发布:
2020-12-14
已更新:
2020-12-14

RHSA-2020:5393 - Security Advisory

概述

Important: libexif security update

类型/严重性

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

标题

An update for libexif is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

The libexif packages provide a library for extracting extra information from image files.

Security Fix(es):

  • libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64

修复

  • BZ - 1902004 - CVE-2020-0452 libexif: out of bounds write due to an integer overflow in exif-entry.c

Red Hat Enterprise Linux for x86_64 8

SRPM
libexif-0.6.22-5.el8_3.src.rpm SHA-256: b478d1e418ebce9e9b7672f269c1a52fc3496b62917c39b0b4a0cc5929f4ddeb
x86_64
libexif-0.6.22-5.el8_3.i686.rpm SHA-256: 0f3d70d418facb2f3476a18d8f0471a6067be9c774b7151de092a40ae769d136
libexif-0.6.22-5.el8_3.x86_64.rpm SHA-256: 07228f3140251207e1797fda4c9a0b55a8bf4d6df15a014122350de5ec946249
libexif-debuginfo-0.6.22-5.el8_3.i686.rpm SHA-256: 363d0d13abf75e14887cd6e9caa7b6b635b0a9f945a2bf15270716cbfb28be4a
libexif-debuginfo-0.6.22-5.el8_3.x86_64.rpm SHA-256: 837bc518417274004f57917bb9b0cad6fbecdd01b0908f8391baae077539bef9
libexif-debugsource-0.6.22-5.el8_3.i686.rpm SHA-256: 959873372e0b232f8d33a483846a9cfafdc11c1eddadb9ef8e0ac810f24892c7
libexif-debugsource-0.6.22-5.el8_3.x86_64.rpm SHA-256: 6350f33b9da627c8cd1f2253f668cde66a329c46d3a2ba7e21dd5c037fc28572

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
libexif-0.6.22-5.el8_3.src.rpm SHA-256: b478d1e418ebce9e9b7672f269c1a52fc3496b62917c39b0b4a0cc5929f4ddeb
x86_64
libexif-0.6.22-5.el8_3.i686.rpm SHA-256: 0f3d70d418facb2f3476a18d8f0471a6067be9c774b7151de092a40ae769d136
libexif-0.6.22-5.el8_3.x86_64.rpm SHA-256: 07228f3140251207e1797fda4c9a0b55a8bf4d6df15a014122350de5ec946249
libexif-debuginfo-0.6.22-5.el8_3.i686.rpm SHA-256: 363d0d13abf75e14887cd6e9caa7b6b635b0a9f945a2bf15270716cbfb28be4a
libexif-debuginfo-0.6.22-5.el8_3.x86_64.rpm SHA-256: 837bc518417274004f57917bb9b0cad6fbecdd01b0908f8391baae077539bef9
libexif-debugsource-0.6.22-5.el8_3.i686.rpm SHA-256: 959873372e0b232f8d33a483846a9cfafdc11c1eddadb9ef8e0ac810f24892c7
libexif-debugsource-0.6.22-5.el8_3.x86_64.rpm SHA-256: 6350f33b9da627c8cd1f2253f668cde66a329c46d3a2ba7e21dd5c037fc28572

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
libexif-0.6.22-5.el8_3.src.rpm SHA-256: b478d1e418ebce9e9b7672f269c1a52fc3496b62917c39b0b4a0cc5929f4ddeb
x86_64
libexif-0.6.22-5.el8_3.i686.rpm SHA-256: 0f3d70d418facb2f3476a18d8f0471a6067be9c774b7151de092a40ae769d136
libexif-0.6.22-5.el8_3.x86_64.rpm SHA-256: 07228f3140251207e1797fda4c9a0b55a8bf4d6df15a014122350de5ec946249
libexif-debuginfo-0.6.22-5.el8_3.i686.rpm SHA-256: 363d0d13abf75e14887cd6e9caa7b6b635b0a9f945a2bf15270716cbfb28be4a
libexif-debuginfo-0.6.22-5.el8_3.x86_64.rpm SHA-256: 837bc518417274004f57917bb9b0cad6fbecdd01b0908f8391baae077539bef9
libexif-debugsource-0.6.22-5.el8_3.i686.rpm SHA-256: 959873372e0b232f8d33a483846a9cfafdc11c1eddadb9ef8e0ac810f24892c7
libexif-debugsource-0.6.22-5.el8_3.x86_64.rpm SHA-256: 6350f33b9da627c8cd1f2253f668cde66a329c46d3a2ba7e21dd5c037fc28572

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
libexif-0.6.22-5.el8_3.src.rpm SHA-256: b478d1e418ebce9e9b7672f269c1a52fc3496b62917c39b0b4a0cc5929f4ddeb
s390x
libexif-0.6.22-5.el8_3.s390x.rpm SHA-256: 053d7baf1aec65c30c7c93d2718958901a21fbfa192ae26d805629f73d6e726f
libexif-debuginfo-0.6.22-5.el8_3.s390x.rpm SHA-256: 6d1617c090433c62774ea10e639a8153f3a355bad85a1d97f576b55ccb215e60
libexif-debugsource-0.6.22-5.el8_3.s390x.rpm SHA-256: ccd8339810514d73bf55614e1cd939753da64a70a65e1238b01cd687d7ebe6a0

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM
libexif-0.6.22-5.el8_3.src.rpm SHA-256: b478d1e418ebce9e9b7672f269c1a52fc3496b62917c39b0b4a0cc5929f4ddeb
s390x
libexif-0.6.22-5.el8_3.s390x.rpm SHA-256: 053d7baf1aec65c30c7c93d2718958901a21fbfa192ae26d805629f73d6e726f
libexif-debuginfo-0.6.22-5.el8_3.s390x.rpm SHA-256: 6d1617c090433c62774ea10e639a8153f3a355bad85a1d97f576b55ccb215e60
libexif-debugsource-0.6.22-5.el8_3.s390x.rpm SHA-256: ccd8339810514d73bf55614e1cd939753da64a70a65e1238b01cd687d7ebe6a0

Red Hat Enterprise Linux for Power, little endian 8

SRPM
libexif-0.6.22-5.el8_3.src.rpm SHA-256: b478d1e418ebce9e9b7672f269c1a52fc3496b62917c39b0b4a0cc5929f4ddeb
ppc64le
libexif-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 33682a84a674817a6e5ac6f0e4a94598cc94cc0f65571a18e4a453ddd3923665
libexif-debuginfo-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 1f9690a7da9efafe95c981fcbe09d9a3ecef5fc12ad9c3356d774d478d05efe7
libexif-debugsource-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 50259c55b021300fb09184d75136032034037b64ad7f56206431ea2d446b49f5

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
libexif-0.6.22-5.el8_3.src.rpm SHA-256: b478d1e418ebce9e9b7672f269c1a52fc3496b62917c39b0b4a0cc5929f4ddeb
ppc64le
libexif-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 33682a84a674817a6e5ac6f0e4a94598cc94cc0f65571a18e4a453ddd3923665
libexif-debuginfo-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 1f9690a7da9efafe95c981fcbe09d9a3ecef5fc12ad9c3356d774d478d05efe7
libexif-debugsource-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 50259c55b021300fb09184d75136032034037b64ad7f56206431ea2d446b49f5

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
libexif-0.6.22-5.el8_3.src.rpm SHA-256: b478d1e418ebce9e9b7672f269c1a52fc3496b62917c39b0b4a0cc5929f4ddeb
x86_64
libexif-0.6.22-5.el8_3.i686.rpm SHA-256: 0f3d70d418facb2f3476a18d8f0471a6067be9c774b7151de092a40ae769d136
libexif-0.6.22-5.el8_3.x86_64.rpm SHA-256: 07228f3140251207e1797fda4c9a0b55a8bf4d6df15a014122350de5ec946249
libexif-debuginfo-0.6.22-5.el8_3.i686.rpm SHA-256: 363d0d13abf75e14887cd6e9caa7b6b635b0a9f945a2bf15270716cbfb28be4a
libexif-debuginfo-0.6.22-5.el8_3.x86_64.rpm SHA-256: 837bc518417274004f57917bb9b0cad6fbecdd01b0908f8391baae077539bef9
libexif-debugsource-0.6.22-5.el8_3.i686.rpm SHA-256: 959873372e0b232f8d33a483846a9cfafdc11c1eddadb9ef8e0ac810f24892c7
libexif-debugsource-0.6.22-5.el8_3.x86_64.rpm SHA-256: 6350f33b9da627c8cd1f2253f668cde66a329c46d3a2ba7e21dd5c037fc28572

