Issued:: 2020-12-14
Updated:: 2020-12-14

RHSA-2020:5396 - Security Advisory

Overview
Updated Packages

Synopsis

Important: libexif security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libexif is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libexif packages provide a library for extracting extra information from image files.

Security Fix(es):

libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0 x86_64

Fixes

BZ - 1902004 - CVE-2020-0452 libexif: out of bounds write due to an integer overflow in exif-entry.c

CVEs

CVE-2020-0452

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0

SRPM
libexif-0.6.21-18.el8_0.src.rpm	SHA-256: 17de6cf903bd857d2012b029b4206034cfb79c09168820d8e7fd22c49976318d
ppc64le
libexif-0.6.21-18.el8_0.ppc64le.rpm	SHA-256: 6ae01c4ddd01357a836fab11275c64c88b2dc09f11ba72300c4ef530fc962f92
libexif-debuginfo-0.6.21-18.el8_0.ppc64le.rpm	SHA-256: 1482646d4653ab2c53614888461be314663855c3c036f6965be16d335a8592e2
libexif-debugsource-0.6.21-18.el8_0.ppc64le.rpm	SHA-256: c4eedfd88d03f2bd59cbb26cfc4aa4719d6648d24bf970065ad42f5860ca5d62

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0

SRPM
libexif-0.6.21-18.el8_0.src.rpm	SHA-256: 17de6cf903bd857d2012b029b4206034cfb79c09168820d8e7fd22c49976318d
x86_64
libexif-0.6.21-18.el8_0.i686.rpm	SHA-256: 999dedbdc3bbf4dfbbc4cdb940bf1a93d30bd2d9ce06ce83a573c818da7c1d41
libexif-0.6.21-18.el8_0.x86_64.rpm	SHA-256: a762da77a642087ddb42d34eee1c33ff974b373ff9702ad65689d175c4f5fa89
libexif-debuginfo-0.6.21-18.el8_0.i686.rpm	SHA-256: 509d3187fac5f78cdccff2d4f67f4c8aaf1d8ba4cde51b871b3bbe52f85de748
libexif-debuginfo-0.6.21-18.el8_0.x86_64.rpm	SHA-256: 65123d1c24252b72c953cd0906aa955a204f2631aaf3be16d98b265962999759
libexif-debugsource-0.6.21-18.el8_0.i686.rpm	SHA-256: a43f0f0d50de7322655bf843e585161204b3c534e211165417421a19e4ddc13b
libexif-debugsource-0.6.21-18.el8_0.x86_64.rpm	SHA-256: 559792b93be5247a634b6c27d4f8ecf77a9c3ecc10f85962f84bba3c2f06aee6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation