Skip to navigation

Security Advisory libexif security update

Advisory: RHSA-2005:300-08
Type: Security Advisory
Severity: Low
Issued on: 2005-03-21
Last updated on: 2005-03-21
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-0664

Details

Updated libexif packages that fix a buffer overflow issue are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

The libexif package contains the EXIF library. Applications use this
library to parse EXIF image files.

A bug was found in the way libexif parses EXIF tags. An attacker could
create a carefully crafted EXIF image file which could cause image viewers
linked against libexif to crash. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-0664 to this issue.

Users of libexif should upgrade to these updated packages, which contain a
backported patch and are not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)

IA-32:
libexif-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: da56dfdd5aff92e12392320572801f28
libexif-devel-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: cf4266f5169a641988d78692862ac123
 
x86_64:
libexif-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: da56dfdd5aff92e12392320572801f28
libexif-0.5.12-5.1.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 1de5c99dff768c5b1667d838f470b320
libexif-devel-0.5.12-5.1.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: cb1e0972270a3520cae3fe2e9c844f18
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
libexif-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: da56dfdd5aff92e12392320572801f28
libexif-devel-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: cf4266f5169a641988d78692862ac123
 
IA-64:
libexif-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: da56dfdd5aff92e12392320572801f28
libexif-0.5.12-5.1.ia64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 063977d8cf3fa8d762876c0b03c628fc
libexif-devel-0.5.12-5.1.ia64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 64adda01f6ee366d3d0648f5aefd8aeb
 
PPC:
libexif-0.5.12-5.1.ppc.rpm
File outdated by:  RHSA-2007:1166
    MD5: 641ff4e17fdd75cdba40f096b27be7a6
libexif-0.5.12-5.1.ppc64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 1b5a793074ec0c93e18894e012860690
libexif-devel-0.5.12-5.1.ppc.rpm
File outdated by:  RHSA-2007:1166
    MD5: 79e96019b18609766d27d6018f4a91a1
 
s390:
libexif-0.5.12-5.1.s390.rpm
File outdated by:  RHSA-2007:1166
    MD5: 18e3ad9ecbf8808e0ff8a568a330e7d2
libexif-devel-0.5.12-5.1.s390.rpm
File outdated by:  RHSA-2007:1166
    MD5: fdc7468498cb6099d7de253ecd814134
 
s390x:
libexif-0.5.12-5.1.s390.rpm
File outdated by:  RHSA-2007:1166
    MD5: 18e3ad9ecbf8808e0ff8a568a330e7d2
libexif-0.5.12-5.1.s390x.rpm
File outdated by:  RHSA-2007:1166
    MD5: 7dcf828336530af124e05c0c1e0a8f72
libexif-devel-0.5.12-5.1.s390x.rpm
File outdated by:  RHSA-2007:1166
    MD5: e7322c9443f2db1e12de7c399066dd75
 
x86_64:
libexif-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: da56dfdd5aff92e12392320572801f28
libexif-0.5.12-5.1.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 1de5c99dff768c5b1667d838f470b320
libexif-devel-0.5.12-5.1.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: cb1e0972270a3520cae3fe2e9c844f18
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
libexif-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: da56dfdd5aff92e12392320572801f28
libexif-devel-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: cf4266f5169a641988d78692862ac123
 
IA-64:
libexif-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: da56dfdd5aff92e12392320572801f28
libexif-0.5.12-5.1.ia64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 063977d8cf3fa8d762876c0b03c628fc
libexif-devel-0.5.12-5.1.ia64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 64adda01f6ee366d3d0648f5aefd8aeb
 
x86_64:
libexif-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: da56dfdd5aff92e12392320572801f28
libexif-0.5.12-5.1.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 1de5c99dff768c5b1667d838f470b320
libexif-devel-0.5.12-5.1.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: cb1e0972270a3520cae3fe2e9c844f18
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
libexif-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: da56dfdd5aff92e12392320572801f28
libexif-devel-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: cf4266f5169a641988d78692862ac123
 
IA-64:
libexif-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: da56dfdd5aff92e12392320572801f28
libexif-0.5.12-5.1.ia64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 063977d8cf3fa8d762876c0b03c628fc
libexif-devel-0.5.12-5.1.ia64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 64adda01f6ee366d3d0648f5aefd8aeb
 
x86_64:
libexif-0.5.12-5.1.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: da56dfdd5aff92e12392320572801f28
libexif-0.5.12-5.1.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 1de5c99dff768c5b1667d838f470b320
libexif-devel-0.5.12-5.1.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: cb1e0972270a3520cae3fe2e9c844f18
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

150503 - CAN-2005-0664 buffer overflow in libexif


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/