Red Hat Product Errata RHSA-2020:5394 - Security Advisory
Issued:
2020-12-14
Updated:
2020-12-14

RHSA-2020:5394 - Security Advisory

Synopsis

Important: libexif security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libexif is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libexif packages provide a library for extracting extra information from image files.

Security Fix(es):

  • libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.2 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2 aarch64

Fixes

  • BZ - 1902004 - CVE-2020-0452 libexif: out of bounds write due to an integer overflow in exif-entry.c

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2

SRPM
libexif-0.6.21-18.el8_2.src.rpm SHA-256: e14457dd707a284e62d40378315db8e4f957431b28ab88de6751b09efadd9769
x86_64
libexif-0.6.21-18.el8_2.i686.rpm SHA-256: b9c56a0cedb64546060126116d2ceff957d55124b26516281e122f1132b63344
libexif-0.6.21-18.el8_2.x86_64.rpm SHA-256: 14a8a26781a05485ba69784fd696c6bf429232bb4f87e5fa7c439043f297920e
libexif-debuginfo-0.6.21-18.el8_2.i686.rpm SHA-256: 026044c11b48968da9adbfa8a4bff0f63b4bad4f8b7d0cd797ea73d95a1c776f
libexif-debuginfo-0.6.21-18.el8_2.x86_64.rpm SHA-256: 9dca7961da68debf1b6cc47cbb37e694388d23a6e475a6f574b78a3297369535
libexif-debugsource-0.6.21-18.el8_2.i686.rpm SHA-256: c7e85a38eae1c5376faa4be01c52a86c525f9ca96e4e901d666997be53e8eaf0
libexif-debugsource-0.6.21-18.el8_2.x86_64.rpm SHA-256: e75fa71edbb9d952a7d17639e73be7493c53cfc966150e2392aa196dd8b429e8

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
libexif-0.6.21-18.el8_2.src.rpm SHA-256: e14457dd707a284e62d40378315db8e4f957431b28ab88de6751b09efadd9769
x86_64
libexif-0.6.21-18.el8_2.i686.rpm SHA-256: b9c56a0cedb64546060126116d2ceff957d55124b26516281e122f1132b63344
libexif-0.6.21-18.el8_2.x86_64.rpm SHA-256: 14a8a26781a05485ba69784fd696c6bf429232bb4f87e5fa7c439043f297920e
libexif-debuginfo-0.6.21-18.el8_2.i686.rpm SHA-256: 026044c11b48968da9adbfa8a4bff0f63b4bad4f8b7d0cd797ea73d95a1c776f
libexif-debuginfo-0.6.21-18.el8_2.x86_64.rpm SHA-256: 9dca7961da68debf1b6cc47cbb37e694388d23a6e475a6f574b78a3297369535
libexif-debugsource-0.6.21-18.el8_2.i686.rpm SHA-256: c7e85a38eae1c5376faa4be01c52a86c525f9ca96e4e901d666997be53e8eaf0
libexif-debugsource-0.6.21-18.el8_2.x86_64.rpm SHA-256: e75fa71edbb9d952a7d17639e73be7493c53cfc966150e2392aa196dd8b429e8

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2

SRPM
libexif-0.6.21-18.el8_2.src.rpm SHA-256: e14457dd707a284e62d40378315db8e4f957431b28ab88de6751b09efadd9769
s390x
libexif-0.6.21-18.el8_2.s390x.rpm SHA-256: d89a3ceeff8dd43fd70824619f3f7e69cd59ba9f56d6084e2bfc0ad749fa7bfb
libexif-debuginfo-0.6.21-18.el8_2.s390x.rpm SHA-256: 8226ad40a22fe7af32bb6e4b2de99074a4a36b8f9b0da5f1ad0ddbaa1ef90b58
libexif-debugsource-0.6.21-18.el8_2.s390x.rpm SHA-256: 804fed5ffebc02435c50281b4dc451055c7692aedd1cdf5107bd91ab6209c4ba

