FSA/F7/FEDORA-2007-0003

[SECURITY] Fedora 7 Update: libexif-0.6.15-1.fc7
Fedora Update Notification FEDORA-2007-0003 (Corrected) None

Name       : libexif Product    : Fedora 7 Version    : 0.6.15 Release    : 1.fc7 Summary    : Library for extracting extra information from image files Description : Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags.

Update Information:

This update to the latest upstream release fixes a number of bugs, among them a possible integer overflow in the exif_data_load_data_entry function (CVE-2007-2645), which allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data.

ChangeLog:

- Update to 0.6.15 - Drop obsolete patch - Add patch for CVE-2007-2645.
 * Wed May 30 2007 Matthias Clasen - 0.6.15-1
 * Thu May 24 2007 Matthias Clasen - 0.6.13-4

References:

CVE-2007-2645 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2645

Updated packages:

259b0a93b4e96c33c24a75a6d0b312120ac530bf libexif-devel-0.6.15-1.fc7.ppc64.rpm 1e2453c2ca793bcda0729db3cd45b1fa18c21685 libexif-debuginfo-0.6.15-1.fc7.ppc64.rpm 66ed02a08e52eab0d06d120e521ca23ff33679f3 libexif-0.6.15-1.fc7.ppc64.rpm 13c1a5cd5a17155825bf0d77584086fd87f6810a libexif-debuginfo-0.6.15-1.fc7.i386.rpm 052b7d7fdfefbf2c5e18a1b31f2256e00d61d622 libexif-devel-0.6.15-1.fc7.i386.rpm 0494958fb4278f7c859bfa23afaf0eed6e47ed1b libexif-0.6.15-1.fc7.i386.rpm 2fcd5d419e690eff68a9845e9a51d81665ed82d4 libexif-debuginfo-0.6.15-1.fc7.x86_64.rpm b8904b86c20a7dbc39d9d58164c0258789469c6c libexif-0.6.15-1.fc7.x86_64.rpm 8d8657eb0e463125bea71b1b97d8c6613e73ffd0 libexif-devel-0.6.15-1.fc7.x86_64.rpm a5e9d7f1d81bb295a13f30681f7eac8b517b47e1 libexif-0.6.15-1.fc7.ppc.rpm e47125d9b3919724edffb544101305c3dd8e2a4c libexif-debuginfo-0.6.15-1.fc7.ppc.rpm fe35d26972c90154cb285534be03bebba4be315b libexif-devel-0.6.15-1.fc7.ppc.rpm 500a6a4fda130d4fe4025d6f64feddd29ebac275 libexif-0.6.15-1.fc7.src.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://docs.fedoraproject.org/yum/.