---------------------------------------------------------------------Fedora Update Notification
FEDORA-2007-614
2007-06-27
---------------------------------------------------------------------Product     : Fedora Core 6
Name        : libexif
Version     : 0.6.15
Release     : 2.fc6
Summary     : Library for extracting extra information from image files
Description :
Most digital cameras produce EXIF files, which are JPEG files with
extra tags that contain information about the image. The EXIF library
allows you to parse an EXIF file and read the data from those tags.

---------------------------------------------------------------------Update Information:

The libexif package contains the EXIF library. Applications
use this library to parse EXIF image files.

An integer overflow flaw was found in the way libexif parses
EXIF image tags. If a victim opens a carefully crafted EXIF
image file it could cause the application linked against
libexif to execute arbitrary code or crash. (CVE-2007-4168)

Users of libexif should upgrade to these updated packages,
which contain a backported patch and are not vulnerable to
this issue.
---------------------------------------------------------------------* Wed Jun 13 2007 Matthias Clasen  - 0.6.15-2
- Add patch for CVE-2007-4168. Fix bug #243892

---------------------------------------------------------------------This update can be downloaded from:
    
0fd5f1acfb37de5bd85b973ecf3b00c69ff6d5e9  SRPMS/libexif-0.6.15-2.fc6.src.rpm
0fd5f1acfb37de5bd85b973ecf3b00c69ff6d5e9  noarch/libexif-0.6.15-2.fc6.src.rpm
f715aefa9558f7b827606e98c5d88bf919d9e5ff  ppc/debug/libexif-debuginfo-0.6.15-2.fc6.ppc.rpm
c9a85c20b950a5c8f829280f05281d3657dd2aa9  ppc/libexif-0.6.15-2.fc6.ppc.rpm
90ed3965fdd563b74bd8e5f2d4af01b12e58b0e6  ppc/libexif-devel-0.6.15-2.fc6.ppc.rpm
f86b69b898a3824c1dcbadb14933d2866c310473  x86_64/debug/libexif-debuginfo-0.6.15-2.fc6.x86_64.rpm
ad3fd34dad258162c4bc9aa65020790af273b1a5  x86_64/libexif-devel-0.6.15-2.fc6.x86_64.rpm
9a3b3e18968081440411426a9139d5ca39ad196e  x86_64/libexif-0.6.15-2.fc6.x86_64.rpm
4e10c52ad5dc5eca65d7d57bc9b86aba61b3b276  i386/libexif-0.6.15-2.fc6.i386.rpm
99ecbcfcdaeea08641c0a61b6d6c72c66530f214  i386/libexif-devel-0.6.15-2.fc6.i386.rpm
e583ddd0572027f1421a0d9ad1694d3769b1394e  i386/debug/libexif-debuginfo-0.6.15-2.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at .
---------------------------------------------------------------------_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora Core 6 Update: libexif-0.6.15-2.fc6

June 29, 2007
The libexif package contains the EXIF library

Summary

Most digital cameras produce EXIF files, which are JPEG files with

extra tags that contain information about the image. The EXIF library

allows you to parse an EXIF file and read the data from those tags.

The libexif package contains the EXIF library. Applications

use this library to parse EXIF image files.

An integer overflow flaw was found in the way libexif parses

EXIF image tags. If a victim opens a carefully crafted EXIF

image file it could cause the application linked against

libexif to execute arbitrary code or crash. (CVE-2007-4168)

Users of libexif should upgrade to these updated packages,

which contain a backported patch and are not vulnerable to

this issue.

- Add patch for CVE-2007-4168. Fix bug #243892

0fd5f1acfb37de5bd85b973ecf3b00c69ff6d5e9 SRPMS/libexif-0.6.15-2.fc6.src.rpm

0fd5f1acfb37de5bd85b973ecf3b00c69ff6d5e9 noarch/libexif-0.6.15-2.fc6.src.rpm

f715aefa9558f7b827606e98c5d88bf919d9e5ff ppc/debug/libexif-debuginfo-0.6.15-2.fc6.ppc.rpm

c9a85c20b950a5c8f829280f05281d3657dd2aa9 ppc/libexif-0.6.15-2.fc6.ppc.rpm

90ed3965fdd563b74bd8e5f2d4af01b12e58b0e6 ppc/libexif-devel-0.6.15-2.fc6.ppc.rpm

f86b69b898a3824c1dcbadb14933d2866c310473 x86_64/debug/libexif-debuginfo-0.6.15-2.fc6.x86_64.rpm

ad3fd34dad258162c4bc9aa65020790af273b1a5 x86_64/libexif-devel-0.6.15-2.fc6.x86_64.rpm

9a3b3e18968081440411426a9139d5ca39ad196e x86_64/libexif-0.6.15-2.fc6.x86_64.rpm

4e10c52ad5dc5eca65d7d57bc9b86aba61b3b276 i386/libexif-0.6.15-2.fc6.i386.rpm

99ecbcfcdaeea08641c0a61b6d6c72c66530f214 i386/libexif-devel-0.6.15-2.fc6.i386.rpm

e583ddd0572027f1421a0d9ad1694d3769b1394e i386/debug/libexif-debuginfo-0.6.15-2.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-package-announce

FEDORA-2007-614 2007-06-27 Name : libexif Version : 0.6.15 Release : 2.fc6 Summary : Library for extracting extra information from image files Description : Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags. The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. - Add patch for CVE-2007-4168. Fix bug #243892 0fd5f1acfb37de5bd85b973ecf3b00c69ff6d5e9 SRPMS/libexif-0.6.15-2.fc6.src.rpm 0fd5f1acfb37de5bd85b973ecf3b00c69ff6d5e9 noarch/libexif-0.6.15-2.fc6.src.rpm f715aefa9558f7b827606e98c5d88bf919d9e5ff ppc/debug/libexif-debuginfo-0.6.15-2.fc6.ppc.rpm c9a85c20b950a5c8f829280f05281d3657dd2aa9 ppc/libexif-0.6.15-2.fc6.ppc.rpm 90ed3965fdd563b74bd8e5f2d4af01b12e58b0e6 ppc/libexif-devel-0.6.15-2.fc6.ppc.rpm f86b69b898a3824c1dcbadb14933d2866c310473 x86_64/debug/libexif-debuginfo-0.6.15-2.fc6.x86_64.rpm ad3fd34dad258162c4bc9aa65020790af273b1a5 x86_64/libexif-devel-0.6.15-2.fc6.x86_64.rpm 9a3b3e18968081440411426a9139d5ca39ad196e x86_64/libexif-0.6.15-2.fc6.x86_64.rpm 4e10c52ad5dc5eca65d7d57bc9b86aba61b3b276 i386/libexif-0.6.15-2.fc6.i386.rpm 99ecbcfcdaeea08641c0a61b6d6c72c66530f214 i386/libexif-devel-0.6.15-2.fc6.i386.rpm e583ddd0572027f1421a0d9ad1694d3769b1394e i386/debug/libexif-debuginfo-0.6.15-2.fc6.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce

Change Log

References

Update Instructions

Severity
Name : libexif
Version : 0.6.15
Release : 2.fc6
Summary : Library for extracting extra information from image files

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved