[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200712-15.xml - gentoo-commits

From:	"Pierre-Yves Rofes (py)" <py@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200712-15.xml
Date:	Sat, 29 Dec 2007 12:58:58
Message-Id:	`E1J8bH6-0001ev-DU@stork.gentoo.org`

1

py          07/12/29 12:58:48

2

3

  Added:                glsa-200712-15.xml

4

  Log:

5

  GLSA 200712-15

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-200712-15.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200712-15.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200712-15.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-200712-15.xml

14

===================================================================

15

<?xml version="1.0" encoding="utf-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

20

<glsa id="200712-15">

21

  <title>libexif: Multiple vulnerabilities</title>

22

  <synopsis>

23

    Two vulnerabilities in libexif possibly allow for the execution of

24

    arbitrary code or a Denial of Service.

25

  </synopsis>

26

  <product type="ebuild">libexif</product>

27

  <announced>December 29, 2007</announced>

28

  <revised>December 29, 2007: 01</revised>

29

  <bug>202350</bug>

30

  <access>remote</access>

31

  <affected>

32

    <package name="media-libs/libexif" auto="yes" arch="*">

33

      <unaffected range="ge">0.6.16-r1</unaffected>

34

      <vulnerable range="lt">0.6.16-r1</vulnerable>

35

    </package>

36

  </affected>

37

  <background>

38

<p>

39

    libexif is a library for parsing, editing and saving Exif metadata from

40

    images. Exif, the Exchangeable image file format, specifies the

41

    addition of metadata tags to JPEG, TIFF and RIFF files.

42

    </p>

43

  </background>

44

  <description>

45

<p>

46

    Meder Kydyraliev (Google Security) discovered an integer overflow

47

    vulnerability in the exif_data_load_data_thumbnail() function leading

48

    to a memory corruption (CVE-2007-6352) and an infinite recursion in the

49

    exif_loader_write() function (CVE-2007-6351).

50

    </p>

51

  </description>

52

  <impact type="normal">

53

<p>

54

    An attacker could entice the user of an application making use of

55

    libexif to load an image file with specially crafted Exif tags,

56

    possibly resulting in the execution of arbitrary code with the

57

    privileges of the user running the application or a Denial of Service.

58

    </p>

59

  </impact>

60

  <workaround>

61

<p>

62

    There is no known workaround at this time.

63

    </p>

64

  </workaround>

65

  <resolution>

66

<p>

67

    All libexif users should upgrade to the latest version:

68

    </p>

69

    <code>

70

    # emerge --sync

71

    # emerge --ask --oneshot --verbose &quot;&gt;=media-libs/libexif-0.6.16-r1&quot;</code>

72

  </resolution>

73

  <references>

74

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6351">CVE-2007-6351</uri>

75

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6352">CVE-2007-6352</uri>

76

  </references>

77

  <metadata tag="requester" timestamp="Fri, 21 Dec 2007 23:07:24 +0000">

78

    keytoaster

79

  </metadata>

80

  <metadata tag="submitter" timestamp="Sun, 23 Dec 2007 19:26:36 +0000">

81

rbu

82

  </metadata>

83

  <metadata tag="bugReady" timestamp="Sun, 23 Dec 2007 19:28:21 +0000">

84

rbu

85

  </metadata>

86

</glsa>

--

91

gentoo-commits@g.o mailing list

1	py 07/12/29 12:58:48
2
3	Added: glsa-200712-15.xml
4	Log:
5	GLSA 200712-15
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-200712-15.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200712-15.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200712-15.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-200712-15.xml
14	===================================================================
15	<?xml version="1.0" encoding="utf-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20	<glsa id="200712-15">
21	<title>libexif: Multiple vulnerabilities</title>
22	<synopsis>
23	Two vulnerabilities in libexif possibly allow for the execution of
24	arbitrary code or a Denial of Service.
25	</synopsis>
26	<product type="ebuild">libexif</product>
27	<announced>December 29, 2007</announced>
28	<revised>December 29, 2007: 01</revised>
29	<bug>202350</bug>
30	<access>remote</access>
31	<affected>
32	<package name="media-libs/libexif" auto="yes" arch="*">
33	<unaffected range="ge">0.6.16-r1</unaffected>
34	<vulnerable range="lt">0.6.16-r1</vulnerable>
35	</package>
36	</affected>
37	<background>
38	<p>
39	libexif is a library for parsing, editing and saving Exif metadata from
40	images. Exif, the Exchangeable image file format, specifies the
41	addition of metadata tags to JPEG, TIFF and RIFF files.
42	</p>
43	</background>
44	<description>
45	<p>
46	Meder Kydyraliev (Google Security) discovered an integer overflow
47	vulnerability in the exif_data_load_data_thumbnail() function leading
48	to a memory corruption (CVE-2007-6352) and an infinite recursion in the
49	exif_loader_write() function (CVE-2007-6351).
50	</p>
51	</description>
52	<impact type="normal">
53	<p>
54	An attacker could entice the user of an application making use of
55	libexif to load an image file with specially crafted Exif tags,
56	possibly resulting in the execution of arbitrary code with the
57	privileges of the user running the application or a Denial of Service.
58	</p>
59	</impact>
60	<workaround>
61	<p>
62	There is no known workaround at this time.
63	</p>
64	</workaround>
65	<resolution>
66	<p>
67	All libexif users should upgrade to the latest version:
68	</p>
69	<code>
70	# emerge --sync
71	# emerge --ask --oneshot --verbose ">=media-libs/libexif-0.6.16-r1"</code>
72	</resolution>
73	<references>
74	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6351">CVE-2007-6351</uri>
75	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6352">CVE-2007-6352</uri>
76	</references>
77	<metadata tag="requester" timestamp="Fri, 21 Dec 2007 23:07:24 +0000">
78	keytoaster
79	</metadata>
80	<metadata tag="submitter" timestamp="Sun, 23 Dec 2007 19:26:36 +0000">
81	rbu
82	</metadata>
83	<metadata tag="bugReady" timestamp="Sun, 23 Dec 2007 19:28:21 +0000">
84	rbu
85	</metadata>
86	</glsa>
87
88
89
90	--
91	gentoo-commits@g.o mailing list

Gentoo Archives: gentoo-commits