Test ID:	1.3.6.1.4.1.25623.1.0.60028
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:1165
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:1165. The libexif packages contain the Exif library. Exif is an image file format specification that enables metadata tags to be added to existing JPEG, TIFF and RIFF files. The Exif library makes it possible to parse an Exif file and read this metadata. An infinite recursion flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to crash. (CVE-2007-6351) An integer overflow flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to execute arbitrary code, or crash. (CVE-2007-6352) Users of libexif are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-1165.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6351 BugTraq ID: 26976 http://www.securityfocus.com/bid/26976 Bugtraq: 20080105 rPSA-2008-0006-1 libexif (Google Search) http://www.securityfocus.com/archive/1/485822/100/0/threaded Debian Security Information: DSA-1487 (Google Search) http://www.debian.org/security/2008/dsa-1487 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00597.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00626.html http://security.gentoo.org/glsa/glsa-200712-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:005 https://bugzilla.redhat.com/show_bug.cgi?id=425551 http://osvdb.org/42652 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9420 http://www.redhat.com/support/errata/RHSA-2007-1165.html http://www.securitytracker.com/id?1019124 http://secunia.com/advisories/28076 http://secunia.com/advisories/28127 http://secunia.com/advisories/28195 http://secunia.com/advisories/28266 http://secunia.com/advisories/28346 http://secunia.com/advisories/28400 http://secunia.com/advisories/28636 http://secunia.com/advisories/28776 http://secunia.com/advisories/32274 SuSE Security Announcement: SUSE-SR:2008:002 (Google Search) http://www.novell.com/linux/security/advisories/suse_security_summary_report.html http://www.ubuntu.com/usn/usn-654-1 http://www.vupen.com/english/advisories/2007/4278 XForce ISS Database: libexif-exifloaderwrit-dos(39166) https://exchange.xforce.ibmcloud.com/vulnerabilities/39166 Common Vulnerability Exposure (CVE) ID: CVE-2007-6352 BugTraq ID: 26942 http://www.securityfocus.com/bid/26942 http://osvdb.org/42653 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11029 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4814 http://www.redhat.com/support/errata/RHSA-2007-1166.html http://secunia.com/advisories/29381 http://sunsolve.sun.com/search/document.do?assetkey=1-26-234701-1 http://www.vupen.com/english/advisories/2008/0947/references XForce ISS Database: libexif-exifdataloaddatathumbnail-bo(39167) https://exchange.xforce.ibmcloud.com/vulnerabilities/39167
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.