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2

SRPM
libexif-0.6.21-18.el8_2.src.rpm SHA-256: e14457dd707a284e62d40378315db8e4f957431b28ab88de6751b09efadd9769
ppc64le
libexif-0.6.21-18.el8_2.ppc64le.rpm SHA-256: 35aa59991c4d659e65ab3691d8fc26d9c6e017dc372bdcde7907f4cd19e0b81e
libexif-debuginfo-0.6.21-18.el8_2.ppc64le.rpm SHA-256: b0f050f0a9d22c75a10ef1b245a8fa29018e862f0e46934cfdb390f34296f7b4
libexif-debugsource-0.6.21-18.el8_2.ppc64le.rpm SHA-256: 40c3d6c3200a68bdc3faa982e5fcfb458d66c6e09bd856ecfc0376f222b09a1d

Red Hat Enterprise Linux Server - TUS 8.2

SRPM
libexif-0.6.21-18.el8_2.src.rpm SHA-256: e14457dd707a284e62d40378315db8e4f957431b28ab88de6751b09efadd9769
x86_64
libexif-0.6.21-18.el8_2.i686.rpm SHA-256: b9c56a0cedb64546060126116d2ceff957d55124b26516281e122f1132b63344
libexif-0.6.21-18.el8_2.x86_64.rpm SHA-256: 14a8a26781a05485ba69784fd696c6bf429232bb4f87e5fa7c439043f297920e
libexif-debuginfo-0.6.21-18.el8_2.i686.rpm SHA-256: 026044c11b48968da9adbfa8a4bff0f63b4bad4f8b7d0cd797ea73d95a1c776f
libexif-debuginfo-0.6.21-18.el8_2.x86_64.rpm SHA-256: 9dca7961da68debf1b6cc47cbb37e694388d23a6e475a6f574b78a3297369535
libexif-debugsource-0.6.21-18.el8_2.i686.rpm SHA-256: c7e85a38eae1c5376faa4be01c52a86c525f9ca96e4e901d666997be53e8eaf0
libexif-debugsource-0.6.21-18.el8_2.x86_64.rpm SHA-256: e75fa71edbb9d952a7d17639e73be7493c53cfc966150e2392aa196dd8b429e8

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2

SRPM
libexif-0.6.21-18.el8_2.src.rpm SHA-256: e14457dd707a284e62d40378315db8e4f957431b28ab88de6751b09efadd9769
aarch64
libexif-0.6.21-18.el8_2.aarch64.rpm SHA-256: 938b9efdb33da603d4628884b1fff952a2141536f1d6f0822caa869af9a5e8a4
libexif-debuginfo-0.6.21-18.el8_2.aarch64.rpm SHA-256: 42bbc0a886910eb4378f2c2525674b99a4e0bc9a84ba6e05f1194f293fc38818
libexif-debugsource-0.6.21-18.el8_2.aarch64.rpm SHA-256: a796ee53c5eec8d066a22b92cd85308d615619c5c45deb88a6e625c898e9ec3d

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM
libexif-0.6.21-18.el8_2.src.rpm SHA-256: e14457dd707a284e62d40378315db8e4f957431b28ab88de6751b09efadd9769
ppc64le
libexif-0.6.21-18.el8_2.ppc64le.rpm SHA-256: 35aa59991c4d659e65ab3691d8fc26d9c6e017dc372bdcde7907f4cd19e0b81e
libexif-debuginfo-0.6.21-18.el8_2.ppc64le.rpm SHA-256: b0f050f0a9d22c75a10ef1b245a8fa29018e862f0e46934cfdb390f34296f7b4
libexif-debugsource-0.6.21-18.el8_2.ppc64le.rpm SHA-256: 40c3d6c3200a68bdc3faa982e5fcfb458d66c6e09bd856ecfc0376f222b09a1d

