Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Red Hat: 2012:1255-01 Moderate: Libexif Image Processing Exploit

Calendar Sep 11, 2012 User Avatar LinuxSecurity Advisories
5 - 9 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate Red Hat software update exploit image processing libexif
Updated libexif packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...] 
====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: libexif security update
Advisory ID:       RHSA-2012:1255-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2012:1255.html
Issue date:        2012-09-11
CVE Names:         CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 
                   CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 
                   CVE-2012-2841 
====================================================================
1. Summary:

Updated libexif packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

The libexif packages provide an Exchangeable image file format (Exif)
library. Exif allows metadata to be added to and read from certain types
of image files.

Multiple flaws were found in the way libexif processed Exif tags. An
attacker could create a specially-crafted image file that, when opened in
an application linked against libexif, could cause the application to
crash or, potentially, execute arbitrary code with the privileges of the
user running the application. (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814,
CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841)

Red Hat would like to thank Dan Fandrich for reporting these issues.
Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the
original reporter of CVE-2012-2812, CVE-2012-2813, and CVE-2012-2814; and
Yunho Kim as the original reporter of CVE-2012-2836 and CVE-2012-2837.

Users of libexif are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. All running
applications linked against libexif must be restarted for the update to
take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

839182 - CVE-2012-2813 libexif: "exif_convert_utf16_to_utf8()" heap-based out-of-bounds array read
839183 - CVE-2012-2814 libexif: "exif_entry_format_value()" buffer overflow
839184 - CVE-2012-2836 libexif: "exif_data_load_data()" heap-based out-of-bounds array read
839185 - CVE-2012-2837 libexif: "mnote_olympus_entry_get_value()" division by zero
839188 - CVE-2012-2840 libexif: "exif_convert_utf16_to_utf8()" off-by-one
839189 - CVE-2012-2841 libexif: "exif_entry_get_value()" integer underflow
839203 - CVE-2012-2812 libexif: "exif_entry_get_value()" heap-based out-of-bounds array read

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:

i386:
libexif-0.6.21-1.el5_8.i386.rpm
libexif-debuginfo-0.6.21-1.el5_8.i386.rpm

x86_64:
libexif-0.6.21-1.el5_8.i386.rpm
libexif-0.6.21-1.el5_8.x86_64.rpm
libexif-debuginfo-0.6.21-1.el5_8.i386.rpm
libexif-debuginfo-0.6.21-1.el5_8.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:

i386:
libexif-debuginfo-0.6.21-1.el5_8.i386.rpm
libexif-devel-0.6.21-1.el5_8.i386.rpm

x86_64:
libexif-debuginfo-0.6.21-1.el5_8.i386.rpm
libexif-debuginfo-0.6.21-1.el5_8.x86_64.rpm
libexif-devel-0.6.21-1.el5_8.i386.rpm
libexif-devel-0.6.21-1.el5_8.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:

i386:
libexif-0.6.21-1.el5_8.i386.rpm
libexif-debuginfo-0.6.21-1.el5_8.i386.rpm
libexif-devel-0.6.21-1.el5_8.i386.rpm

ia64:
libexif-0.6.21-1.el5_8.ia64.rpm
libexif-debuginfo-0.6.21-1.el5_8.ia64.rpm
libexif-devel-0.6.21-1.el5_8.ia64.rpm

ppc:
libexif-0.6.21-1.el5_8.ppc.rpm
libexif-0.6.21-1.el5_8.ppc64.rpm
libexif-debuginfo-0.6.21-1.el5_8.ppc.rpm
libexif-debuginfo-0.6.21-1.el5_8.ppc64.rpm
libexif-devel-0.6.21-1.el5_8.ppc.rpm
libexif-devel-0.6.21-1.el5_8.ppc64.rpm

s390x:
libexif-0.6.21-1.el5_8.s390.rpm
libexif-0.6.21-1.el5_8.s390x.rpm
libexif-debuginfo-0.6.21-1.el5_8.s390.rpm
libexif-debuginfo-0.6.21-1.el5_8.s390x.rpm
libexif-devel-0.6.21-1.el5_8.s390.rpm
libexif-devel-0.6.21-1.el5_8.s390x.rpm

