Debians sikkerhedsbulletin
DSA-1487-1 libexif -- flere sårbarheder
- Rapporteret den:
- 8. feb 2008
- Berørte pakker:
- libexif
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2007-2645, CVE-2007-6351, CVE-2007-6352.
- Yderligere oplysninger:
-
Flere sårbarheder er opdaget i EXIF-fortolkningskoden i biblioteket libexif, hvilket kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig kode, hvis en bruger blev narret til at åbne et misdannet billede. Projektet Common Vulnerabilities and Exposures har fundet frem til følgende problemer:
- CVE-2007-2645
Victor Stinner opdagede et heltalsoverløb, hvilket måske kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode.
- CVE-2007-6351
Meder Kydyraliev opdagede en uendelig løkke, hvilket måske kunne medføre lammelsesangreb.
- CVE-2007-6352
Victor Stinner opdagede et heltalsoverløb, hvilket måske kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode.
Denne opdatering retter også to potentielle NULL-pointerdereferencer.
I den gamle stabile distribution (sarge), er disse problemer fixed in 0.6.9-6sarge2.
I den stabile distribution (etch), er disse problemer rettet i version 0.6.13-5etch2.
Vi anbefaler at du opgraderer dine libexif-pakker.
- CVE-2007-2645
- Rettet i:
-
Debian GNU/Linux 3.1 (oldstable)
- Kildekode:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9.orig.tar.gz
- http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge2.dsc
- http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge2.diff.gz
- http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge2.dsc
- Alpha:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_arm.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_arm.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_i386.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_i386.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_ia64.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_m68k.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_mips.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_mips.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_powerpc.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_powerpc.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_s390.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_s390.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_sparc.deb
Debian GNU/Linux 4.0 (stable)
- Kildekode:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13.orig.tar.gz
- http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch2.dsc
- http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch2.diff.gz
- http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch2.dsc
- Alpha:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_alpha.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_alpha.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_amd64.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_amd64.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_arm.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_arm.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_i386.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_i386.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_ia64.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_ia64.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_mips.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_mips.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_mipsel.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_mipsel.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_s390.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_s390.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_sparc.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_sparc.deb
- http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.