Nortel response to Sun Alert 234701 - Security Vulnerability in Solaris 10 libexif
| Description: |
http://sunsolve.sun.com/search/document.do?assetkey=1-66-234701-1 Sun Microsystems has recently issued Sun Alert 234701 - A Security Vulnerability in Solaris 10 libexif May Allow Code Execution or a Denial of Service (DoS) Condition This potential vulnerability affects the Solaris 10 Operating System. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. This bulletin addresses the following potential vulnerability: A security vulnerability in the libexif image processing library shipped with Solaris 10 may allow a remote unprivileged user who provides an image with a crafted EXIF tag to execute arbitrary code with the privileges of a local user who opens that image. Furthermore, a remote user may be able to cause a Denial of Service (DoS) to an application that reads a crafted EXIF image using the libexif library. This issue may occur with applications linked against the libexif library including (but not limited to), the Eye of Gnome (eog(1)) application, which is distributed as part of the Java Desktop System. Additional information on this vulnerability is available at: CVE-2007-6352 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6352 Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories |
| Type: |
Security Advisories |
| Number: |
2008008821, Rev 1 |
| Status: |
Retired |
| Date: |
2008-11-19 |
