|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2013-1257 (libexif)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 16 Update: libexif-0.6.21-2.fc16 


Date:
    	      Fri, 08 Feb 2013 02:14:42 +0000


Message-ID:
    	      <20130208021442.304AA20BC2@bastion01.phx2.fedoraproject.org>


Archive‑link: 
        	Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-1257
2013-01-23 00:34:16
--------------------------------------------------------------------------------

Name        : libexif
Product     : Fedora 16
Version     : 0.6.21
Release     : 2.fc16
URL         : http://libexif.sourceforge.net/
Summary     : Library for extracting extra information from image files
Description :
Most digital cameras produce EXIF files, which are JPEG files with
extra tags that contain information about the image. The EXIF library
allows you to parse an EXIF file and read the data from those tags.

--------------------------------------------------------------------------------
Update Information:

A security bugfix release.
A security bugfix release.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 21 2013 Petr Šabata <contyk@redhat.com> - 0.6.21-2
- Old build GC'd before pushed into testing
* Fri Jul 13 2012 Petr Šabata <contyk@redhat.com> - 0.6.21-1
- 0.6.21 bump
- A security bugfixing release (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814,
  CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841 & CVE-2012-2845)
- Drop the pre-generated docs and introduce a doc subpackage
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #839182 - CVE-2012-2813 libexif: "exif_convert_utf16_to_utf8()" heap-based
out-of-bounds array read
        https://bugzilla.redhat.com/show_bug.cgi?id=839182
  [ 2 ] Bug #839183 - CVE-2012-2814 libexif: "exif_entry_format_value()" buffer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=839183
  [ 3 ] Bug #839184 - CVE-2012-2836 libexif: "exif_data_load_data()" heap-based out-of-bounds array
read
        https://bugzilla.redhat.com/show_bug.cgi?id=839184
  [ 4 ] Bug #839185 - CVE-2012-2837 libexif: "mnote_olympus_entry_get_value()" division by zero
        https://bugzilla.redhat.com/show_bug.cgi?id=839185
  [ 5 ] Bug #839188 - CVE-2012-2840 libexif: "exif_convert_utf16_to_utf8()" off-by-one
        https://bugzilla.redhat.com/show_bug.cgi?id=839188
  [ 6 ] Bug #839189 - CVE-2012-2841 libexif: "exif_entry_get_value()" integer underflow
        https://bugzilla.redhat.com/show_bug.cgi?id=839189
  [ 7 ] Bug #839203 - CVE-2012-2812 libexif: "exif_entry_get_value()" heap-based out-of-bounds
array read
        https://bugzilla.redhat.com/show_bug.cgi?id=839203
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libexif' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds