Test ID:	1.3.6.1.4.1.25623.1.0.60236
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:005 (libexif)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libexif announced via advisory MDVSA-2008:005. An infinite recursion flaw was found in the way that libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash (CVE-2007-6351). An integer overflow flaw was also found in how libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash or execute arbitrary code with the privileges of the user executing the application (CVE-2007-6352). The updated packages have been patched to correct these issues. Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:005 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6351 BugTraq ID: 26976 http://www.securityfocus.com/bid/26976 Bugtraq: 20080105 rPSA-2008-0006-1 libexif (Google Search) http://www.securityfocus.com/archive/1/485822/100/0/threaded Debian Security Information: DSA-1487 (Google Search) http://www.debian.org/security/2008/dsa-1487 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00597.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00626.html http://security.gentoo.org/glsa/glsa-200712-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:005 https://bugzilla.redhat.com/show_bug.cgi?id=425551 http://osvdb.org/42652 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9420 http://www.redhat.com/support/errata/RHSA-2007-1165.html http://www.securitytracker.com/id?1019124 http://secunia.com/advisories/28076 http://secunia.com/advisories/28127 http://secunia.com/advisories/28195 http://secunia.com/advisories/28266 http://secunia.com/advisories/28346 http://secunia.com/advisories/28400 http://secunia.com/advisories/28636 http://secunia.com/advisories/28776 http://secunia.com/advisories/32274 SuSE Security Announcement: SUSE-SR:2008:002 (Google Search) http://www.novell.com/linux/security/advisories/suse_security_summary_report.html http://www.ubuntu.com/usn/usn-654-1 http://www.vupen.com/english/advisories/2007/4278 XForce ISS Database: libexif-exifloaderwrit-dos(39166) https://exchange.xforce.ibmcloud.com/vulnerabilities/39166 Common Vulnerability Exposure (CVE) ID: CVE-2007-6352 BugTraq ID: 26942 http://www.securityfocus.com/bid/26942 http://osvdb.org/42653 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11029 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4814 http://www.redhat.com/support/errata/RHSA-2007-1166.html http://secunia.com/advisories/29381 http://sunsolve.sun.com/search/document.do?assetkey=1-26-234701-1 http://www.vupen.com/english/advisories/2008/0947/references XForce ISS Database: libexif-exifdataloaddatathumbnail-bo(39167) https://exchange.xforce.ibmcloud.com/vulnerabilities/39167
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.