Date: Mon, 25 Apr 2005 22:13:38 -0400
From: Peachtree Linux Security Team <security@peachtree.burdell.org.>
To: peachlnx-security@lists.sourceforge.net,
Subject: [PLSN-0006] new libexif package available
Message-ID: <20050426021338.GB8840@kevlar.burdell.org.>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="CdrF4e02JqNVZeln"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-Virus-Scanned: antivirus-gw at tyumen.ru
--CdrF4e02JqNVZeln
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
---------------------------------------------------------------------------
Peachtree Linux Security Notice PLSN-0006
April 22, 2005
Remote DoS vulnerability in libexif
CAN-2005-0664
---------------------------------------------------------------------------
The following Peachtree Linux releases are affected:
Peachtree Linux release 1 ("Atlanta")
Description:
CAN-2005-0664: Buffer overflow in the EXIF library (libexif) does not
properly validate the structure of the EXIF tags, which allows remote
attackers to cause a denial of service (application crash) and possibly
execute arbitrary code via an image with a crafted EXIF tag.
Packages:
alpha
8cdf8dde707c24d1817eb99f5c81b783 libexif-0.6.11.alpha.dist
i386
767c6442a6e76ba424b2295c422bea3c libexif-0.6.11.i686.dist
ppc
e5e7a516f9fc5be261c00beae0577517 libexif-0.6.11.ppc.dist
Solution:
Download the appropriate package for your release of Peachtree linux.
Upgrade your system to the new package:
distadd -u packagename
Where package name is the name of the package file from the list above.
--=20
Peachtree Linux Security Team
http://peachtree.burdell.org/
--CdrF4e02JqNVZeln
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCbaPSnchtWYh7oqQRAqH1AJ9/Jh6bhfjaq3Z1qXdbgaHE1kgesgCaA6d9
nggwO3eNOIL3HgquFA1iR0Q=
=g80g
-----END PGP SIGNATURE-----
--CdrF4e02JqNVZeln--
