LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Scientific Linux alert SL-libe-20120911 (libexif)



From:
    	      Pat Riehecky <riehecky@fnal.gov> 


To:
    	      "SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV"
	<SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV> 


Subject:
    	      Security ERRATA Moderate: libexif on SL5.x, SL6.x i386/x86_64 


Date:
    	      Tue, 11 Sep 2012 15:52:06 -0500


Message-ID:
    	      <504FA476.9000201@fnal.gov>


Archive-link:
    	      Article, Thread
              


Synopsis:          Moderate: libexif security update
Issue Date:        2012-09-11
CVE Numbers:       CVE-2012-2813
                    CVE-2012-2814
                    CVE-2012-2836
                    CVE-2012-2837
                    CVE-2012-2840
                    CVE-2012-2841
                    CVE-2012-2812

The libexif packages provide an Exchangeable image file format (Exif)
library. Exif allows metadata to be added to and read from certain types
of image files.

Multiple flaws were found in the way libexif processed Exif tags. An
attacker could create a specially-crafted image file that, when opened in
an application linked against libexif, could cause the application to
crash or, potentially, execute arbitrary code with the privileges of the
user running the application. (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814,
CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841)

Users of libexif are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. All running
applications linked against libexif must be restarted for the update to
take effect.

SL5
   x86_64
     libexif-0.6.21-1.el5_8.i386.rpm
     libexif-0.6.21-1.el5_8.x86_64.rpm
     libexif-devel-0.6.21-1.el5_8.i386.rpm
     libexif-devel-0.6.21-1.el5_8.x86_64.rpm
   i386
     libexif-0.6.21-1.el5_8.i386.rpm
     libexif-devel-0.6.21-1.el5_8.i386.rpm
SL6
   x86_64
     libexif-0.6.21-5.el6_3.i686.rpm
     libexif-0.6.21-5.el6_3.x86_64.rpm
     libexif-devel-0.6.21-5.el6_3.i686.rpm
     libexif-devel-0.6.21-5.el6_3.x86_64.rpm
   i386
     libexif-0.6.21-5.el6_3.i686.rpm
     libexif-devel-0.6.21-5.el6_3.i686.rpm

- Scientific Linux Development Team
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds