Size/MD5 checksum:   148400 569ffd818b70ff416f2b50033c504a69
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_alpha.deb
        Size/MD5 checksum:  1068446 66c630fb722856971a824fc00e7ae0f5
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_amd64.deb
        Size/MD5 checksum:  1044250 b3c5a88cb260655fc65d2ccbd1e2e25b
      http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_amd64.deb
        Size/MD5 checksum:   143178 f76de0764808bf3e2c82867954e2a214
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_arm.deb
        Size/MD5 checksum:   136448 0f04c8ec7d86dd7c5e2d104cd0a8592a
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_arm.deb
        Size/MD5 checksum:  1047204 0b0a09e307bd48dd38ea7be61901eec6
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_i386.deb
        Size/MD5 checksum:   140088 74f55a40478fb3735293b8b20a9b29b9
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_i386.deb
        Size/MD5 checksum:  1008258 98478f9f44a8121aaa68173eabb9d045
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_ia64.deb
        Size/MD5 checksum:   159480 f35f6ad4c85c7d0b2898a918fd452081
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_ia64.deb
        Size/MD5 checksum:  1028756 add2a11a37f72fc8e00db36acc7aba96
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_mips.deb
        Size/MD5 checksum:  1043420 a2a95479dea713b082fef5c1b5309ea7
      http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_mips.deb
        Size/MD5 checksum:   137352 54a048d4d4d5040a026887e93dadb61d
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_mipsel.deb
        Size/MD5 checksum:   136158 f713af175516742b0cda4422b85810ad
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_mipsel.deb
        Size/MD5 checksum:  1008294 bc6a4b93282d64d33f1d26eee59c5bb4
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_powerpc.deb
        Size/MD5 checksum:   138282 cb57a663e790a4155635009c8948eeca
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_powerpc.deb
        Size/MD5 checksum:  1005588 26264ee184bad0af01f7861e3a5db6e7
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_s390.deb
        Size/MD5 checksum:   143596 f4246c73e1d35cc56bc3fca55ec7675f
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_s390.deb
        Size/MD5 checksum:  1007802 df0e068ffdb783f1da5418e518d623ce
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_sparc.deb
        Size/MD5 checksum:   138354 d27c15349891f23956642b19733da994
      http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_sparc.deb
        Size/MD5 checksum:  1002854 c44f9f239a4e13da27ccb78a42d54df3
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"8","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":21.43,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"3","type":"x","order":"3","pct":21.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.