x86_64:
libexif-0.6.21-1.el5_8.i386.rpm
libexif-0.6.21-1.el5_8.x86_64.rpm
libexif-debuginfo-0.6.21-1.el5_8.i386.rpm
libexif-debuginfo-0.6.21-1.el5_8.x86_64.rpm
libexif-devel-0.6.21-1.el5_8.i386.rpm
libexif-devel-0.6.21-1.el5_8.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:

i386:
libexif-0.6.21-5.el6_3.i686.rpm
libexif-debuginfo-0.6.21-5.el6_3.i686.rpm

x86_64:
libexif-0.6.21-5.el6_3.i686.rpm
libexif-0.6.21-5.el6_3.x86_64.rpm
libexif-debuginfo-0.6.21-5.el6_3.i686.rpm
libexif-debuginfo-0.6.21-5.el6_3.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:

i386:
libexif-debuginfo-0.6.21-5.el6_3.i686.rpm
libexif-devel-0.6.21-5.el6_3.i686.rpm

x86_64:
libexif-debuginfo-0.6.21-5.el6_3.i686.rpm
libexif-debuginfo-0.6.21-5.el6_3.x86_64.rpm
libexif-devel-0.6.21-5.el6_3.i686.rpm
libexif-devel-0.6.21-5.el6_3.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:

x86_64:
libexif-0.6.21-5.el6_3.i686.rpm
libexif-0.6.21-5.el6_3.x86_64.rpm
libexif-debuginfo-0.6.21-5.el6_3.i686.rpm
libexif-debuginfo-0.6.21-5.el6_3.x86_64.rpm
libexif-devel-0.6.21-5.el6_3.i686.rpm
libexif-devel-0.6.21-5.el6_3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:

i386:
libexif-0.6.21-5.el6_3.i686.rpm
libexif-debuginfo-0.6.21-5.el6_3.i686.rpm
libexif-devel-0.6.21-5.el6_3.i686.rpm

ppc64:
libexif-0.6.21-5.el6_3.ppc.rpm
libexif-0.6.21-5.el6_3.ppc64.rpm
libexif-debuginfo-0.6.21-5.el6_3.ppc.rpm
libexif-debuginfo-0.6.21-5.el6_3.ppc64.rpm
libexif-devel-0.6.21-5.el6_3.ppc.rpm
libexif-devel-0.6.21-5.el6_3.ppc64.rpm

s390x:
libexif-0.6.21-5.el6_3.s390.rpm
libexif-0.6.21-5.el6_3.s390x.rpm
libexif-debuginfo-0.6.21-5.el6_3.s390.rpm
libexif-debuginfo-0.6.21-5.el6_3.s390x.rpm
libexif-devel-0.6.21-5.el6_3.s390.rpm
libexif-devel-0.6.21-5.el6_3.s390x.rpm

x86_64:
libexif-0.6.21-5.el6_3.i686.rpm
libexif-0.6.21-5.el6_3.x86_64.rpm
libexif-debuginfo-0.6.21-5.el6_3.i686.rpm
libexif-debuginfo-0.6.21-5.el6_3.x86_64.rpm
libexif-devel-0.6.21-5.el6_3.i686.rpm
libexif-devel-0.6.21-5.el6_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:

i386:
libexif-0.6.21-5.el6_3.i686.rpm
libexif-debuginfo-0.6.21-5.el6_3.i686.rpm
libexif-devel-0.6.21-5.el6_3.i686.rpm

x86_64:
libexif-0.6.21-5.el6_3.i686.rpm
libexif-0.6.21-5.el6_3.x86_64.rpm
libexif-debuginfo-0.6.21-5.el6_3.i686.rpm
libexif-debuginfo-0.6.21-5.el6_3.x86_64.rpm
libexif-devel-0.6.21-5.el6_3.i686.rpm
libexif-devel-0.6.21-5.el6_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://access.redhat.com/security/cve/CVE-2012-2812
https://access.redhat.com/security/cve/CVE-2012-2813
https://access.redhat.com/security/cve/CVE-2012-2814
https://access.redhat.com/security/cve/CVE-2012-2836
https://access.redhat.com/security/cve/CVE-2012-2837
https://access.redhat.com/security/cve/CVE-2012-2840
https://access.redhat.com/security/cve/CVE-2012-2841
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.

Red Hat: 2012:1255-01 Moderate: Libexif Image Processing Exploit

red hat
Calendar Grey September 11, 2012
Dist Redhat Esm H88
Canonical's announcement outlines a significant security patch for libjpeg impacting Ubuntu 18.04 and 20.04, resolving various vulnerabilities.
Updated libexif packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

Summary

The libexif packages provide an Exchangeable image file format (Exif) library. Exif allows metadata to be added to and read from certain types of image files.
Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841)
Red Hat would like to thank Dan Fandrich for reporting these issues. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter of CVE-2012-2812, CVE-2012-2813, and CVE-2012-2814; and Yunho Kim as the original reporter of CVE-2012-2836 and CVE-2012-2837.
Users of libexif are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libexif must be restarted for the update to take effect.

Topics%20covered

Topics Covered

security advisory moderate Red Hat software update exploit image processing libexif

References

https://access.redhat.com/security/cve/CVE-2012-2812 https://access.redhat.com/security/cve/CVE-2012-2813 https://access.redhat.com/security/cve/CVE-2012-2814 https://access.redhat.com/security/cve/CVE-2012-2836 https://access.redhat.com/security/cve/CVE-2012-2837 https://access.redhat.com/security/cve/CVE-2012-2840 https://access.redhat.com/security/cve/CVE-2012-2841 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
i386: libexif-0.6.21-1.el5_8.i386.rpm libexif-debuginfo-0.6.21-1.el5_8.i386.rpm
x86_64: libexif-0.6.21-1.el5_8.i386.rpm libexif-0.6.21-1.el5_8.x86_64.rpm libexif-debuginfo-0.6.21-1.el5_8.i386.rpm libexif-debuginfo-0.6.21-1.el5_8.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
i386: libexif-debuginfo-0.6.21-1.el5_8.i386.rpm libexif-devel-0.6.21-1.el5_8.i386.rpm
x86_64: libexif-debuginfo-0.6.21-1.el5_8.i386.rpm libexif-debuginfo-0.6.21-1.el5_8.x86_64.rpm libexif-devel-0.6.21-1.el5_8.i386.rpm libexif-devel-0.6.21-1.el5_8.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
i386: libexif-0.6.21-1.el5_8.i386.rpm libexif-debuginfo-0.6.21-1.el5_8.i386.rpm libexif-devel-0.6.21-1.el5_8.i386.rpm
ia64: libexif-0.6.21-1.el5_8.ia64.rpm libexif-debuginfo-0.6.21-1.el5_8.ia64.rpm libexif-devel-0.6.21-1.el5_8.ia64.rpm
ppc: libexif-0.6.21-1.el5_8.ppc.rpm libexif-0.6.21-1.el5_8.ppc64.rpm libexif-debuginfo-0.6.21-1.el5_8.ppc.rpm libexif-debuginfo-0.6.21-1.el5_8.ppc64.rpm libexif-devel-0.6.21-1.el5_8.ppc.rpm libexif-devel-0.6.21-1.el5_8.ppc64.rpm
s390x: libexif-0.6.21-1.el5_8.s390.rpm libexif-0.6.21-1.el5_8.s390x.rpm libexif-debuginfo-0.6.21-1.el5_8.s390.rpm libexif-debuginfo-0.6.21-1.el5_8.s390x.rpm

Read the Full Advisory


Advisory ID: RHSA-2012:1255-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2012:1255.html
Issue date: 2012-09-11

Topic

Updated libexif packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System (CVSS) base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat software update exploit image processing libexif

Relevant Releases Architectures

RHEL Desktop Workstation (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64

Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64

Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

Bugs Fixed

839182 - CVE-2012-2813 libexif: "exif_convert_utf16_to_utf8()" heap-based out-of-bounds array read

839183 - CVE-2012-2814 libexif: "exif_entry_format_value()" buffer overflow

839184 - CVE-2012-2836 libexif: "exif_data_load_data()" heap-based out-of-bounds array read

839185 - CVE-2012-2837 libexif: "mnote_olympus_entry_get_value()" division by zero

839188 - CVE-2012-2840 libexif: "exif_convert_utf16_to_utf8()" off-by-one

839189 - CVE-2012-2841 libexif: "exif_entry_get_value()" integer underflow

839203 - CVE-2012-2812 libexif: "exif_entry_get_value()" heap-based out-of-bounds array read

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here