Fedora has issued an advisory today (December 28): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JIGG5FKK6ZHUBJDSP7RIETVHWRZBTPRO/ Patched packages uploaded for Mageia 5, Mageia 6, and Cauldron. Advisory: ======================== Updated libexif packages fix security vulnerability: A vulnerability was found in libexif. The vulnerability is caused by an integer overflow. In some cases, the integer overflow can cause Heap Out-of-Bounds Read, i.e. Heap Buffer Overflow vulnerability. In some other cases, the integer overflow can cause use of uninitialized pointer variable, i.e. Use of Uninitialized Variable Vulnerability. The vulnerability happens when parsing MNOTE entry data of the input file. The vulnerability can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications’ private data) (CVE-2016-6328). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JIGG5FKK6ZHUBJDSP7RIETVHWRZBTPRO/ ======================== Updated packages in core/updates_testing: ======================== libexif12-common-0.6.21-8.1.mga5 libexif12-0.6.21-8.1.mga5 libexif-devel-0.6.21-8.1.mga5 libexif12-common-0.6.21-9.1.mga6 libexif12-0.6.21-9.1.mga6 libexif-devel-0.6.21-9.1.mga6 from SRPMS: libexif-0.6.21-8.1.mga5.src.rpm libexif-0.6.21-9.1.mga6.src.rpm
Whiteboard: (none) => MGA5TOO
MGA5-32 on Dell Latitude D600 Xfce No installation issues # urpmq --whatrequires libexif12 lists a.o. exif, so $ exif P1151653.JPG EXIF-labels in 'P1151653.JPG' ('Intel' byte-volgorde): --------------------+---------------------------------------------------------- Label |waarde --------------------+---------------------------------------------------------- Beschrijving van afb|OLYMPUS DIGITAL CAMERA Fabrikant |OLYMPUS IMAGING CORP. Model |E-500 Oriëntatie |Linksboven x-resolutie |72 x-resolutie |72 Resolutieeenheid |Inch Programmatuur |GIMP 2.6.7 Datum en tijd |2011:01:17 17:24:26 YCbCr-positionering |naast elkaar PRINT-afbeeldingsver|528 bytes onbekende gegevens Compressie |JPEG-compressie x-resolutie |72 x-resolutie |72 Resolutieeenheid |Inch Belichtingstijd |1/100 sec. F-getal |f/3,5 Belichtingsprogramma|Sluitertijd heeft prioriteit ISO-snelheidsgetal |200 Exif-versie |Exif-versie 2.21 Datum en tijdstip (o|2011:01:15 20:55:44 Datum en tijdstip (v|2011:01:15 20:55:44 Configuratie van com|Y Cb Cr - Belichtingscompensat|0,00 EV Maximale diafragmawa|3,61 EV (f/3,5) Meetwijze |Punt Lichtbron |Onbekend Flits |Geflitst, altijd-flitsen-modus. Brandpuntsafstand |40,0 mm Fabrikantennotitie |2310 bytes onbekende gegevens Gebruikerscommentaar| FlashPixVersion |FlashPix versie 1.0 Kleurruimte |sRGB X-afmeting pixel |2448 Y-afmeting pixel |3264 Bestandsbron |DSC Handmatig gerenderd |Normaal proces Belichtingsmodus |Automatische belichting Witbalans |Handmatige witbalans Digitale zoomverhoud|1,00 Opnametype van scène|Standaard Versterkingsregeling|Lage versterking Contrast |Normaal Verzadiging |Hoge verzadiging Scherpte |Normaal Interoperabiliteitsi|R98 Interoperabiliteitsv|0100 --------------------+---------------------------------------------------------- EXIF-gegevens bevatten een miniatuur (5106 bytes). Looks OK for me.
Whiteboard: MGA5TOO => MGA5TOO MGA5-32-OKCC: (none) => herman.viaene
CC: (none) => davidwhodginsKeywords: (none) => advisory
wget http://www.exiv2.org/include/img_1771.jpg exif displays the info ok.
Keywords: (none) => validated_updateWhiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0051.html
Status: NEW => RESOLVEDResolution: (none) => FIXED