Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[USN-91-1] EXIF library vulnerability

from [Martin Pitt] Network Security [Permanent Link]
Subject: [USN-91-1] EXIF library vulnerability
Date: Mon, 7 Mar 2005 18:18:51 +0100 
===========================================================
Ubuntu Security Notice USN-91-1              March 07, 2005
libexif vulnerabilities
https://bugzilla.ubuntulinux.org/7152
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libexif10

The problem can be corrected by upgrading the affected package to
version 0.6.9-1ubuntu0.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Sylvain Defresne discovered that the EXIF library did not properly
validate the structure of the EXIF tags. By tricking a user to load an
image with a malicious EXIF tag, an attacker could exploit this to
crash the process using the library, or even execute arbitrary code
with the privileges of the process.

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.9-1ubuntu0.1.diff.gz
      Size/MD5:     3179 e9fd1d2236959505cf178a020c188055
    
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.9-1ubuntu0.1.dsc
      Size/MD5:      601 2da73dc518844cf3461f3d962dd8c54a
    
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.9.orig.tar.gz
      Size/MD5:   520956 0aa142335a8a00c32bb6c7dbfe95fc24

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.9-1ubuntu0.1_amd64.deb
      Size/MD5:    67246 05d61f165d5dcbe88cca2c3fe241e1f3
    
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif10_0.6.9-1ubuntu0.1_amd64.deb
      Size/MD5:    81306 de2d6751deca8eefd36d88436be4e9cc

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.9-1ubuntu0.1_i386.deb
      Size/MD5:    64274 032c168632797a2a3ca36b2d994e8dcf
    
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif10_0.6.9-1ubuntu0.1_i386.deb
      Size/MD5:    78850 7f55dde4ed21e72732b90407ba1138e9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.9-1ubuntu0.1_powerpc.deb
      Size/MD5:    68474 9005e4ceb739ab6d1866a5cd7637a0b3
    
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif10_0.6.9-1ubuntu0.1_powerpc.deb
      Size/MD5:    80436 b4b646bd56dae9b6483450f597272cc9

Attachment: signature.asc
Description: Digital signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [USN-91-1] EXIF library vulnerability, Martin Pitt <=
Previous by Date:  Re: [Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2, Trog
Next by Date:  Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability, Hubert Chan
Previous by Thread:  [Full-disclosure] Administrivia: A new home for FD, John Cartwright
Next by Thread:  Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability, Hubert Chan
Indexes:  [Date] [Thread] [Top] [All Lists]