Skip to navigation

Security Advisory Moderate: libexif integer overflow

Advisory: RHSA-2007:0501-4
Type: Security Advisory
Severity: Moderate
Issued on: 2007-06-14
Last updated on: 2007-06-14
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2006-4168

Details

Updated libexif packages that fix an integer overflow flaw are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

The libexif package contains the EXIF library. Applications use this
library to parse EXIF image files.

An integer overflow flaw was found in the way libexif parses EXIF image
tags. If a victim opens a carefully crafted EXIF image file it could cause
the application linked against libexif to execute arbitrary code or crash.
(CVE-2007-4168)

Users of libexif should upgrade to these updated packages, which contain a
backported patch and are not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
libexif-0.6.13-4.0.2.el5.src.rpm
File outdated by:  RHSA-2012:1255
    MD5: 9c1360d0a15e568b9b73def358e1e216
 
IA-32:
libexif-devel-0.6.13-4.0.2.el5.i386.rpm
File outdated by:  RHSA-2012:1255
    MD5: 6cc73cf44459c921979c87bb72c2423d
 
x86_64:
libexif-devel-0.6.13-4.0.2.el5.i386.rpm
File outdated by:  RHSA-2012:1255
    MD5: 6cc73cf44459c921979c87bb72c2423d
libexif-devel-0.6.13-4.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2012:1255
    MD5: 09804ed13ace52a3c98629e882652458
 
Red Hat Desktop (v. 4)

SRPMS:
libexif-0.5.12-5.1.0.2.src.rpm
File outdated by:  RHSA-2007:1166
    MD5: cc95784382095e50dbe7635f481aa9cf
 
IA-32:
libexif-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-devel-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 991754de75656c3bb52f65973ff6c26f
 
x86_64:
libexif-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-0.5.12-5.1.0.2.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 1734951e779ec59b4bfc3f2e179238d7
libexif-devel-0.5.12-5.1.0.2.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 470280d57b9b8a4684f6ae22fce1884d
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
libexif-0.6.13-4.0.2.el5.src.rpm
File outdated by:  RHSA-2012:1255
    MD5: 9c1360d0a15e568b9b73def358e1e216
 
IA-32:
libexif-0.6.13-4.0.2.el5.i386.rpm
File outdated by:  RHSA-2012:1255
    MD5: 930dedbd73cc50756f08d8da7e69d3cc
libexif-devel-0.6.13-4.0.2.el5.i386.rpm
File outdated by:  RHSA-2012:1255
    MD5: 6cc73cf44459c921979c87bb72c2423d
 
IA-64:
libexif-0.6.13-4.0.2.el5.ia64.rpm
File outdated by:  RHSA-2012:1255
    MD5: bdd1e73d38fa157910bafa527fbbb9b8
libexif-devel-0.6.13-4.0.2.el5.ia64.rpm
File outdated by:  RHSA-2012:1255
    MD5: 6c717cfbef081e91678f0077e2990aa2
 
PPC:
libexif-0.6.13-4.0.2.el5.ppc.rpm
File outdated by:  RHSA-2012:1255
    MD5: a18174feefe9609197fc1965b10782ef
libexif-0.6.13-4.0.2.el5.ppc64.rpm
File outdated by:  RHSA-2012:1255
    MD5: 05756725b5317acf04a044fbb12f10eb
libexif-devel-0.6.13-4.0.2.el5.ppc.rpm
File outdated by:  RHSA-2012:1255
    MD5: a27203f6f7f67880c890f298a29ef269
libexif-devel-0.6.13-4.0.2.el5.ppc64.rpm
File outdated by:  RHSA-2012:1255
    MD5: f40b87f843489b5015b8325da0aeebe5
 
s390x:
libexif-0.6.13-4.0.2.el5.s390.rpm
File outdated by:  RHSA-2012:1255
    MD5: 79ed6902bce120c38ebac83e374d9b82
libexif-0.6.13-4.0.2.el5.s390x.rpm
File outdated by:  RHSA-2012:1255
    MD5: c2d896aef222c14fae8976b222c3cfbe
libexif-devel-0.6.13-4.0.2.el5.s390.rpm
File outdated by:  RHSA-2012:1255
    MD5: 1afbb123d879e1a682b21fca1b9231fb
libexif-devel-0.6.13-4.0.2.el5.s390x.rpm
File outdated by:  RHSA-2012:1255
    MD5: fe8041e8b91383a74786a15ab0d8fc17
 
x86_64:
libexif-0.6.13-4.0.2.el5.i386.rpm
File outdated by:  RHSA-2012:1255
    MD5: 930dedbd73cc50756f08d8da7e69d3cc
libexif-0.6.13-4.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2012:1255
    MD5: e3130a9e84081d0ee5735e0bf027b186
libexif-devel-0.6.13-4.0.2.el5.i386.rpm
File outdated by:  RHSA-2012:1255
    MD5: 6cc73cf44459c921979c87bb72c2423d
libexif-devel-0.6.13-4.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2012:1255
    MD5: 09804ed13ace52a3c98629e882652458
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
libexif-0.5.12-5.1.0.2.src.rpm
File outdated by:  RHSA-2007:1166
    MD5: cc95784382095e50dbe7635f481aa9cf
 
IA-32:
libexif-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-devel-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 991754de75656c3bb52f65973ff6c26f
 
IA-64:
libexif-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-0.5.12-5.1.0.2.ia64.rpm
File outdated by:  RHSA-2007:1166
    MD5: f68c9026317026b58dd196bfd4af4bbf
libexif-devel-0.5.12-5.1.0.2.ia64.rpm
File outdated by:  RHSA-2007:1166
    MD5: ecfce96bd377840f0cee4de6d2c4d1e8
 
PPC:
libexif-0.5.12-5.1.0.2.ppc.rpm
File outdated by:  RHSA-2007:1166
    MD5: fdac438a4a9fd5bd08cc6a44391f23f6
libexif-0.5.12-5.1.0.2.ppc64.rpm
File outdated by:  RHSA-2007:1166
    MD5: af678c093c8adf776902b70fbb3c871e
libexif-devel-0.5.12-5.1.0.2.ppc.rpm
File outdated by:  RHSA-2007:1166
    MD5: 9ab46f02a84a771fea33d5308b255f40
 
s390:
libexif-0.5.12-5.1.0.2.s390.rpm
File outdated by:  RHSA-2007:1166
    MD5: e9985c79bc041d36f97af618830aace1
libexif-devel-0.5.12-5.1.0.2.s390.rpm
File outdated by:  RHSA-2007:1166
    MD5: 8747b11f434c1482c1ed32d024d9965e
 
s390x:
libexif-0.5.12-5.1.0.2.s390.rpm
File outdated by:  RHSA-2007:1166
    MD5: e9985c79bc041d36f97af618830aace1
libexif-0.5.12-5.1.0.2.s390x.rpm
File outdated by:  RHSA-2007:1166
    MD5: f5a748f9e3401d7ca637294f0a303e19
libexif-devel-0.5.12-5.1.0.2.s390x.rpm
File outdated by:  RHSA-2007:1166
    MD5: 822e8e8f5f5b7bdb47225604cf1d4373
 
x86_64:
libexif-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-0.5.12-5.1.0.2.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 1734951e779ec59b4bfc3f2e179238d7
libexif-devel-0.5.12-5.1.0.2.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 470280d57b9b8a4684f6ae22fce1884d
 
Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
libexif-0.5.12-5.1.0.2.src.rpm
File outdated by:  RHSA-2007:1166
    MD5: cc95784382095e50dbe7635f481aa9cf
 
IA-32:
libexif-0.5.12-5.1.0.2.i386.rpm     MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-devel-0.5.12-5.1.0.2.i386.rpm     MD5: 991754de75656c3bb52f65973ff6c26f
 
IA-64:
libexif-0.5.12-5.1.0.2.i386.rpm     MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-0.5.12-5.1.0.2.ia64.rpm     MD5: f68c9026317026b58dd196bfd4af4bbf
libexif-devel-0.5.12-5.1.0.2.ia64.rpm     MD5: ecfce96bd377840f0cee4de6d2c4d1e8
 
PPC:
libexif-0.5.12-5.1.0.2.ppc.rpm     MD5: fdac438a4a9fd5bd08cc6a44391f23f6
libexif-0.5.12-5.1.0.2.ppc64.rpm     MD5: af678c093c8adf776902b70fbb3c871e
libexif-devel-0.5.12-5.1.0.2.ppc.rpm     MD5: 9ab46f02a84a771fea33d5308b255f40
 
s390:
libexif-0.5.12-5.1.0.2.s390.rpm     MD5: e9985c79bc041d36f97af618830aace1
libexif-devel-0.5.12-5.1.0.2.s390.rpm     MD5: 8747b11f434c1482c1ed32d024d9965e
 
