Test ID:	1.3.6.1.4.1.25623.1.0.58304
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200706-01 (libexif)
Summary:	The remote host is missing updates announced in;advisory GLSA 200706-01.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200706-01. Vulnerability Insight: libexif fails to handle Exif (EXchangeable Image File) data inputs, making it vulnerable to an integer overflow. Solution: All libexif users should upgrade to the latest version. Please note that users upgrading from ' < =media-libs/libexif-0.6.13' should also run revdep-rebuild after their upgrade. # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/libexif-0.6.15' # revdep-rebuild --library=/usr/lib/libexif.so CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2645 BugTraq ID: 23927 http://www.securityfocus.com/bid/23927 Bugtraq: 20070604 FLEA-2007-0024-1: libexif (Google Search) http://www.securityfocus.com/archive/1/470502/100/100/threaded Debian Security Information: DSA-1487 (Google Search) http://www.debian.org/security/2008/dsa-1487 http://security.gentoo.org/glsa/glsa-200706-01.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:118 http://sourceforge.net/tracker/index.php?func=detail&aid=1716196&group_id=12272&atid=112272 http://osvdb.org/35978 http://secunia.com/advisories/25235 http://secunia.com/advisories/25540 http://secunia.com/advisories/25569 http://secunia.com/advisories/25599 http://secunia.com/advisories/25621 http://secunia.com/advisories/25932 http://secunia.com/advisories/26083 http://secunia.com/advisories/28776 SuSE Security Announcement: SUSE-SA:2007:039 (Google Search) http://www.novell.com/linux/security/advisories/2007_39_libexif.html SuSE Security Announcement: SUSE-SR:2007:014 (Google Search) http://www.novell.com/linux/security/advisories/2007_14_sr.html http://www.ubuntu.com/usn/usn-471-1 http://www.vupen.com/english/advisories/2007/1761 XForce ISS Database: libexif-exifdataloaddata-integer-overflow(34233) https://exchange.xforce.ibmcloud.com/vulnerabilities/34233
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.