Synopsis: Moderate: libexif security update
Issue Date: 2012-09-11
CVE Numbers: CVE-2012-2813
CVE-2012-2814
CVE-2012-2836
CVE-2012-2837
CVE-2012-2840
CVE-2012-2841
CVE-2012-2812
—
The libexif packages provide an Exchangeable image file format (Exif)
library. Exif allows metadata to be added to and read from certain types
of image files.
Multiple flaws were found in the way libexif processed Exif tags. An
attacker could create a specially-crafted image file that, when opened in
an application linked against libexif, could cause the application to
crash or, potentially, execute arbitrary code with the privileges of the
user running the application. (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814,
CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841)
Users of libexif are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. All running
applications linked against libexif must be restarted for the update to
take effect.
—
SL5
x86_64
libexif-0.6.21-1.el5_8.i386.rpm
libexif-0.6.21-1.el5_8.x86_64.rpm
libexif-devel-0.6.21-1.el5_8.i386.rpm
libexif-devel-0.6.21-1.el5_8.x86_64.rpm
i386
libexif-0.6.21-1.el5_8.i386.rpm
libexif-devel-0.6.21-1.el5_8.i386.rpm
SL6
x86_64
libexif-0.6.21-5.el6_3.i686.rpm
libexif-0.6.21-5.el6_3.x86_64.rpm
libexif-devel-0.6.21-5.el6_3.i686.rpm
libexif-devel-0.6.21-5.el6_3.x86_64.rpm
i386
libexif-0.6.21-5.el6_3.i686.rpm
libexif-devel-0.6.21-5.el6_3.i686.rpm
– Scientific Linux Development Team
