VUPEN Security - Mandriva Security Update Fixes Libexif "exif_data_load_data_entry()" Integer Overflow / Exploit (Security Advisories)

	Contact \| Site en Français

VUPEN VNS v4.0

Features and Options

Free 14-Day Trial

Partner Program

Receive More Information

Latest Intelligence

VUPEN Security Advisories

Virus and Malware Alerts

VUPEN Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Mandriva Security Update Fixes Libexif "exif_data_load_data_entry()" Integer Overflow

Title : Mandriva Security Update Fixes Libexif "exif_data_load_data_entry()" Integer Overflow
VUPEN ID : VUPEN/ADV-2007-2108
CVE ID : CVE-2007-2645
CWE ID : VUPEN VNS Only

CVSS V2 : VUPEN VNS Only

Rated as : High Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-11

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

A vulnerability has been identified in Mandriva, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in Libexif. For additional information, see : VUPEN/ADV-2007-1761

Affected Products

Mandriva Linux 2007.0
Mandriva Linux 2007.1
Mandriva Corporate 3.0
Mandriva Corporate 4.0

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
8de9838c6688aa2502eb58fda312003a 2007.0/i586/libexif12-0.6.13-2.1mdv2007.0.i586.rpm
580e145204195974bc7c952172c446b3 2007.0/i586/libexif12-devel-0.6.13-2.1mdv2007.0.i586.rpm
d844f09d409daecc2389db2676e50873 2007.0/SRPMS/libexif-0.6.13-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
3a12325160f97f932e9219204cbc7530 2007.0/x86_64/lib64exif12-0.6.13-2.1mdv2007.0.x86_64.rpm
923cd72076fad582cf2c4797205f40e9 2007.0/x86_64/lib64exif12-devel-0.6.13-2.1mdv2007.0.x86_64.rpm
d844f09d409daecc2389db2676e50873 2007.0/SRPMS/libexif-0.6.13-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
72c028dc116ab801193597474a97b5dd 2007.1/i586/libexif12-0.6.13-4.1mdv2007.1.i586.rpm
1603116edb2e3c2ff7dab21e55918c37 2007.1/i586/libexif12-devel-0.6.13-4.1mdv2007.1.i586.rpm
af9f57cbcb05284a5b3b9f40cb9ebfb0 2007.1/SRPMS/libexif-0.6.13-4.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
cd26e48c6bb15bad651254f893e73e1f 2007.1/x86_64/lib64exif12-0.6.13-4.1mdv2007.1.x86_64.rpm
e7b605766d1c4a345d6691a725defc87 2007.1/x86_64/lib64exif12-devel-0.6.13-4.1mdv2007.1.x86_64.rpm
af9f57cbcb05284a5b3b9f40cb9ebfb0 2007.1/SRPMS/libexif-0.6.13-4.1mdv2007.1.src.rpm

Corporate 3.0:
7006c28a35c773a399990c5920093996 corporate/3.0/i586/libexif9-0.5.12-3.2.C30mdk.i586.rpm
513cc72e7240fec7f445aec15411ecf6 corporate/3.0/i586/libexif9-devel-0.5.12-3.2.C30mdk.i586.rpm
aa33d9f4305d33eedb1dcb03e0160340 corporate/3.0/SRPMS/libexif-0.5.12-3.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
2ed9200d78941a8e8028d0863edf21ef corporate/3.0/x86_64/lib64exif9-0.5.12-3.2.C30mdk.x86_64.rpm
d6782377ec44ed36da7b79e314889298 corporate/3.0/x86_64/lib64exif9-devel-0.5.12-3.2.C30mdk.x86_64.rpm
aa33d9f4305d33eedb1dcb03e0160340 corporate/3.0/SRPMS/libexif-0.5.12-3.2.C30mdk.src.rpm

Corporate 4.0:
59c79de51e734476082d2e8441b37379 corporate/4.0/i586/libexif12-0.6.12-2.1.20060mlcs4.i586.rpm
bdd1f9b7048916221b20ef6beca09046 corporate/4.0/i586/libexif12-devel-0.6.12-2.1.20060mlcs4.i586.rpm
fb63127c388f24483317139078f311f4 corporate/4.0/SRPMS/libexif-0.6.12-2.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
b7e02d89a1ecd4b70e581f86d347b0f5 corporate/4.0/x86_64/lib64exif12-0.6.12-2.1.20060mlcs4.x86_64.rpm
caa2c7e5c2ac078626ae89b1fab07406 corporate/4.0/x86_64/lib64exif12-devel-0.6.12-2.1.20060mlcs4.x86_64.rpm
fb63127c388f24483317139078f311f4 corporate/4.0/SRPMS/libexif-0.6.12-2.1.20060mlcs4.src.rpm

References

http://www.vupen.com/english/advisories/2007/2108
http://archives.mandrivalinux.com/security-announce/2007-06/msg00009.php

ChangeLog

2007-06-11 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

VUPEN Vulnerability
Notification Service

Latest Advisories

>> 2010-03-19

CA ARCserve Backup JRE Code Execution and Security Bypass Issues

>> 2010-03-19

Debian Security Update Fixes PHP XML-RPC Denial of Service Issue

>> 2010-03-19

Ubuntu Security Update Fixes Thunderbird Multiple Vulnerabilities

>> 2010-03-18

IBM DB2 Content Manager Web Services Single Sign-on Vulnerability

>> 2010-03-18

Transmission "tr_magnetParse()" Magnet Buffer Overflow Vulnerability

More Informations