Red Hat Product Errata RHSA-2007:0501 - Security Advisory
Issued:
2007-06-14
Updated:
2007-06-14

RHSA-2007:0501 - Security Advisory

Synopsis

Moderate: libexif integer overflow

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated libexif packages that fix an integer overflow flaw are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

Description

The libexif package contains the EXIF library. Applications use this
library to parse EXIF image files.

An integer overflow flaw was found in the way libexif parses EXIF image
tags. If a victim opens a carefully crafted EXIF image file it could cause
the application linked against libexif to execute arbitrary code or crash.
(CVE-2007-4168)

Users of libexif should upgrade to these updated packages, which contain a
backported patch and are not vulnerable to this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

Red Hat Enterprise Linux Server 5

SRPM
libexif-0.6.13-4.0.2.el5.src.rpm SHA-256: de4bc66c49633248a69846f99536fea5c2111e6f1c14d597e13ebaeeedbffbde
x86_64
libexif-0.6.13-4.0.2.el5.i386.rpm SHA-256: da72ad453e24bf93728a6dc273f2779e48771078aba1bde58086d83db254cbec
libexif-0.6.13-4.0.2.el5.x86_64.rpm SHA-256: 8d40f25244ff55a437048b232736a564f5fa1d45f70d7e1da377713746a73d63
libexif-devel-0.6.13-4.0.2.el5.i386.rpm SHA-256: e0297e450d81f44cb65041c996e34f0218f7fc1dae7e0279349cd9a41d25a311
libexif-devel-0.6.13-4.0.2.el5.x86_64.rpm SHA-256: ff0daa732dd04eed781203f9117d2368d9a50c2029c3a520d3ac9c947aa71301
ia64
libexif-0.6.13-4.0.2.el5.ia64.rpm SHA-256: a4e9c03d52dad83dd9aa77058deace546c82e35e321c77525ecf655083888d22
libexif-devel-0.6.13-4.0.2.el5.ia64.rpm SHA-256: dc47d9b3488720a9759c2de9bb87efdff2120a507b295878aa4378798e90b4c4
i386
libexif-0.6.13-4.0.2.el5.i386.rpm SHA-256: da72ad453e24bf93728a6dc273f2779e48771078aba1bde58086d83db254cbec
libexif-devel-0.6.13-4.0.2.el5.i386.rpm SHA-256: e0297e450d81f44cb65041c996e34f0218f7fc1dae7e0279349cd9a41d25a311

Red Hat Enterprise Linux Server 4

SRPM
libexif-0.5.12-5.1.0.2.src.rpm SHA-256: f72c6047b70bdde03451928fdb397e46563a8a2b964099edcdddc33d6b4d979c
x86_64
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-0.5.12-5.1.0.2.x86_64.rpm SHA-256: 73ed993cb270a8e5f33005f4fa830018d12043975c9a72dd3a05c44fb0979b3a
libexif-0.5.12-5.1.0.2.x86_64.rpm SHA-256: 73ed993cb270a8e5f33005f4fa830018d12043975c9a72dd3a05c44fb0979b3a
libexif-devel-0.5.12-5.1.0.2.x86_64.rpm SHA-256: 6bbbc2123953aa35d21f303fc3fb82c46eb2086d18b0b314c108bd397fde582b
libexif-devel-0.5.12-5.1.0.2.x86_64.rpm SHA-256: 6bbbc2123953aa35d21f303fc3fb82c46eb2086d18b0b314c108bd397fde582b
ia64
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-0.5.12-5.1.0.2.ia64.rpm SHA-256: 34aba9a1557ff9e274cca65e81c6285f566fd4ab81fecd98a7344f056f5a119f
libexif-0.5.12-5.1.0.2.ia64.rpm SHA-256: 34aba9a1557ff9e274cca65e81c6285f566fd4ab81fecd98a7344f056f5a119f
libexif-devel-0.5.12-5.1.0.2.ia64.rpm SHA-256: 6811664669c3a9b4a2ef219121a5c18cb85662258e45f2deb8ecc53fe8936f4a
libexif-devel-0.5.12-5.1.0.2.ia64.rpm SHA-256: 6811664669c3a9b4a2ef219121a5c18cb85662258e45f2deb8ecc53fe8936f4a
i386
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-devel-0.5.12-5.1.0.2.i386.rpm SHA-256: aa38d569060ec13515a0ee2a0bd6a9b5da213b988a329f4f12cbee2972b170e3
libexif-devel-0.5.12-5.1.0.2.i386.rpm SHA-256: aa38d569060ec13515a0ee2a0bd6a9b5da213b988a329f4f12cbee2972b170e3

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5

SRPM
libexif-0.5.12-5.1.0.2.src.rpm SHA-256: f72c6047b70bdde03451928fdb397e46563a8a2b964099edcdddc33d6b4d979c
x86_64
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-0.5.12-5.1.0.2.x86_64.rpm SHA-256: 73ed993cb270a8e5f33005f4fa830018d12043975c9a72dd3a05c44fb0979b3a
libexif-0.5.12-5.1.0.2.x86_64.rpm SHA-256: 73ed993cb270a8e5f33005f4fa830018d12043975c9a72dd3a05c44fb0979b3a
libexif-devel-0.5.12-5.1.0.2.x86_64.rpm SHA-256: 6bbbc2123953aa35d21f303fc3fb82c46eb2086d18b0b314c108bd397fde582b
libexif-devel-0.5.12-5.1.0.2.x86_64.rpm SHA-256: 6bbbc2123953aa35d21f303fc3fb82c46eb2086d18b0b314c108bd397fde582b
ia64
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-0.5.12-5.1.0.2.ia64.rpm SHA-256: 34aba9a1557ff9e274cca65e81c6285f566fd4ab81fecd98a7344f056f5a119f
libexif-0.5.12-5.1.0.2.ia64.rpm SHA-256: 34aba9a1557ff9e274cca65e81c6285f566fd4ab81fecd98a7344f056f5a119f
libexif-devel-0.5.12-5.1.0.2.ia64.rpm SHA-256: 6811664669c3a9b4a2ef219121a5c18cb85662258e45f2deb8ecc53fe8936f4a
libexif-devel-0.5.12-5.1.0.2.ia64.rpm SHA-256: 6811664669c3a9b4a2ef219121a5c18cb85662258e45f2deb8ecc53fe8936f4a
i386
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-devel-0.5.12-5.1.0.2.i386.rpm SHA-256: aa38d569060ec13515a0ee2a0bd6a9b5da213b988a329f4f12cbee2972b170e3
libexif-devel-0.5.12-5.1.0.2.i386.rpm SHA-256: aa38d569060ec13515a0ee2a0bd6a9b5da213b988a329f4f12cbee2972b170e3

Red Hat Enterprise Linux Workstation 5

SRPM
libexif-0.6.13-4.0.2.el5.src.rpm SHA-256: de4bc66c49633248a69846f99536fea5c2111e6f1c14d597e13ebaeeedbffbde
x86_64
libexif-0.6.13-4.0.2.el5.i386.rpm SHA-256: da72ad453e24bf93728a6dc273f2779e48771078aba1bde58086d83db254cbec
libexif-0.6.13-4.0.2.el5.x86_64.rpm SHA-256: 8d40f25244ff55a437048b232736a564f5fa1d45f70d7e1da377713746a73d63
libexif-devel-0.6.13-4.0.2.el5.i386.rpm SHA-256: e0297e450d81f44cb65041c996e34f0218f7fc1dae7e0279349cd9a41d25a311
libexif-devel-0.6.13-4.0.2.el5.x86_64.rpm SHA-256: ff0daa732dd04eed781203f9117d2368d9a50c2029c3a520d3ac9c947aa71301
i386
libexif-0.6.13-4.0.2.el5.i386.rpm SHA-256: da72ad453e24bf93728a6dc273f2779e48771078aba1bde58086d83db254cbec
libexif-devel-0.6.13-4.0.2.el5.i386.rpm SHA-256: e0297e450d81f44cb65041c996e34f0218f7fc1dae7e0279349cd9a41d25a311

Red Hat Enterprise Linux Workstation 4

SRPM
libexif-0.5.12-5.1.0.2.src.rpm SHA-256: f72c6047b70bdde03451928fdb397e46563a8a2b964099edcdddc33d6b4d979c
x86_64
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-0.5.12-5.1.0.2.x86_64.rpm SHA-256: 73ed993cb270a8e5f33005f4fa830018d12043975c9a72dd3a05c44fb0979b3a
libexif-devel-0.5.12-5.1.0.2.x86_64.rpm SHA-256: 6bbbc2123953aa35d21f303fc3fb82c46eb2086d18b0b314c108bd397fde582b
ia64
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-0.5.12-5.1.0.2.ia64.rpm SHA-256: 34aba9a1557ff9e274cca65e81c6285f566fd4ab81fecd98a7344f056f5a119f
libexif-devel-0.5.12-5.1.0.2.ia64.rpm SHA-256: 6811664669c3a9b4a2ef219121a5c18cb85662258e45f2deb8ecc53fe8936f4a
i386
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-devel-0.5.12-5.1.0.2.i386.rpm SHA-256: aa38d569060ec13515a0ee2a0bd6a9b5da213b988a329f4f12cbee2972b170e3

Red Hat Enterprise Linux Desktop 5

SRPM
libexif-0.6.13-4.0.2.el5.src.rpm SHA-256: de4bc66c49633248a69846f99536fea5c2111e6f1c14d597e13ebaeeedbffbde
x86_64
libexif-0.6.13-4.0.2.el5.i386.rpm SHA-256: da72ad453e24bf93728a6dc273f2779e48771078aba1bde58086d83db254cbec
libexif-0.6.13-4.0.2.el5.x86_64.rpm SHA-256: 8d40f25244ff55a437048b232736a564f5fa1d45f70d7e1da377713746a73d63
i386
libexif-0.6.13-4.0.2.el5.i386.rpm SHA-256: da72ad453e24bf93728a6dc273f2779e48771078aba1bde58086d83db254cbec

Red Hat Enterprise Linux Desktop 4

SRPM
libexif-0.5.12-5.1.0.2.src.rpm SHA-256: f72c6047b70bdde03451928fdb397e46563a8a2b964099edcdddc33d6b4d979c
x86_64
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-0.5.12-5.1.0.2.x86_64.rpm SHA-256: 73ed993cb270a8e5f33005f4fa830018d12043975c9a72dd3a05c44fb0979b3a
libexif-devel-0.5.12-5.1.0.2.x86_64.rpm SHA-256: 6bbbc2123953aa35d21f303fc3fb82c46eb2086d18b0b314c108bd397fde582b
i386
libexif-0.5.12-5.1.0.2.i386.rpm SHA-256: 256cc841a657a566d7a133d4e984d925af82e53ea50715cfcb5a7da3c644fe61
libexif-devel-0.5.12-5.1.0.2.i386.rpm SHA-256: aa38d569060ec13515a0ee2a0bd6a9b5da213b988a329f4f12cbee2972b170e3

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
libexif-0.6.13-4.0.2.el5.src.rpm SHA-256: de4bc66c49633248a69846f99536fea5c2111e6f1c14d597e13ebaeeedbffbde
s390x
libexif-0.6.13-4.0.2.el5.s390.rpm SHA-256: 15cfbfb826a48c1bc24e08547c49325c7c3b6aedcc3bfc0d754794281cf087e1
libexif-0.6.13-4.0.2.el5.s390x.rpm SHA-256: 986f2dac00c02a08dcae839c9d00f1b0e52159b9ccbbc8172f53263939ac3588
libexif-devel-0.6.13-4.0.2.el5.s390.rpm SHA-256: 6d214f0ddc949bc3fe0ec7ba0ee2a3a4c17fa7b5aaadd8e626078dc7fbf941cc
libexif-devel-0.6.13-4.0.2.el5.s390x.rpm SHA-256: d7385287fd6cd919bb87365965388712e0350ad4da3046b1fab5f82cd547e2ea

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
libexif-0.5.12-5.1.0.2.src.rpm SHA-256: f72c6047b70bdde03451928fdb397e46563a8a2b964099edcdddc33d6b4d979c
s390x
libexif-0.5.12-5.1.0.2.s390.rpm SHA-256: e81cc0825c770a648fb7aeca46a44112ece9b6051f7c426d35f013e3f9a4fbdb
libexif-0.5.12-5.1.0.2.s390x.rpm SHA-256: 453cb4ea400f19da7928652720e939246fade0de51d58ed0cee2d34fb2c11e85
libexif-devel-0.5.12-5.1.0.2.s390x.rpm SHA-256: 99cfd8e087822e814d98837a2bfe09f709cd057f7c77e6be5ea128f49c06e4e8
s390
libexif-0.5.12-5.1.0.2.s390.rpm SHA-256: e81cc0825c770a648fb7aeca46a44112ece9b6051f7c426d35f013e3f9a4fbdb
libexif-devel-0.5.12-5.1.0.2.s390.rpm SHA-256: 7ec286fc3c3dc129f05a09f9129339d6fec8c93f8bc4dff6b42e82dff9d4ea24

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
libexif-0.5.12-5.1.0.2.src.rpm SHA-256: f72c6047b70bdde03451928fdb397e46563a8a2b964099edcdddc33d6b4d979c
s390x
libexif-0.5.12-5.1.0.2.s390.rpm SHA-256: e81cc0825c770a648fb7aeca46a44112ece9b6051f7c426d35f013e3f9a4fbdb
libexif-0.5.12-5.1.0.2.s390x.rpm SHA-256: 453cb4ea400f19da7928652720e939246fade0de51d58ed0cee2d34fb2c11e85
libexif-devel-0.5.12-5.1.0.2.s390x.rpm SHA-256: 99cfd8e087822e814d98837a2bfe09f709cd057f7c77e6be5ea128f49c06e4e8
s390
libexif-0.5.12-5.1.0.2.s390.rpm SHA-256: e81cc0825c770a648fb7aeca46a44112ece9b6051f7c426d35f013e3f9a4fbdb
libexif-devel-0.5.12-5.1.0.2.s390.rpm SHA-256: 7ec286fc3c3dc129f05a09f9129339d6fec8c93f8bc4dff6b42e82dff9d4ea24

Red Hat Enterprise Linux for Power, big endian 5

SRPM
libexif-0.6.13-4.0.2.el5.src.rpm SHA-256: de4bc66c49633248a69846f99536fea5c2111e6f1c14d597e13ebaeeedbffbde
ppc
libexif-0.6.13-4.0.2.el5.ppc.rpm SHA-256: 461e62a7a2707c34f35c558e889dcb3232cf87b159fb523cc97663cd60fc5348
libexif-0.6.13-4.0.2.el5.ppc64.rpm SHA-256: 5fba5e9ded8e1a452220746742f1a2659e1a2d9c7a8af3943d83940a517a41ae
libexif-devel-0.6.13-4.0.2.el5.ppc.rpm SHA-256: 48603f4a4ec8f36853b182b1eab67e43d4695ed5b647394ec9ca5dc4bb4bb18d
libexif-devel-0.6.13-4.0.2.el5.ppc64.rpm SHA-256: d38be61eff6216e60d691f946ce7d8030451d57deb4a2d09872397b43d1e327d

Red Hat Enterprise Linux for Power, big endian 4

SRPM
libexif-0.5.12-5.1.0.2.src.rpm SHA-256: f72c6047b70bdde03451928fdb397e46563a8a2b964099edcdddc33d6b4d979c
ppc
libexif-0.5.12-5.1.0.2.ppc.rpm SHA-256: 1e2232f220e440c2aca7503c4afed2c1714735941ddd914aa7f053751d32d9cd
libexif-0.5.12-5.1.0.2.ppc64.rpm SHA-256: 03d8d8561108965af327460043ef990aab56f7a099c91b1d563a52a564babaef
libexif-devel-0.5.12-5.1.0.2.ppc.rpm SHA-256: c942105843cbb599cc133b21d22a281787527e547e5cf2177ff9bdd796b0d930

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
libexif-0.5.12-5.1.0.2.src.rpm SHA-256: f72c6047b70bdde03451928fdb397e46563a8a2b964099edcdddc33d6b4d979c
ppc
libexif-0.5.12-5.1.0.2.ppc.rpm SHA-256: 1e2232f220e440c2aca7503c4afed2c1714735941ddd914aa7f053751d32d9cd
libexif-0.5.12-5.1.0.2.ppc64.rpm SHA-256: 03d8d8561108965af327460043ef990aab56f7a099c91b1d563a52a564babaef
libexif-devel-0.5.12-5.1.0.2.ppc.rpm SHA-256: c942105843cbb599cc133b21d22a281787527e547e5cf2177ff9bdd796b0d930

Red Hat Enterprise Linux Server from RHUI 5

SRPM
libexif-0.6.13-4.0.2.el5.src.rpm SHA-256: de4bc66c49633248a69846f99536fea5c2111e6f1c14d597e13ebaeeedbffbde
x86_64
libexif-0.6.13-4.0.2.el5.i386.rpm SHA-256: da72ad453e24bf93728a6dc273f2779e48771078aba1bde58086d83db254cbec
libexif-0.6.13-4.0.2.el5.x86_64.rpm SHA-256: 8d40f25244ff55a437048b232736a564f5fa1d45f70d7e1da377713746a73d63
libexif-devel-0.6.13-4.0.2.el5.i386.rpm SHA-256: e0297e450d81f44cb65041c996e34f0218f7fc1dae7e0279349cd9a41d25a311
libexif-devel-0.6.13-4.0.2.el5.x86_64.rpm SHA-256: ff0daa732dd04eed781203f9117d2368d9a50c2029c3a520d3ac9c947aa71301
i386
libexif-0.6.13-4.0.2.el5.i386.rpm SHA-256: da72ad453e24bf93728a6dc273f2779e48771078aba1bde58086d83db254cbec
libexif-devel-0.6.13-4.0.2.el5.i386.rpm SHA-256: e0297e450d81f44cb65041c996e34f0218f7fc1dae7e0279349cd9a41d25a311

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.