Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Fedora Security Update Fixes Libexif "exif_data_load_data_entry()" Code Execution

Title : Fedora Security Update Fixes Libexif "exif_data_load_data_entry()" Code Execution
VUPEN ID : VUPEN/ADV-2007-2378
CVE ID : CVE-2006-4168
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-29

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary code. This issue is caused by an error in Libexif. For additional information, see : VUPEN/ADV-2007-2165

Affected Products

Fedora Core 6

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

0fd5f1acfb37de5bd85b973ecf3b00c69ff6d5e9 SRPMS/libexif-0.6.15-2.fc6.src.rpm
0fd5f1acfb37de5bd85b973ecf3b00c69ff6d5e9 noarch/libexif-0.6.15-2.fc6.src.rpm
f715aefa9558f7b827606e98c5d88bf919d9e5ff ppc/debug/libexif-debuginfo-0.6.15-2.fc6.ppc.rpm
c9a85c20b950a5c8f829280f05281d3657dd2aa9 ppc/libexif-0.6.15-2.fc6.ppc.rpm
90ed3965fdd563b74bd8e5f2d4af01b12e58b0e6 ppc/libexif-devel-0.6.15-2.fc6.ppc.rpm
f86b69b898a3824c1dcbadb14933d2866c310473 x86_64/debug/libexif-debuginfo-0.6.15-2.fc6.x86_64.rpm
ad3fd34dad258162c4bc9aa65020790af273b1a5 x86_64/libexif-devel-0.6.15-2.fc6.x86_64.rpm
9a3b3e18968081440411426a9139d5ca39ad196e x86_64/libexif-0.6.15-2.fc6.x86_64.rpm
4e10c52ad5dc5eca65d7d57bc9b86aba61b3b276 i386/libexif-0.6.15-2.fc6.i386.rpm
99ecbcfcdaeea08641c0a61b6d6c72c66530f214 i386/libexif-devel-0.6.15-2.fc6.i386.rpm
e583ddd0572027f1421a0d9ad1694d3769b1394e i386/debug/libexif-debuginfo-0.6.15-2.fc6.i386.rpm

References

http://www.vupen.com/english/advisories/2007/2378
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00628.html

ChangeLog

2007-06-29 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-07-06

     

  Microsoft Windows 0-Day
  Flaw Exploited in the Wild


  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy