exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

dsa-709.txt

dsa-709.txt
Posted Apr 24, 2005
Site security.debian.org

Debian Security Advisory DSA 709-1 - libexif remote buffer overflow. Sylvain Defresne discovered a buffer overflow in libexif, a library that parses EXIF files (such as JPEG files with extra tags).

tags | advisory, remote, overflow
systems | linux, debian
advisories | CVE-2005-0664
SHA-256 | c2a7812fbb6ff327e408302fc15ef6561ebdad0ebf7c737530c364cb58f717a9

dsa-709.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 709-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 15th, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : libexif
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0664
Debian Bug : 298464

Sylvain Defresne discovered a buffer overflow in libexif, a library
that parses EXIF files (such as JPEG files with extra tags). This bug
could be exploited to crash the application and maybe to execute
arbitrary code as well.

For the stable distribution (woody) this problem has been fixed in
version 0.5.0-1woody1.

For the unstable distribution (sid) this problem has been fixed in
version 0.6.9-5.

We recommend that you upgrade your libexif package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0-1woody1.dsc
Size/MD5 checksum: 588 c5f9941eb60839a174b36ca5ef2e05ab
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0-1woody1.diff.gz
Size/MD5 checksum: 2414 64f21ec303cd05c2d0bf15521e7707a0
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0.orig.tar.gz
Size/MD5 checksum: 178556 76dd5547de0f0e707d5049fe751c4679

Alpha architecture:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_alpha.deb
Size/MD5 checksum: 33402 68eca22ffef823e64bedf3db14c7778a
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_alpha.deb
Size/MD5 checksum: 27170 f8b1016e5dc5acad95e315d6efb8c639

ARM architecture:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_arm.deb
Size/MD5 checksum: 26968 3f551f779beb9881bda8a0cdf5c2914b
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_arm.deb
Size/MD5 checksum: 22208 6097611fbdc6de79c47569f3e3b6722f

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_i386.deb
Size/MD5 checksum: 25932 42107613e27b51fab7d912d8fefdc064
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_i386.deb
Size/MD5 checksum: 22334 c02b68cc168a284783c027d7d24d699b

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_ia64.deb
Size/MD5 checksum: 35582 390a36964cfcd55de7038226565012c7
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_ia64.deb
Size/MD5 checksum: 31536 0f2278ae6a257b58071b2e2ffa6eb3f9

HP Precision architecture:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_hppa.deb
Size/MD5 checksum: 30670 861713e3c4e355071c42087c9621dad1
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_hppa.deb
Size/MD5 checksum: 25502 f8d1d59f8d9c61e0b1392d102dcc2b13

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_m68k.deb
Size/MD5 checksum: 25280 34e605f3bbaa451da389328383948887
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_m68k.deb
Size/MD5 checksum: 22670 610afa47c67a3bbbe3e214f2be62eba2

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_mips.deb
Size/MD5 checksum: 29450 96459f3d71b380ebc8f77e21355cf817
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_mips.deb
Size/MD5 checksum: 22534 52575f793b537c62e759c7f3abef57be

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_mipsel.deb
Size/MD5 checksum: 29252 8b2f66fbacd87d306cb004c927469fce
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_mipsel.deb
Size/MD5 checksum: 22274 3e29e52d3ab8df5b32527be2d4322d7a

PowerPC architecture:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_powerpc.deb
Size/MD5 checksum: 30602 17fcace29b3eceb732c244b4dba36e5c
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_powerpc.deb
Size/MD5 checksum: 24140 ebc50f77e7085340b37dacd6dd9f62d7

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_s390.deb
Size/MD5 checksum: 26324 0d9e42b9723d95844b63a24f2fdfe369
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_s390.deb
Size/MD5 checksum: 23288 876b66520ca55e4791fdf4fc3f58aed2

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_sparc.deb
Size/MD5 checksum: 28568 dd158a4009865418c60a6124292264c0
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_sparc.deb
Size/MD5 checksum: 26168 06671f5d93b1ffa49b90bce5f36a33c5


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCX81CW5ql+IAeqTIRAn/RAKCoUXeCwUXAVSC+fK6aqkE3T5S9jgCcD3Ef
1Wqxz2vHKGP7zOpt0hfKrp8=
=XIIz
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close