Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Fedora Security Update Fixes Libexif "exif_data_load_data_entry()" Integer Overflow

Title : Fedora Security Update Fixes Libexif "exif_data_load_data_entry()" Integer Overflow
VUPEN ID : VUPEN/ADV-2007-2135
CVE ID : CVE-2007-2645
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-12

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format  Receive VUPEN Security notifications by SMS 

A vulnerability has been identified in Fedora, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in Libexif. For additional information, see : VUPEN/ADV-2007-1761

Affected Products

Fedora Core 6

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

a72ed5f5da3870cad1911c3aeaf7da70c9617178 SRPMS/libexif-0.6.15-1.fc6.src.rpm
a72ed5f5da3870cad1911c3aeaf7da70c9617178 noarch/libexif-0.6.15-1.fc6.src.rpm
9e0bc0e5d27ad0146d3d8378b4cdda784f38cbeb ppc/libexif-devel-0.6.15-1.fc6.ppc.rpm
f15e10ca2f053e94603e603ad641be5389696d23 ppc/libexif-0.6.15-1.fc6.ppc.rpm
d7e02d9235bf50cb0c18d04f353927b01b27d2d3 ppc/debug/libexif-debuginfo-0.6.15-1.fc6.ppc.rpm
cce426e4e62fe173799581698f7f3e756b251cf5 x86_64/debug/libexif-debuginfo-0.6.15-1.fc6.x86_64.rpm
c03bea0a6b7e8f253a6876e063c2b15e288898f6 x86_64/libexif-0.6.15-1.fc6.x86_64.rpm
84c6c79200b570287620ea3d36d3f29a07cfe075 x86_64/libexif-devel-0.6.15-1.fc6.x86_64.rpm
b6fe4592d0c5a840cedbb8f6009ceb69ba07b2c7 i386/libexif-devel-0.6.15-1.fc6.i386.rpm
253a835d978fb06bdde8e49472313a99e3aa3df3 i386/libexif-0.6.15-1.fc6.i386.rpm
8b2d63cc52c6ebd1d2ff751f6fdcb4eb086420ed i386/debug/libexif-debuginfo-0.6.15-1.fc6.i386.rpm

References

http://www.vupen.com/english/advisories/2007/2135
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00150.html

ChangeLog

2007-06-12 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7


  >> 2009-05-12

     

  Microsoft Patched 14
  Office PowerPoint Flaws

 

  >> 2009-04-28

     

  Adobe Reader / Acrobat
  Vulnerabilities Disclosed

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy