Red Hat Security Advisory: libexif security update Security Advisory secalert@redhat.com Red Hat Security Response Team RHSA-2012:1255 Final 1 1 2012-09-11T18:07:00Z Current version 2012-09-11T18:07:00Z 2012-09-11T18:07:00Z Red Hat rhsa-to-cvrf 1.0.1484 2012-09-11T18:15:02Z Updated libexif packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libexif packages provide an Exchangeable image file format (Exif) library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841) Red Hat would like to thank Dan Fandrich for reporting these issues. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter of CVE-2012-2812, CVE-2012-2813, and CVE-2012-2814; and Yunho Kim as the original reporter of CVE-2012-2836 and CVE-2012-2837. Users of libexif are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libexif must be restarted for the update to take effect. Please see https://www.redhat.com/footer/terms-of-use.html Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate https://rhn.redhat.com/errata/RHSA-2012-1255.html https://rhn.redhat.com/errata/RHSA-2012-1255.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/updates/classification/#moderate Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux HPC Node Optional (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Workstation (v. 6) Red Hat Enterprise Linux Desktop Optional (v. 6) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 6) RHEL Desktop Workstation (v. 5 client) libexif-0.6.21-1.el5_8.src.rpm libexif-0.6.21-5.el6_3.src.rpm libexif-0.6.21-1.el5_8 as a component of Red Hat Enterprise Linux Desktop (v. 5 client) libexif-0.6.21-5.el6_3 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6) libexif-0.6.21-5.el6_3 as a component of Red Hat Enterprise Linux Server (v. 6) libexif-0.6.21-5.el6_3 as a component of Red Hat Enterprise Linux Workstation (v. 6) libexif-0.6.21-5.el6_3 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6) libexif-0.6.21-1.el5_8 as a component of Red Hat Enterprise Linux (v. 5 server) libexif-0.6.21-5.el6_3 as a component of Red Hat Enterprise Linux Desktop (v. 6) libexif-0.6.21-1.el5_8 as a component of RHEL Desktop Workstation (v. 5 client) Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. 2012-07-09T00:00:00Z 2012-07-12T00:00:00Z CVE-2012-2812 5Client-5.8.Z:libexif-0.6.21-1.el5_8 5Client-Workstation-5.8.Z:libexif-0.6.21-1.el5_8 5Server-5.8.Z:libexif-0.6.21-1.el5_8 6Client-6.3.z:libexif-0.6.21-5.el6_3 6Client-optional-6.3.z:libexif-0.6.21-5.el6_3 6ComputeNode-optional-6.3.z:libexif-0.6.21-5.el6_3 6Server-6.3.z:libexif-0.6.21-5.el6_3 6Workstation-6.3.z:libexif-0.6.21-5.el6_3 Low 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1255.html https://www.redhat.com/security/data/cve/CVE-2012-2812.html CVE-2012-2812 https://bugzilla.redhat.com/show_bug.cgi?id=839203 bz#839203: CVE-2012-2812 libexif: "exif_entry_get_value()" heap-based out-of-bounds array read Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. 2012-07-09T00:00:00Z 2012-07-12T00:00:00Z CVE-2012-2813 5Client-5.8.Z:libexif-0.6.21-1.el5_8 5Client-Workstation-5.8.Z:libexif-0.6.21-1.el5_8 5Server-5.8.Z:libexif-0.6.21-1.el5_8 6Client-6.3.z:libexif-0.6.21-5.el6_3 6Client-optional-6.3.z:libexif-0.6.21-5.el6_3 6ComputeNode-optional-6.3.z:libexif-0.6.21-5.el6_3 6Server-6.3.z:libexif-0.6.21-5.el6_3 6Workstation-6.3.z:libexif-0.6.21-5.el6_3 Low 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1255.html https://www.redhat.com/security/data/cve/CVE-2012-2813.html CVE-2012-2813 https://bugzilla.redhat.com/show_bug.cgi?id=839182 bz#839182: CVE-2012-2813 libexif: "exif_convert_utf16_to_utf8()" heap-based out-of-bounds array read Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. 2012-07-09T00:00:00Z 2012-07-12T00:00:00Z CVE-2012-2814 5Client-5.8.Z:libexif-0.6.21-1.el5_8 5Client-Workstation-5.8.Z:libexif-0.6.21-1.el5_8 5Server-5.8.Z:libexif-0.6.21-1.el5_8 6Client-6.3.z:libexif-0.6.21-5.el6_3 6Client-optional-6.3.z:libexif-0.6.21-5.el6_3 6ComputeNode-optional-6.3.z:libexif-0.6.21-5.el6_3 6Server-6.3.z:libexif-0.6.21-5.el6_3 6Workstation-6.3.z:libexif-0.6.21-5.el6_3 Moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1255.html https://www.redhat.com/security/data/cve/CVE-2012-2814.html CVE-2012-2814 https://bugzilla.redhat.com/show_bug.cgi?id=839183 bz#839183: CVE-2012-2814 libexif: "exif_entry_format_value()" buffer overflow Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. 2012-07-09T00:00:00Z 2012-07-12T00:00:00Z CVE-2012-2836 5Client-5.8.Z:libexif-0.6.21-1.el5_8 5Client-Workstation-5.8.Z:libexif-0.6.21-1.el5_8 5Server-5.8.Z:libexif-0.6.21-1.el5_8 6Client-6.3.z:libexif-0.6.21-5.el6_3 6Client-optional-6.3.z:libexif-0.6.21-5.el6_3 6ComputeNode-optional-6.3.z:libexif-0.6.21-5.el6_3 6Server-6.3.z:libexif-0.6.21-5.el6_3 6Workstation-6.3.z:libexif-0.6.21-5.el6_3 Low 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1255.html https://www.redhat.com/security/data/cve/CVE-2012-2836.html CVE-2012-2836 https://bugzilla.redhat.com/show_bug.cgi?id=839184 bz#839184: CVE-2012-2836 libexif: "exif_data_load_data()" heap-based out-of-bounds array read Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Yunho Kim as the original reporter. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. 2012-07-09T00:00:00Z 2012-07-12T00:00:00Z CVE-2012-2837 5Client-5.8.Z:libexif-0.6.21-1.el5_8 5Client-Workstation-5.8.Z:libexif-0.6.21-1.el5_8 5Server-5.8.Z:libexif-0.6.21-1.el5_8 6Client-6.3.z:libexif-0.6.21-5.el6_3 6Client-optional-6.3.z:libexif-0.6.21-5.el6_3 6ComputeNode-optional-6.3.z:libexif-0.6.21-5.el6_3 6Server-6.3.z:libexif-0.6.21-5.el6_3 6Workstation-6.3.z:libexif-0.6.21-5.el6_3 Low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1255.html https://www.redhat.com/security/data/cve/CVE-2012-2837.html CVE-2012-2837 https://bugzilla.redhat.com/show_bug.cgi?id=839185 bz#839185: CVE-2012-2837 libexif: "mnote_olympus_entry_get_value()" division by zero Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Yunho Kim as the original reporter. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. 2012-07-09T00:00:00Z 2012-07-12T00:00:00Z CVE-2012-2840 5Client-5.8.Z:libexif-0.6.21-1.el5_8 5Client-Workstation-5.8.Z:libexif-0.6.21-1.el5_8 5Server-5.8.Z:libexif-0.6.21-1.el5_8 6Client-6.3.z:libexif-0.6.21-5.el6_3 6Client-optional-6.3.z:libexif-0.6.21-5.el6_3 6ComputeNode-optional-6.3.z:libexif-0.6.21-5.el6_3 6Server-6.3.z:libexif-0.6.21-5.el6_3 6Workstation-6.3.z:libexif-0.6.21-5.el6_3 Moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1255.html https://www.redhat.com/security/data/cve/CVE-2012-2840.html CVE-2012-2840 https://bugzilla.redhat.com/show_bug.cgi?id=839188 bz#839188: CVE-2012-2840 libexif: "exif_convert_utf16_to_utf8()" off-by-one Red Hat would like to thank Dan Fandrich for reporting this issue. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. 2012-07-09T00:00:00Z 2012-07-12T00:00:00Z CVE-2012-2841 5Client-5.8.Z:libexif-0.6.21-1.el5_8 5Client-Workstation-5.8.Z:libexif-0.6.21-1.el5_8 5Server-5.8.Z:libexif-0.6.21-1.el5_8 6Client-6.3.z:libexif-0.6.21-5.el6_3 6Client-optional-6.3.z:libexif-0.6.21-5.el6_3 6ComputeNode-optional-6.3.z:libexif-0.6.21-5.el6_3 6Server-6.3.z:libexif-0.6.21-5.el6_3 6Workstation-6.3.z:libexif-0.6.21-5.el6_3 Moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1255.html https://www.redhat.com/security/data/cve/CVE-2012-2841.html CVE-2012-2841 https://bugzilla.redhat.com/show_bug.cgi?id=839189 bz#839189: CVE-2012-2841 libexif: "exif_entry_get_value()" integer underflow Red Hat would like to thank Dan Fandrich for reporting this issue.