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM
libexif-0.6.21-18.el8_2.src.rpm SHA-256: e14457dd707a284e62d40378315db8e4f957431b28ab88de6751b09efadd9769
x86_64
libexif-0.6.21-18.el8_2.i686.rpm SHA-256: b9c56a0cedb64546060126116d2ceff957d55124b26516281e122f1132b63344
libexif-0.6.21-18.el8_2.x86_64.rpm SHA-256: 14a8a26781a05485ba69784fd696c6bf429232bb4f87e5fa7c439043f297920e
libexif-debuginfo-0.6.21-18.el8_2.i686.rpm SHA-256: 026044c11b48968da9adbfa8a4bff0f63b4bad4f8b7d0cd797ea73d95a1c776f
libexif-debuginfo-0.6.21-18.el8_2.x86_64.rpm SHA-256: 9dca7961da68debf1b6cc47cbb37e694388d23a6e475a6f574b78a3297369535
libexif-debugsource-0.6.21-18.el8_2.i686.rpm SHA-256: c7e85a38eae1c5376faa4be01c52a86c525f9ca96e4e901d666997be53e8eaf0
libexif-debugsource-0.6.21-18.el8_2.x86_64.rpm SHA-256: e75fa71edbb9d952a7d17639e73be7493c53cfc966150e2392aa196dd8b429e8

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2

SRPM
x86_64
libexif-debuginfo-0.6.21-18.el8_2.i686.rpm SHA-256: 026044c11b48968da9adbfa8a4bff0f63b4bad4f8b7d0cd797ea73d95a1c776f
libexif-debuginfo-0.6.21-18.el8_2.x86_64.rpm SHA-256: 9dca7961da68debf1b6cc47cbb37e694388d23a6e475a6f574b78a3297369535
libexif-debugsource-0.6.21-18.el8_2.i686.rpm SHA-256: c7e85a38eae1c5376faa4be01c52a86c525f9ca96e4e901d666997be53e8eaf0
libexif-debugsource-0.6.21-18.el8_2.x86_64.rpm SHA-256: e75fa71edbb9d952a7d17639e73be7493c53cfc966150e2392aa196dd8b429e8
libexif-devel-0.6.21-18.el8_2.i686.rpm SHA-256: 266830c8ae37a74e384411f9e535c76f06b9cd6870da4083721c48300c70adad
libexif-devel-0.6.21-18.el8_2.x86_64.rpm SHA-256: 355c26d06a3373e99d12318cd6f6df7112c1db0d71d6ca80172512c8fe6fd951

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2

SRPM
ppc64le
libexif-debuginfo-0.6.21-18.el8_2.ppc64le.rpm SHA-256: b0f050f0a9d22c75a10ef1b245a8fa29018e862f0e46934cfdb390f34296f7b4
libexif-debugsource-0.6.21-18.el8_2.ppc64le.rpm SHA-256: 40c3d6c3200a68bdc3faa982e5fcfb458d66c6e09bd856ecfc0376f222b09a1d
libexif-devel-0.6.21-18.el8_2.ppc64le.rpm SHA-256: 773bac1cad3cd197461ae8093815ec507cadcfb1e410fa2748157fae6c1189a4

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.2

SRPM
s390x
libexif-debuginfo-0.6.21-18.el8_2.s390x.rpm SHA-256: 8226ad40a22fe7af32bb6e4b2de99074a4a36b8f9b0da5f1ad0ddbaa1ef90b58
libexif-debugsource-0.6.21-18.el8_2.s390x.rpm SHA-256: 804fed5ffebc02435c50281b4dc451055c7692aedd1cdf5107bd91ab6209c4ba
libexif-devel-0.6.21-18.el8_2.s390x.rpm SHA-256: 78c68c1305ab168bb25dc0b9dd11a8c0579bfbd494ef28fc8a1b076ca8a771ad

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2

SRPM
aarch64
libexif-debuginfo-0.6.21-18.el8_2.aarch64.rpm SHA-256: 42bbc0a886910eb4378f2c2525674b99a4e0bc9a84ba6e05f1194f293fc38818
libexif-debugsource-0.6.21-18.el8_2.aarch64.rpm SHA-256: a796ee53c5eec8d066a22b92cd85308d615619c5c45deb88a6e625c898e9ec3d
libexif-devel-0.6.21-18.el8_2.aarch64.rpm SHA-256: b789127c6434f766284a4cfb4afcccc316efe4f21f4ca9e68eff65e8169a8337

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.