Red Hat Enterprise Linux for ARM 64 8

SRPM
libexif-0.6.22-5.el8_3.src.rpm SHA-256: b478d1e418ebce9e9b7672f269c1a52fc3496b62917c39b0b4a0cc5929f4ddeb
aarch64
libexif-0.6.22-5.el8_3.aarch64.rpm SHA-256: 032e6d2e413357b1d1f2e45b380fb3aa693267be0ec3973fd830246370725fb6
libexif-debuginfo-0.6.22-5.el8_3.aarch64.rpm SHA-256: cf8297912d0f8971544d9baeea480e2d761cf7f40d4cccb3f6c59d36627be9ec
libexif-debugsource-0.6.22-5.el8_3.aarch64.rpm SHA-256: 262f7635ad43cbd7eb16ba97ecaf692103ad3c646eb9eb3f10fe07e0f96c7bcc

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4

SRPM
libexif-0.6.22-5.el8_3.src.rpm SHA-256: b478d1e418ebce9e9b7672f269c1a52fc3496b62917c39b0b4a0cc5929f4ddeb
x86_64
libexif-0.6.22-5.el8_3.i686.rpm SHA-256: 0f3d70d418facb2f3476a18d8f0471a6067be9c774b7151de092a40ae769d136
libexif-0.6.22-5.el8_3.x86_64.rpm SHA-256: 07228f3140251207e1797fda4c9a0b55a8bf4d6df15a014122350de5ec946249
libexif-debuginfo-0.6.22-5.el8_3.i686.rpm SHA-256: 363d0d13abf75e14887cd6e9caa7b6b635b0a9f945a2bf15270716cbfb28be4a
libexif-debuginfo-0.6.22-5.el8_3.x86_64.rpm SHA-256: 837bc518417274004f57917bb9b0cad6fbecdd01b0908f8391baae077539bef9
libexif-debugsource-0.6.22-5.el8_3.i686.rpm SHA-256: 959873372e0b232f8d33a483846a9cfafdc11c1eddadb9ef8e0ac810f24892c7
libexif-debugsource-0.6.22-5.el8_3.x86_64.rpm SHA-256: 6350f33b9da627c8cd1f2253f668cde66a329c46d3a2ba7e21dd5c037fc28572

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
libexif-debuginfo-0.6.22-5.el8_3.i686.rpm SHA-256: 363d0d13abf75e14887cd6e9caa7b6b635b0a9f945a2bf15270716cbfb28be4a
libexif-debuginfo-0.6.22-5.el8_3.x86_64.rpm SHA-256: 837bc518417274004f57917bb9b0cad6fbecdd01b0908f8391baae077539bef9
libexif-debugsource-0.6.22-5.el8_3.i686.rpm SHA-256: 959873372e0b232f8d33a483846a9cfafdc11c1eddadb9ef8e0ac810f24892c7
libexif-debugsource-0.6.22-5.el8_3.x86_64.rpm SHA-256: 6350f33b9da627c8cd1f2253f668cde66a329c46d3a2ba7e21dd5c037fc28572
libexif-devel-0.6.22-5.el8_3.i686.rpm SHA-256: 29373717f53a0f94f35d260dfccd177da762955846ca513b71f53fe58414b062
libexif-devel-0.6.22-5.el8_3.x86_64.rpm SHA-256: d700326e3993e202d420241eca3c7fd8b2dab567dae7615a3ce47f5bc483f2eb

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
libexif-debuginfo-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 1f9690a7da9efafe95c981fcbe09d9a3ecef5fc12ad9c3356d774d478d05efe7
libexif-debugsource-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 50259c55b021300fb09184d75136032034037b64ad7f56206431ea2d446b49f5
libexif-devel-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 7b7f34eb49c9a9a582f65f5bbd1ebc35480335505cf19e3862c87dd699c137d6

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
libexif-debuginfo-0.6.22-5.el8_3.aarch64.rpm SHA-256: cf8297912d0f8971544d9baeea480e2d761cf7f40d4cccb3f6c59d36627be9ec
libexif-debugsource-0.6.22-5.el8_3.aarch64.rpm SHA-256: 262f7635ad43cbd7eb16ba97ecaf692103ad3c646eb9eb3f10fe07e0f96c7bcc
libexif-devel-0.6.22-5.el8_3.aarch64.rpm SHA-256: bca610bf964cfa9aeb8b2af4f40684047ca2bb38c0a27131681a73c6926649d8

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
libexif-debuginfo-0.6.22-5.el8_3.s390x.rpm SHA-256: 6d1617c090433c62774ea10e639a8153f3a355bad85a1d97f576b55ccb215e60
libexif-debugsource-0.6.22-5.el8_3.s390x.rpm SHA-256: ccd8339810514d73bf55614e1cd939753da64a70a65e1238b01cd687d7ebe6a0
libexif-devel-0.6.22-5.el8_3.s390x.rpm SHA-256: d27c0e78727c934e37c4a893478ed31adf5512a102d5f650f17be11fc71a3c0d

