Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2007-164-01
HistoryJun 14, 2007 - 3:34 a.m.

[slackware-security] libexif

2007-06-1403:34:36
Slackware Linux Project
www.slackware.com
12

EPSS

0.002

Percentile

52.8%

JSON

New libexif packages are available for Slackware 10.2, 11.0, and -current to
fix a crash and potential security issue.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

https://vulners.com/cve/CVE-2007-4168

Here are the details from the Slackware 11.0 ChangeLog:

l/libexif-0.6.16-i486-1_slack11.0.tgz: Upgraded to libexif-0.6.16.
An integer overflow in libexif can crash applications that use the library
on malformed images. The upstream advisory indicates that this flaw could
also be used to execute arbitrary code in the context of the user, but no
exploit is known (by us) to exist among iDefense’s researchers or in the
wild. But, as a crash bug and heap overflow one must suppose that the
possibility exists.
https://vulners.com/cve/CVE-2007-4168
(* Security fix *)

Where to find the new packages:

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libexif-0.6.16-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libexif-0.6.16-i486-1_slack11.0.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libexif-0.6.16-i486-1.tgz

MD5 signatures:

Slackware 10.2 package:
cd7fae377395a5b9538a702a7ff23afc libexif-0.6.16-i486-1_slack10.2.tgz

Slackware 11.0 package:
c10f21ab97a858ac1183e6a2cc916dd9 libexif-0.6.16-i486-1_slack11.0.tgz

Slackware -current package:
151902aeb8486e2884afd3bb84e48535 libexif-0.6.16-i486-1.tgz

Installation instructions:

Upgrade the package as root:
> upgradepkg libexif-0.6.16-i486-1_slack11.0.tgz

Related

openvas 2
fedora 4
cvelist 1
nessus 7
centos 1
redhat 1
oraclelinux 1
prion 1
cve 1
nvd 1
openvas
openvas
Slackware Advisory SSA:2007-164-01 libexif
2012-09-11 00:00:00
Slackware: Security Advisory (SSA:2007-164-01)
2012-09-10 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: libexif-0.6.12-5
2007-06-25 17:30:41
[SECURITY] Fedora Core 6 Update: libexif-0.6.15-2.fc6
2007-06-28 01:50:38
[SECURITY] Fedora 7 Update: libexif-0.6.15-2.fc7
2007-06-13 21:10:47
cvelist
cvelist
CVE-2007-4168
2007-06-20 23:00:00
nessus
nessus
Fedora 7 : libexif-0.6.15-2.fc7 (2007-0414)
2007-11-06 00:00:00
Fedora Core 5 : libexif-0.6.12-5 (2007-605)
2007-06-27 00:00:00
Fedora Core 6 : libexif-0.6.15-2.fc6 (2007-614)
2007-06-29 00:00:00
centos
centos
libexif security update
2007-06-16 06:38:10
redhat
redhat
(RHSA-2007:0501) Moderate: libexif integer overflow
2007-06-14 00:00:00
oraclelinux
oraclelinux
Moderate: libexif security update: integer overflow
2007-06-14 00:00:00
prion
prion
Design/Logic Flaw
2007-06-20 23:30:00
cve
cve
CVE-2007-4168
2007-06-20 23:30:00
nvd
nvd
CVE-2007-4168
2007-06-20 23:30:00

EPSS

0.002

Percentile

52.8%

JSON
Related for SSA-2007-164-01
openvas2fedora4cvelist1nessus7centos1redhat1oraclelinux1prion1cve1nvd1