s390x:
libexif-0.5.12-5.1.0.2.s390.rpm     MD5: e9985c79bc041d36f97af618830aace1
libexif-0.5.12-5.1.0.2.s390x.rpm     MD5: f5a748f9e3401d7ca637294f0a303e19
libexif-devel-0.5.12-5.1.0.2.s390x.rpm     MD5: 822e8e8f5f5b7bdb47225604cf1d4373
 
x86_64:
libexif-0.5.12-5.1.0.2.i386.rpm     MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-0.5.12-5.1.0.2.x86_64.rpm     MD5: 1734951e779ec59b4bfc3f2e179238d7
libexif-devel-0.5.12-5.1.0.2.x86_64.rpm     MD5: 470280d57b9b8a4684f6ae22fce1884d
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
libexif-0.6.13-4.0.2.el5.src.rpm
File outdated by:  RHSA-2012:1255
    MD5: 9c1360d0a15e568b9b73def358e1e216
 
IA-32:
libexif-0.6.13-4.0.2.el5.i386.rpm
File outdated by:  RHSA-2012:1255
    MD5: 930dedbd73cc50756f08d8da7e69d3cc
 
x86_64:
libexif-0.6.13-4.0.2.el5.i386.rpm
File outdated by:  RHSA-2012:1255
    MD5: 930dedbd73cc50756f08d8da7e69d3cc
libexif-0.6.13-4.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2012:1255
    MD5: e3130a9e84081d0ee5735e0bf027b186
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
libexif-0.5.12-5.1.0.2.src.rpm
File outdated by:  RHSA-2007:1166
    MD5: cc95784382095e50dbe7635f481aa9cf
 
IA-32:
libexif-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-devel-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 991754de75656c3bb52f65973ff6c26f
 
IA-64:
libexif-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-0.5.12-5.1.0.2.ia64.rpm
File outdated by:  RHSA-2007:1166
    MD5: f68c9026317026b58dd196bfd4af4bbf
libexif-devel-0.5.12-5.1.0.2.ia64.rpm
File outdated by:  RHSA-2007:1166
    MD5: ecfce96bd377840f0cee4de6d2c4d1e8
 
x86_64:
libexif-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-0.5.12-5.1.0.2.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 1734951e779ec59b4bfc3f2e179238d7
libexif-devel-0.5.12-5.1.0.2.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 470280d57b9b8a4684f6ae22fce1884d
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
libexif-0.5.12-5.1.0.2.src.rpm
File outdated by:  RHSA-2007:1166
    MD5: cc95784382095e50dbe7635f481aa9cf
 
IA-32:
libexif-0.5.12-5.1.0.2.i386.rpm     MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-devel-0.5.12-5.1.0.2.i386.rpm     MD5: 991754de75656c3bb52f65973ff6c26f
 
IA-64:
libexif-0.5.12-5.1.0.2.i386.rpm     MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-0.5.12-5.1.0.2.ia64.rpm     MD5: f68c9026317026b58dd196bfd4af4bbf
libexif-devel-0.5.12-5.1.0.2.ia64.rpm     MD5: ecfce96bd377840f0cee4de6d2c4d1e8
 
x86_64:
libexif-0.5.12-5.1.0.2.i386.rpm     MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-0.5.12-5.1.0.2.x86_64.rpm     MD5: 1734951e779ec59b4bfc3f2e179238d7
libexif-devel-0.5.12-5.1.0.2.x86_64.rpm     MD5: 470280d57b9b8a4684f6ae22fce1884d
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
libexif-0.5.12-5.1.0.2.src.rpm
File outdated by:  RHSA-2007:1166
    MD5: cc95784382095e50dbe7635f481aa9cf
 
IA-32:
libexif-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-devel-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 991754de75656c3bb52f65973ff6c26f
 
IA-64:
libexif-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-0.5.12-5.1.0.2.ia64.rpm
File outdated by:  RHSA-2007:1166
    MD5: f68c9026317026b58dd196bfd4af4bbf
libexif-devel-0.5.12-5.1.0.2.ia64.rpm
File outdated by:  RHSA-2007:1166
    MD5: ecfce96bd377840f0cee4de6d2c4d1e8
 
x86_64:
libexif-0.5.12-5.1.0.2.i386.rpm
File outdated by:  RHSA-2007:1166
    MD5: 6da6c2967783bcb980aecdc144d6dd02
libexif-0.5.12-5.1.0.2.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 1734951e779ec59b4bfc3f2e179238d7
libexif-devel-0.5.12-5.1.0.2.x86_64.rpm
File outdated by:  RHSA-2007:1166
    MD5: 470280d57b9b8a4684f6ae22fce1884d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

243888 - CVE-2006-4168 libexif integer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/