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
libexif-0.6.22-5.el8_3.src.rpm SHA-256: b478d1e418ebce9e9b7672f269c1a52fc3496b62917c39b0b4a0cc5929f4ddeb
aarch64
libexif-0.6.22-5.el8_3.aarch64.rpm SHA-256: 032e6d2e413357b1d1f2e45b380fb3aa693267be0ec3973fd830246370725fb6
libexif-debuginfo-0.6.22-5.el8_3.aarch64.rpm SHA-256: cf8297912d0f8971544d9baeea480e2d761cf7f40d4cccb3f6c59d36627be9ec
libexif-debugsource-0.6.22-5.el8_3.aarch64.rpm SHA-256: 262f7635ad43cbd7eb16ba97ecaf692103ad3c646eb9eb3f10fe07e0f96c7bcc

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4

SRPM
libexif-0.6.22-5.el8_3.src.rpm SHA-256: b478d1e418ebce9e9b7672f269c1a52fc3496b62917c39b0b4a0cc5929f4ddeb
ppc64le
libexif-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 33682a84a674817a6e5ac6f0e4a94598cc94cc0f65571a18e4a453ddd3923665
libexif-debuginfo-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 1f9690a7da9efafe95c981fcbe09d9a3ecef5fc12ad9c3356d774d478d05efe7
libexif-debugsource-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 50259c55b021300fb09184d75136032034037b64ad7f56206431ea2d446b49f5

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4

SRPM
x86_64
libexif-debuginfo-0.6.22-5.el8_3.i686.rpm SHA-256: 363d0d13abf75e14887cd6e9caa7b6b635b0a9f945a2bf15270716cbfb28be4a
libexif-debuginfo-0.6.22-5.el8_3.x86_64.rpm SHA-256: 837bc518417274004f57917bb9b0cad6fbecdd01b0908f8391baae077539bef9
libexif-debugsource-0.6.22-5.el8_3.i686.rpm SHA-256: 959873372e0b232f8d33a483846a9cfafdc11c1eddadb9ef8e0ac810f24892c7
libexif-debugsource-0.6.22-5.el8_3.x86_64.rpm SHA-256: 6350f33b9da627c8cd1f2253f668cde66a329c46d3a2ba7e21dd5c037fc28572
libexif-devel-0.6.22-5.el8_3.i686.rpm SHA-256: 29373717f53a0f94f35d260dfccd177da762955846ca513b71f53fe58414b062
libexif-devel-0.6.22-5.el8_3.x86_64.rpm SHA-256: d700326e3993e202d420241eca3c7fd8b2dab567dae7615a3ce47f5bc483f2eb

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4

SRPM
ppc64le
libexif-debuginfo-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 1f9690a7da9efafe95c981fcbe09d9a3ecef5fc12ad9c3356d774d478d05efe7
libexif-debugsource-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 50259c55b021300fb09184d75136032034037b64ad7f56206431ea2d446b49f5
libexif-devel-0.6.22-5.el8_3.ppc64le.rpm SHA-256: 7b7f34eb49c9a9a582f65f5bbd1ebc35480335505cf19e3862c87dd699c137d6

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.4

SRPM
s390x
libexif-debuginfo-0.6.22-5.el8_3.s390x.rpm SHA-256: 6d1617c090433c62774ea10e639a8153f3a355bad85a1d97f576b55ccb215e60
libexif-debugsource-0.6.22-5.el8_3.s390x.rpm SHA-256: ccd8339810514d73bf55614e1cd939753da64a70a65e1238b01cd687d7ebe6a0
libexif-devel-0.6.22-5.el8_3.s390x.rpm SHA-256: d27c0e78727c934e37c4a893478ed31adf5512a102d5f650f17be11fc71a3c0d

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4

SRPM
aarch64
libexif-debuginfo-0.6.22-5.el8_3.aarch64.rpm SHA-256: cf8297912d0f8971544d9baeea480e2d761cf7f40d4cccb3f6c59d36627be9ec
libexif-debugsource-0.6.22-5.el8_3.aarch64.rpm SHA-256: 262f7635ad43cbd7eb16ba97ecaf692103ad3c646eb9eb3f10fe07e0f96c7bcc
libexif-devel-0.6.22-5.el8_3.aarch64.rpm SHA-256: bca610bf964cfa9aeb8b2af4f40684047ca2bb38c0a27131681a73c6926649d8

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/