|
|
|
Choosing A Webhost: |
[USN-91-1] EXIF library vulnerability: msg#00001linux.ubuntu.security.announce
=========================================================== Ubuntu Security Notice USN-91-1 March 07, 2005 libexif vulnerabilities https://bugzilla.ubuntulinux.org/7152 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libexif10 The problem can be corrected by upgrading the affected package to version 0.6.9-1ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sylvain Defresne discovered that the EXIF library did not properly validate the structure of the EXIF tags. By tricking a user to load an image with a malicious EXIF tag, an attacker could exploit this to crash the process using the library, or even execute arbitrary code with the privileges of the process. Source archives: http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.9-1ubuntu0.1.diff.gz Size/MD5: 3179 e9fd1d2236959505cf178a020c188055 http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.9-1ubuntu0.1.dsc Size/MD5: 601 2da73dc518844cf3461f3d962dd8c54a http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.9.orig.tar.gz Size/MD5: 520956 0aa142335a8a00c32bb6c7dbfe95fc24 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.9-1ubuntu0.1_amd64.deb Size/MD5: 67246 05d61f165d5dcbe88cca2c3fe241e1f3 http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif10_0.6.9-1ubuntu0.1_amd64.deb Size/MD5: 81306 de2d6751deca8eefd36d88436be4e9cc i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.9-1ubuntu0.1_i386.deb Size/MD5: 64274 032c168632797a2a3ca36b2d994e8dcf http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif10_0.6.9-1ubuntu0.1_i386.deb Size/MD5: 78850 7f55dde4ed21e72732b90407ba1138e9 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.9-1ubuntu0.1_powerpc.deb Size/MD5: 68474 9005e4ceb739ab6d1866a5cd7637a0b3 http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif10_0.6.9-1ubuntu0.1_powerpc.deb Size/MD5: 80436 b4b646bd56dae9b6483450f597272cc9
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | [USN-90-1] Imagemagick vulnerability, Martin Pitt |
|---|---|
| Next by Date: | [USN-92-1] LessTif vulnerabilities, Martin Pitt |
| Previous by Thread: | [USN-90-1] Imagemagick vulnerability, Martin Pitt |
| Next by Thread: | [USN-92-1] LessTif vulnerabilities, Martin Pitt |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
