[SECURITY] Fedora 16 Update: libexif-0.6.21-2.fc16

updates at fedoraproject.org updates at fedoraproject.org
Fri Feb 8 02:14:42 UTC 2013 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-1257
2013-01-23 00:34:16
--------------------------------------------------------------------------------

Name        : libexif
Product     : Fedora 16
Version     : 0.6.21
Release     : 2.fc16
URL         : http://libexif.sourceforge.net/
Summary     : Library for extracting extra information from image files
Description :
Most digital cameras produce EXIF files, which are JPEG files with
extra tags that contain information about the image. The EXIF library
allows you to parse an EXIF file and read the data from those tags.

--------------------------------------------------------------------------------
Update Information:

A security bugfix release.
A security bugfix release.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 21 2013 Petr Šabata <contyk at redhat.com> - 0.6.21-2
- Old build GC'd before pushed into testing
* Fri Jul 13 2012 Petr Šabata <contyk at redhat.com> - 0.6.21-1
- 0.6.21 bump
- A security bugfixing release (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814,
  CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841 & CVE-2012-2845)
- Drop the pre-generated docs and introduce a doc subpackage
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #839182 - CVE-2012-2813 libexif: "exif_convert_utf16_to_utf8()" heap-based out-of-bounds array read
        https://bugzilla.redhat.com/show_bug.cgi?id=839182
  [ 2 ] Bug #839183 - CVE-2012-2814 libexif: "exif_entry_format_value()" buffer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=839183
  [ 3 ] Bug #839184 - CVE-2012-2836 libexif: "exif_data_load_data()" heap-based out-of-bounds array read
        https://bugzilla.redhat.com/show_bug.cgi?id=839184
  [ 4 ] Bug #839185 - CVE-2012-2837 libexif: "mnote_olympus_entry_get_value()" division by zero
        https://bugzilla.redhat.com/show_bug.cgi?id=839185
  [ 5 ] Bug #839188 - CVE-2012-2840 libexif: "exif_convert_utf16_to_utf8()" off-by-one
        https://bugzilla.redhat.com/show_bug.cgi?id=839188
  [ 6 ] Bug #839189 - CVE-2012-2841 libexif: "exif_entry_get_value()" integer underflow
        https://bugzilla.redhat.com/show_bug.cgi?id=839189
  [ 7 ] Bug #839203 - CVE-2012-2812 libexif: "exif_entry_get_value()" heap-based out-of-bounds array read
        https://bugzilla.redhat.com/show_bug.cgi?id=839203
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libexif' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list