[PLSN-0006] new libexif package available [LWN.net]

From:		Peachtree Linux Security Team <security-AT-peachtree.burdell.org>
To:		peachlnx-security-AT-lists.sourceforge.net, bugtraq-AT-securityfocus.com
Subject:		[PLSN-0006] new libexif package available
Date:		Mon, 25 Apr 2005 22:13:38 -0400

---------------------------------------------------------------------------
Peachtree Linux Security Notice PLSN-0006
April 22, 2005

Remote DoS vulnerability in libexif
CAN-2005-0664
---------------------------------------------------------------------------

The following Peachtree Linux releases are affected:

   Peachtree Linux release 1 ("Atlanta")

Description:

   CAN-2005-0664:  Buffer overflow in the EXIF library (libexif) does not
   properly validate the structure of the EXIF tags, which allows remote
   attackers to cause a denial of service (application crash) and possibly
   execute arbitrary code via an image with a crafted EXIF tag.

Packages:

   alpha
      8cdf8dde707c24d1817eb99f5c81b783  libexif-0.6.11.alpha.dist

   i386
      767c6442a6e76ba424b2295c422bea3c  libexif-0.6.11.i686.dist

   ppc
      e5e7a516f9fc5be261c00beae0577517  libexif-0.6.11.ppc.dist

Solution:

   Download the appropriate package for your release of Peachtree linux.
   Upgrade your system to the new package:

      distadd -u packagename

   Where package name is the name of the package file from the list above.

-- 
Peachtree Linux Security Team
http://peachtree.burdell.org/

(Log in to post comments)