Uočena su i ispravljena dva propusta vezana uz libexif. Zlonamjeran napadač ih može iskoristiti za pokretanje proizvoljnog programskog koda te napad uskraćivanjem usluga (DoS napad).

Oracle Solaris libexif Two Vulnerabilities
Secunia Advisory 	SA47623 	
Release Date 	2012-01-19
Criticality level 	Moderately criticalModerately critical
Impact 	DoS
System access
Where 	From remote
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Vendor Patch
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
Remediation status 	Secunia CSI, Secunia PSI
Automated scanning 	Secunia CSI, Secunia PSI
  	 
Operating System	
	Sun Solaris 10.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	CVE-2006-4168 CVSS available in Customer Area
CVE-2009-3895 CVSS available in Customer Area
	   	

Description

Oracle has acknowledged two vulnerabilities in libexif included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

For more information:
SA25642
SA37378

Solution
Apply patches.
Further details available in Customer Area
Original Advisory
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libexif

Other references
Further details available in Customer Area