Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 181922
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Lars Hartmann <lars@chaotika.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 181922 depends on: Show dependency tree
Bug 181922 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-06-13 15:52 0000 
A vulnerability has been reported in libexif, which can be exploited by
malicious people to cause a DoS (Denial of Service) and potentially compromise
an application using the library.

The vulnerability is caused due to an error within the handling of EXIF
information. This can be exploited to crash an application using the library
and may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 0.6.16.
Solution:
Update to version 0.6.16.

Provided and/or discovered by:
The vendor credits iDefense.

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=515385

Reproducible: Always

------- Comment #1 From Lars Hartmann 2007-06-13 16:40:07 0000 ------- 
maintainers - please advise and bump as necessary

------- Comment #2 From Jeremy Huddleston (RETIRED) 2007-06-13 18:42:59 0000 ------- 
New version in portage.

Target KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86
~x86-fbsd"

------- Comment #3 From Markus Meier 2007-06-13 20:18:13 0000 ------- 
media-libs/libexif-0.6.16 USE="nls -doc"
1. emerges on x86
2. passes test suite
3. passes collision test
4. no revdep-rebuild needed and gnome-base/nautilus-2.16.3 emerges with it

Portage 2.1.2.7 (default-linux/x86/2007.0/desktop, gcc-4.1.2, glibc-2.5-r3,
2.6.20.14 i686)
=================================================================
System uname: 2.6.20.14 i686 Genuine Intel(R) CPU T2300 @ 1.66GHz
Gentoo Base System release 1.12.9
Timestamp of tree: Wed, 13 Jun 2007 19:30:01 +0000
dev-java/java-config: 1.3.7, 2.0.32
dev-lang/python:     2.3.5-r3, 2.4.4-r4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo
/etc/texmf/web2c"
CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="collision-protect distlocks metadata-transfer parallel-fetch sandbox
sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LINGUAS="en de en_GB de_CH"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi alsa apache2 asf avahi berkdb bitmap-fonts cairo cdr
cdrom cli cracklib crypt cups dbus divx dri dts dvd dvdr dvdread eds emboss
encode evo fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal
iconv ipv6 isdnlog java jpeg kde kdeenablefinal kerberos ldap libg++ mad midi
mikmod mmx mono mp3 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp
oss pam pcre pdf perl png pppd python qt3 qt3support qt4 quicktime readline
reflection rtsp ruby samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd
test tetex theora threads tiff truetype truetype-fonts type1-fonts unicode vcd
vorbis wifi win32codecs wxwindows x264 x86 xine xml xorg xprint xv xvid zlib"
ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LINGUAS="en de
en_GB de_CH" USERLAND="GNU" VIDEO_CARDS="i810 fbdev vesa"
Unset:  CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS,
PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

------- Comment #4 From Jeroen Roovers 2007-06-14 03:51:21 0000 ------- 
Stable for HPPA.

------- Comment #5 From Markus Rothe 2007-06-14 05:58:05 0000 ------- 
ppc64 stable

------- Comment #6 From Raúl Porcel 2007-06-14 11:07:23 0000 ------- 
alpha/ia64/x86 stable, thanks Markus

------- Comment #7 From Gustavo Zacarias (RETIRED) 2007-06-14 13:18:35 0000 ------- 
sparc stable.

------- Comment #8 From Tobias Scherbaum 2007-06-14 17:47:48 0000 ------- 
ppc stable

------- Comment #9 From Christoph Mende 2007-06-15 15:42:43 0000 ------- 
amd64 done

------- Comment #10 From Lars Hartmann 2007-06-16 14:58:48 0000 ------- 
thanks arches for testing and mantainers for providing the ebuild

this one is ready for glsa decision

------- Comment #11 From Pierre-Yves Rofes 2007-06-16 15:08:21 0000 ------- 
no need to vote here, B2 => glsa without a vote ;)

------- Comment #12 From Raphael Marichez 2007-06-26 23:00:44 0000 ------- 
GLSA 200706-09

------- Comment #13 From Joshua Kinard 2007-07-31 06:09:27 0000 ------- 
mip stable.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug