[SECURITY] Fedora Core 6 Update: libexif-0.6.15-2.fc6

Matthias Clasen mclasen at redhat.com
Thu Jun 28 01:50:38 UTC 2007 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-614
2007-06-27
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : libexif
Version     : 0.6.15
Release     : 2.fc6
Summary     : Library for extracting extra information from image files
Description :
Most digital cameras produce EXIF files, which are JPEG files with
extra tags that contain information about the image. The EXIF library
allows you to parse an EXIF file and read the data from those tags.

---------------------------------------------------------------------
Update Information:

The libexif package contains the EXIF library. Applications
use this library to parse EXIF image files.

An integer overflow flaw was found in the way libexif parses
EXIF image tags. If a victim opens a carefully crafted EXIF
image file it could cause the application linked against
libexif to execute arbitrary code or crash. (CVE-2007-4168)

Users of libexif should upgrade to these updated packages,
which contain a backported patch and are not vulnerable to
this issue.
---------------------------------------------------------------------
* Wed Jun 13 2007 Matthias Clasen <mclasen at redhat.com> - 0.6.15-2
- Add patch for CVE-2007-4168. Fix bug #243892

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

0fd5f1acfb37de5bd85b973ecf3b00c69ff6d5e9  SRPMS/libexif-0.6.15-2.fc6.src.rpm
0fd5f1acfb37de5bd85b973ecf3b00c69ff6d5e9  noarch/libexif-0.6.15-2.fc6.src.rpm
f715aefa9558f7b827606e98c5d88bf919d9e5ff  ppc/debug/libexif-debuginfo-0.6.15-2.fc6.ppc.rpm
c9a85c20b950a5c8f829280f05281d3657dd2aa9  ppc/libexif-0.6.15-2.fc6.ppc.rpm
90ed3965fdd563b74bd8e5f2d4af01b12e58b0e6  ppc/libexif-devel-0.6.15-2.fc6.ppc.rpm
f86b69b898a3824c1dcbadb14933d2866c310473  x86_64/debug/libexif-debuginfo-0.6.15-2.fc6.x86_64.rpm
ad3fd34dad258162c4bc9aa65020790af273b1a5  x86_64/libexif-devel-0.6.15-2.fc6.x86_64.rpm
9a3b3e18968081440411426a9139d5ca39ad196e  x86_64/libexif-0.6.15-2.fc6.x86_64.rpm
4e10c52ad5dc5eca65d7d57bc9b86aba61b3b276  i386/libexif-0.6.15-2.fc6.i386.rpm
99ecbcfcdaeea08641c0a61b6d6c72c66530f214  i386/libexif-devel-0.6.15-2.fc6.i386.rpm
e583ddd0572027f1421a0d9ad1694d3769b1394e  i386/debug/libexif-debuginfo-0.6.15-2.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

More information about the package-announce mailing list