FSA/F7/FEDORA-2007-0414

[SECURITY] Fedora 7 Update: libexif-0.6.15-2.fc7
Fedora Update Notification FEDORA-2007-0414 2007-06-13 14:10:45.110754

Name       : libexif Product    : Fedora 7 Version    : 0.6.15 Release    : 2.fc7 Summary    : Library for extracting extra information from image files Description : Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags.

Update Information:

The libexif package contains the EXIF library. Applications use this library to parse EXIF image files.

An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168)

Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.

ChangeLog:

- Add patch for CVE-2007-4168. Fix bug #243892 - Update to 0.6.15 - Drop obsolete patch - Add patch for CVE-2007-2645.
 * Wed Jun 13 2007 Matthias Clasen  - 0.6.15-2
 * Wed May 30 2007 Matthias Clasen  - 0.6.15-1
 * Thu May 24 2007 Matthias Clasen  - 0.6.13-4

References:

[ 1 ] Bug #243890 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243890 [ 2 ] CVE-2007-4168 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168

Updated packages:

10cce6c94291f0470e8cb4de3bb1f6b2996a9f08 libexif-devel-0.6.15-2.fc7.ppc64.rpm cd56142d945ece535cf3c0c02e5300d872326af4 libexif-0.6.15-2.fc7.ppc64.rpm 091289552c8397a8a54414252c9633812158dddc libexif-debuginfo-0.6.15-2.fc7.ppc64.rpm 2d6e1ceaf1941cc77d4ecb05915c5541d1c33f6e libexif-devel-0.6.15-2.fc7.i386.rpm cf8f484124bcc88ec71529b8a1f56f1a83cefbac libexif-0.6.15-2.fc7.i386.rpm b3efabe81a30002d39f2eb2993ff95492f102be3 libexif-debuginfo-0.6.15-2.fc7.i386.rpm 27926dbb021313d7d3b1fac7c140abfa6738f34d libexif-debuginfo-0.6.15-2.fc7.x86_64.rpm 8bb1e505f0f5f54942e42292871a608654eac6e5 libexif-devel-0.6.15-2.fc7.x86_64.rpm b8dbe6182dc5cc18f66f5d5fba78c4324310906b libexif-0.6.15-2.fc7.x86_64.rpm 89b8fcd78fa45984ba8aed9e19cc8833a519e46f libexif-devel-0.6.15-2.fc7.ppc.rpm efd2be2d1ce6b5f042964f7106c4d204d289be0f libexif-0.6.15-2.fc7.ppc.rpm 1c551c06052a4ed21969b4fdf2e3e2ef27c864d5 libexif-debuginfo-0.6.15-2.fc7.ppc.rpm 2b7824199c20411b1ba6cf6546e09baf861c53ea libexif-0.6.15-2.fc7.src.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://docs.fedoraproject.org/yum/.