Test ID:	1.3.6.1.4.1.25623.1.0.59550
Category:	Fedora Local Security Checks
Title:	Fedora Core 6 FEDORA-2007-548 (libexif)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libexif announced via advisory FEDORA-2007-548. Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags. Update Information: This update to the latest upstream release fixes a number of bugs, among them a possible integer overflow in the exif_data_load_data_entry function (CVE-2007-2645), which allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data. * Wed May 30 2007 Matthias Clasen - 0.6.15-1 - Update to 0.6.15 - Drop obsolete patch * Thu May 24 2007 Matthias Clasen - 0.6.13-4 - Add patch for CVE-2007-2645. * Sun Feb 4 2007 Matthias Clasen - 0.6.13-3 - Package review cleanups - Avoid multilib conflicts by using pregenerated docs Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-548 Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2645 BugTraq ID: 23927 http://www.securityfocus.com/bid/23927 Bugtraq: 20070604 FLEA-2007-0024-1: libexif (Google Search) http://www.securityfocus.com/archive/1/470502/100/100/threaded Debian Security Information: DSA-1487 (Google Search) http://www.debian.org/security/2008/dsa-1487 http://security.gentoo.org/glsa/glsa-200706-01.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:118 http://sourceforge.net/tracker/index.php?func=detail&aid=1716196&group_id=12272&atid=112272 http://osvdb.org/35978 http://secunia.com/advisories/25235 http://secunia.com/advisories/25540 http://secunia.com/advisories/25569 http://secunia.com/advisories/25599 http://secunia.com/advisories/25621 http://secunia.com/advisories/25932 http://secunia.com/advisories/26083 http://secunia.com/advisories/28776 SuSE Security Announcement: SUSE-SA:2007:039 (Google Search) http://www.novell.com/linux/security/advisories/2007_39_libexif.html SuSE Security Announcement: SUSE-SR:2007:014 (Google Search) http://www.novell.com/linux/security/advisories/2007_14_sr.html http://www.ubuntu.com/usn/usn-471-1 http://www.vupen.com/english/advisories/2007/1761 XForce ISS Database: libexif-exifdataloaddata-integer-overflow(34233) https://exchange.xforce.ibmcloud.com/vulnerabilities/34233
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.