Säkerhetsbulletin från Debian

DSA-1310-1 libexif -- heltalsspill

Rapporterat den:

2007-06-16

Berörda paket:

libexif

Sårbara:

Referenser i säkerhetsdatabaser:

I Debians felrapporteringssystem: Fel 424775.
I Mitres CVE-förteckning: CVE-2006-4168.

Ytterligare information:

En sårbarhet har upptäckts i libexif, ett bibliotek för att tolka EXIF-filer, vilket möjliggjorde en överbelastningsattack och möjligen exekvering av godtycklig kod via felformaterad EXIF-data.

För den gamla stabila utgåvan (Sarge) har detta problem rättats i version 0.6.9-6sarge1.

För den stabila utgåvan (Etch) har detta problem rättats i version 0.6.13-5etch1.

Vi rekommenderar att ni uppgraderar ert libexif-paket.

Rättat i:

Debian GNU/Linux 3.1 (oldstable)

Källkod:: http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge1.diff.gz
Size/MD5 checksum: 4786 7f1c3acc1bd7a5cbba3d5902243641f3; http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge1.dsc
Size/MD5 checksum: 591 42d25baee97586f3ea1498a8f48ccf4a; http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9.orig.tar.gz
Size/MD5 checksum: 520956 0aa142335a8a00c32bb6c7dbfe95fc24
Alpha:: http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_alpha.deb
Size/MD5 checksum: 87472 b89fd309bcdbffe922868fdc94ae3995; http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_alpha.deb
Size/MD5 checksum: 87512 dfe1e955fa930314229d7bb60e3ff836
AMD64:: http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_amd64.deb
Size/MD5 checksum: 82032 4c5f701021eb2000bc3ef6f883567ce2; http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_amd64.deb
Size/MD5 checksum: 67686 16b056d71ca768c86008dcee30866f60
ARM:: http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_arm.deb
Size/MD5 checksum: 77166 2aa58aba802cace8d19c69bde064353f; http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_arm.deb
Size/MD5 checksum: 63856 c4d53b9592202e1fdd33488fd60c6d34
HP Precision:: http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_hppa.deb
Size/MD5 checksum: 72520 ee8e668619021e6b7835008ff995b7d9; http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_hppa.deb
Size/MD5 checksum: 87552 98de1cc25069f89469b2d27163f5899b
Intel IA-32:: http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_i386.deb
Size/MD5 checksum: 81852 c160054570be46b37aea3eab9b4eaccb; http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_i386.deb
Size/MD5 checksum: 67106 d068596d9648d1ce07eab1cc960cc64c
Intel IA-64:: http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_ia64.deb
Size/MD5 checksum: 84206 0246ab59dabd154efd976ff66bc92f41; http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_ia64.deb
Size/MD5 checksum: 95380 154b1660da3aa9de555d2a01771069f6
Motorola 680x0:: http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_m68k.deb
Size/MD5 checksum: 79144 d4efcd6b0d598fbdb5f63a8737f49964; http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_m68k.deb
Size/MD5 checksum: 57968 d746fafbc55a58c83920a6630b416365
Big-endian MIPS:: http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_mips.deb
Size/MD5 checksum: 68116 231d9384f29995322dca3d138aa0bd41; http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_mips.deb
Size/MD5 checksum: 77876 d245ced8cef61e9b29c01891fb28be83
Little-endian MIPS:: http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_mipsel.deb
Size/MD5 checksum: 77066 a803eeb2551df736a9ad6bfbcd4aec5d; http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_mipsel.deb
Size/MD5 checksum: 67570 a4962d489742e261878d1e76072de447
IBM S/390:: http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_s390.deb
Size/MD5 checksum: 69688 921fe72654e3fb1d8f43dc40c67f2196; http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_s390.deb
Size/MD5 checksum: 82194 e452ad17bc755a7896789d72ba6a19ef
Sun Sparc:: http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_sparc.deb
Size/MD5 checksum: 80210 5af15c3f4ba80c2349b22e31fdace319; http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_sparc.deb
Size/MD5 checksum: 66224 eff51355ec2cc7ad61a8cafd51b7827d

Debian GNU/Linux 4.0 (stable)

Källkod:: http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch1.dsc
Size/MD5 checksum: 611 1ef82262d96e0b157f7ee74bfad7cf1f; http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13.orig.tar.gz
Size/MD5 checksum: 727418 e5ad93c170bfb4fed6dc3e1c7a7948cb; http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch1.diff.gz
Size/MD5 checksum: 9163 476ae8f1ef4103144ca0f3ea59e88ca4
Alpha:: http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_alpha.deb
Size/MD5 checksum: 1067984 e5c33b25fd459761ea2d19d9142b5cdf; http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_alpha.deb
Size/MD5 checksum: 148336 88bc8cc66ad78ddf4b096015148dba82
AMD64:: http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_amd64.deb
Size/MD5 checksum: 142954 ceeccbe1112250949070f1c06b78536c; http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_amd64.deb
Size/MD5 checksum: 1044550 b55daeeb41735e7f3024d68186643805
ARM:: http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_arm.deb
Size/MD5 checksum: 997646 18411c1a63d5d4e537992140cbdf7721; http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_arm.deb
Size/MD5 checksum: 135988 1195dbf898c9550590a2a76b327a4eb4
HP Precision:: http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_hppa.deb
Size/MD5 checksum: 147200 dece4fe67839197f3f4cbac78aec2a43; http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_hppa.deb
Size/MD5 checksum: 1013194 6de2cec24dffdeffa1abf69175d48962
Intel IA-32:: http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_i386.deb
Size/MD5 checksum: 998686 19d1987a4222f5da26521ba96dbf20cf; http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_i386.deb
Size/MD5 checksum: 139954 73713093a5b8e423284e7bc5bd55a120
Intel IA-64:: http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_ia64.deb
Size/MD5 checksum: 159424 f1a821774f55ffc4e1aa1238d05835e3; http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_ia64.deb
Size/MD5 checksum: 1028554 c599bc392ff53a2f1b8da9d0270dd6b1
Big-endian MIPS:: http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_mips.deb
Size/MD5 checksum: 136666 42403f5fe88c1608fbd99e24b0fba51a; http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_mips.deb
Size/MD5 checksum: 1008580 24c2d6980675f456a8771b665ea43b75
Little-endian MIPS:: http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_mipsel.deb
Size/MD5 checksum: 136120 fea308e90afe74d83dbc00d800d08a3d; http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_mipsel.deb
Size/MD5 checksum: 1008154 6c88505ee31716eb604d1d1ccdbf33f0
PowerPC:: http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_powerpc.deb
Size/MD5 checksum: 1005486 997bbd5a30ba6012c8394df7bd95d095; http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_powerpc.deb
Size/MD5 checksum: 138166 41e221f883a8eac1f080068e71633f1e
IBM S/390:: http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_s390.deb
Size/MD5 checksum: 1007740 9aa83ad28b7b41d0c4121f0084a0650e; http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_s390.deb
Size/MD5 checksum: 143518 4f99aa499f2d4d620a4f21709d2035f7
Sun Sparc:: http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_sparc.deb
Size/MD5 checksum: 1002722 c869b8a61874428e206f01b5e67fbb1b; http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_sparc.deb
Size/MD5 checksum: 138310 13569b4111b772a4a2be29727dd21d2d

MD5-kontrollsummor för dessa filer finns i originalbulletinen.