Synopsis:          Moderate: libexif security update
Issue Date:        2012-09-11
CVE Numbers:       CVE-2012-2813
                    CVE-2012-2814
                    CVE-2012-2836
                    CVE-2012-2837
                    CVE-2012-2840
                    CVE-2012-2841
                    CVE-2012-2812

The libexif packages provide an Exchangeable image file format (Exif)
library. Exif allows metadata to be added to and read from certain types
of image files.

Multiple flaws were found in the way libexif processed Exif tags. An
attacker could create a specially-crafted image file that, when opened in
an application linked against libexif, could cause the application to
crash or, potentially, execute arbitrary code with the privileges of the
user running the application. (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814,
CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841)

Users of libexif are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. All running
applications linked against libexif must be restarted for the update to
take effect.

SL5
   x86_64
     libexif-0.6.21-1.el5_8.i386.rpm
     libexif-0.6.21-1.el5_8.x86_64.rpm
     libexif-devel-0.6.21-1.el5_8.i386.rpm
     libexif-devel-0.6.21-1.el5_8.x86_64.rpm
   i386
     libexif-0.6.21-1.el5_8.i386.rpm
     libexif-devel-0.6.21-1.el5_8.i386.rpm
SL6
   x86_64
     libexif-0.6.21-5.el6_3.i686.rpm
     libexif-0.6.21-5.el6_3.x86_64.rpm
     libexif-devel-0.6.21-5.el6_3.i686.rpm
     libexif-devel-0.6.21-5.el6_3.x86_64.rpm
   i386
     libexif-0.6.21-5.el6_3.i686.rpm
     libexif-devel-0.6.21-5.el6_3.i686.rpm

- Scientific Linux Development Team