Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Fedora Security Update Fixes Libexif "exif_data_load_data_entry()" Code Execution

Title : Fedora Security Update Fixes Libexif "exif_data_load_data_entry()" Code Execution
VUPEN ID : VUPEN/ADV-2007-2181
CVE ID : CVE-2006-4168
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-14

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary code. This issue is caused by an error in Libexif. For additional information, see : VUPEN/ADV-2007-2165

Affected Products

Fedora 7
Fedora Core 5

Solution

Upgrade the affected packages :

10cce6c94291f0470e8cb4de3bb1f6b2996a9f08 libexif-devel-0.6.15-2.fc7.ppc64.rpm
cd56142d945ece535cf3c0c02e5300d872326af4 libexif-0.6.15-2.fc7.ppc64.rpm
091289552c8397a8a54414252c9633812158dddc libexif-debuginfo-0.6.15-2.fc7.ppc64.rpm
2d6e1ceaf1941cc77d4ecb05915c5541d1c33f6e libexif-devel-0.6.15-2.fc7.i386.rpm
cf8f484124bcc88ec71529b8a1f56f1a83cefbac libexif-0.6.15-2.fc7.i386.rpm
b3efabe81a30002d39f2eb2993ff95492f102be3 libexif-debuginfo-0.6.15-2.fc7.i386.rpm
27926dbb021313d7d3b1fac7c140abfa6738f34d libexif-debuginfo-0.6.15-2.fc7.x86_64.rpm
8bb1e505f0f5f54942e42292871a608654eac6e5 libexif-devel-0.6.15-2.fc7.x86_64.rpm
b8dbe6182dc5cc18f66f5d5fba78c4324310906b libexif-0.6.15-2.fc7.x86_64.rpm
89b8fcd78fa45984ba8aed9e19cc8833a519e46f libexif-devel-0.6.15-2.fc7.ppc.rpm
efd2be2d1ce6b5f042964f7106c4d204d289be0f libexif-0.6.15-2.fc7.ppc.rpm
1c551c06052a4ed21969b4fdf2e3e2ef27c864d5 libexif-debuginfo-0.6.15-2.fc7.ppc.rpm
2b7824199c20411b1ba6cf6546e09baf861c53ea libexif-0.6.15-2.fc7.src.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

bc9dd11ff96433a16e43645010014a9839f589db SRPMS/libexif-0.6.12-5.src.rpm
bc9dd11ff96433a16e43645010014a9839f589db noarch/libexif-0.6.12-5.src.rpm
57d8ab6e2b78c12a6e66938eb4aacbe821c495c8 ppc/libexif-0.6.12-5.ppc.rpm
c5a81715d1d60559cd6da7e35b6828d7b73bf2b1 ppc/debug/libexif-debuginfo-0.6.12-5.ppc.rpm
77683b433a4075bb0c311cffa953cf505e948f35 ppc/libexif-devel-0.6.12-5.ppc.rpm
ed31d8bbecdb740de0362c71d25740c03effd546 x86_64/libexif-devel-0.6.12-5.x86_64.rpm
bfeaea199b4ed467690bf26aee22ba94ffa189b4 x86_64/libexif-0.6.12-5.x86_64.rpm
8a3f6f9b3efae7ec1265c52f22156085bc127b00 x86_64/debug/libexif-debuginfo-0.6.12-5.x86_64.rpm
4ab5d8f54188d630865bcf89d4edb417d57b3727 i386/debug/libexif-debuginfo-0.6.12-5.i386.rpm
9fb88803c06f1598e542c693f5d9fcac0194b405 i386/libexif-0.6.12-5.i386.rpm
aeb3f3584389097bb091d2ab6b046ac57ba0d93b i386/libexif-devel-0.6.12-5.i386.rpm

References

http://www.vupen.com/english/advisories/2007/2181
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00256.html
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00541.html

ChangeLog

2007-06-14 : Initial release
2007-06-25 : Updated Solution

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-07-06

     

  Microsoft Windows 0-Day
  Flaw Exploited in the Wild


  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy