-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:128 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libexif Date : June 19, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Another integer overflow was found in the way libexif parses EXIF image tags. An individual who opened a carefully-crafted EXIF image file could cause the application linked against libexif to crash or possibly execute arbitrary code. Updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: aea52b8b415d79199555b138040dc117 2007.0/i586/libexif12-0.6.13-2.2mdv2007.0.i586.rpm 235324d550727d73e80953bf0b70b7fe 2007.0/i586/libexif12-devel-0.6.13-2.2mdv2007.0.i586.rpm 77a2d90649912764b5f23b94fbc09bf9 2007.0/SRPMS/libexif-0.6.13-2.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: c6bf402af2d36bc636a4b53682b4279d 2007.0/x86_64/lib64exif12-0.6.13-2.2mdv2007.0.x86_64.rpm 7c16cb8228769253a61fb223e6ac5015 2007.0/x86_64/lib64exif12-devel-0.6.13-2.2mdv2007.0.x86_64.rpm 77a2d90649912764b5f23b94fbc09bf9 2007.0/SRPMS/libexif-0.6.13-2.2mdv2007.0.src.rpm Mandriva Linux 2007.1: 76ac34860308ac16c0ddc0457684ac39 2007.1/i586/libexif12-0.6.13-4.2mdv2007.1.i586.rpm 4610d01483922b4b8e18a586405257f7 2007.1/i586/libexif12-devel-0.6.13-4.2mdv2007.1.i586.rpm de1465368f5eca18797b77287bd0e425 2007.1/SRPMS/libexif-0.6.13-4.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 1a92e5266b5a92e39f4b9343fc16554a 2007.1/x86_64/lib64exif12-0.6.13-4.2mdv2007.1.x86_64.rpm d2d151b5163ae6ffe99ccba69d3afcce 2007.1/x86_64/lib64exif12-devel-0.6.13-4.2mdv2007.1.x86_64.rpm de1465368f5eca18797b77287bd0e425 2007.1/SRPMS/libexif-0.6.13-4.2mdv2007.1.src.rpm Corporate 3.0: d35e56a5dbee270b4dac92cd0e23bf10 corporate/3.0/i586/libexif9-0.5.12-3.3.C30mdk.i586.rpm 0b519895a69a6c03134a02c1ec8f1fbd corporate/3.0/i586/libexif9-devel-0.5.12-3.3.C30mdk.i586.rpm 7739d6573e2bf53148532394a6467af7 corporate/3.0/SRPMS/libexif-0.5.12-3.3.C30mdk.src.rpm Corporate 3.0/X86_64: 9edbd655e6fd38a12f6e7722dbb5d50f corporate/3.0/x86_64/lib64exif9-0.5.12-3.3.C30mdk.x86_64.rpm d2a879e2b1a030012eb6e49764b8869d corporate/3.0/x86_64/lib64exif9-devel-0.5.12-3.3.C30mdk.x86_64.rpm d35e56a5dbee270b4dac92cd0e23bf10 corporate/3.0/x86_64/libexif9-0.5.12-3.3.C30mdk.i586.rpm 7739d6573e2bf53148532394a6467af7 corporate/3.0/SRPMS/libexif-0.5.12-3.3.C30mdk.src.rpm Corporate 4.0: 1aa75c3c68ba6a52c513a3c96238d12e corporate/4.0/i586/libexif12-0.6.12-2.2.20060mlcs4.i586.rpm cde17b0c57044d132016a3be579bbbae corporate/4.0/i586/libexif12-devel-0.6.12-2.2.20060mlcs4.i586.rpm 1a09002fd17721aca1c29fc4e971c38b corporate/4.0/SRPMS/libexif-0.6.12-2.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 41c47eed02c3780cd5394a93f9d793f6 corporate/4.0/x86_64/lib64exif12-0.6.12-2.2.20060mlcs4.x86_64.rpm 78b6c776e2b71d96d6125c32838a6584 corporate/4.0/x86_64/lib64exif12-devel-0.6.12-2.2.20060mlcs4.x86_64.rpm 1aa75c3c68ba6a52c513a3c96238d12e corporate/4.0/x86_64/libexif12-0.6.12-2.2.20060mlcs4.i586.rpm cde17b0c57044d132016a3be579bbbae corporate/4.0/x86_64/libexif12-devel-0.6.12-2.2.20060mlcs4.i586.rpm 1a09002fd17721aca1c29fc4e971c38b corporate/4.0/SRPMS/libexif-0.6.12-2.2.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGeEekmqjQ0CJFipgRAmhJAJ9zUqX5PY2gtCcWewFIPsTk4LT7uQCggWmo 70HSRJ9MNadqZ46Ui1UAuk0= =Fwpz -----END PGP SIGNATURE-----