Test ID:	1.3.6.1.4.1.25623.1.0.58553
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2007-164-01)
Summary:	The remote host is missing an update for the 'libexif' package(s) announced via the SSA:2007-164-01 advisory.
Description:	Summary: The remote host is missing an update for the 'libexif' package(s) announced via the SSA:2007-164-01 advisory. Vulnerability Insight: New libexif packages are available for Slackware 10.2, 11.0, and -current to fix a crash and potential security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 11.0 ChangeLog: +--------------------------+ l/libexif-0.6.16-i486-1_slack11.0.tgz: Upgraded to libexif-0.6.16. An integer overflow in libexif can crash applications that use the library on malformed images. The upstream advisory indicates that this flaw could also be used to execute arbitrary code in the context of the user, but no exploit is known (by us) to exist among iDefense's researchers or in the wild. But, as a crash bug and heap overflow one must suppose that the possibility exists. [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'libexif' package(s) on Slackware 10.2, Slackware 11.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4168
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.