Issued:: 2021-08-19
Updated:: 2021-08-19

RHSA-2021:3231 - Security Advisory

Overview
Updated Packages

Synopsis

Important: exiv2 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for exiv2 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats.

Security Fix(es):

exiv2: Heap-based buffer overflow vulnerability in jp2image.cpp (CVE-2021-31291)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.2 s390x
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2 aarch64

Fixes

BZ - 1990327 - CVE-2021-31291 exiv2: Heap-based buffer overflow vulnerability in jp2image.cpp

CVEs

CVE-2021-31291

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2

SRPM
exiv2-0.27.2-6.el8_2.src.rpm	SHA-256: b8aab067dacae8497aff1b7c4764934db20c6a8492146b59081bf7910813d31e
x86_64
exiv2-0.27.2-6.el8_2.x86_64.rpm	SHA-256: c3de574de55030a430a5881a8883ec3d483e75779aad074e7e9202eefe7f6c30
exiv2-debuginfo-0.27.2-6.el8_2.i686.rpm	SHA-256: 73f59c14e16f959cfacba248dccd65b7e6ec705da4983dfd76afbb803bdcf076
exiv2-debuginfo-0.27.2-6.el8_2.x86_64.rpm	SHA-256: eb0dfbdd07a75aad0ace3c40040d3bab6332d4c1efce3b5e6f29a34de936bc74
exiv2-debugsource-0.27.2-6.el8_2.i686.rpm	SHA-256: 36506c7872a6c46b0f2708350ef80533b28d4168d25883160116e12f69b1e613
exiv2-debugsource-0.27.2-6.el8_2.x86_64.rpm	SHA-256: aaca6e53b3823e17dc9af27b554ae1d2fff74fb99e39107c3c57a3b20e7c6c4c
exiv2-libs-0.27.2-6.el8_2.i686.rpm	SHA-256: 7fdced785526d687905b120ea54a16fb812090d8fe70187a52d10721528e0752
exiv2-libs-0.27.2-6.el8_2.x86_64.rpm	SHA-256: f5a64166729656a820a72279586b2e559734dde1e18d472e6712875d01c84c09
exiv2-libs-debuginfo-0.27.2-6.el8_2.i686.rpm	SHA-256: bf0ce577343070a1b7ba2ca931a9211d1070c3555809a9b0e7e4291474cefe1a
exiv2-libs-debuginfo-0.27.2-6.el8_2.x86_64.rpm	SHA-256: 2d8fd4b19efa8308969410d6b73d2beeeb338da25346ca32cc2b756caf6f6840

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
exiv2-0.27.2-6.el8_2.src.rpm	SHA-256: b8aab067dacae8497aff1b7c4764934db20c6a8492146b59081bf7910813d31e
x86_64
exiv2-0.27.2-6.el8_2.x86_64.rpm	SHA-256: c3de574de55030a430a5881a8883ec3d483e75779aad074e7e9202eefe7f6c30
exiv2-debuginfo-0.27.2-6.el8_2.i686.rpm	SHA-256: 73f59c14e16f959cfacba248dccd65b7e6ec705da4983dfd76afbb803bdcf076
exiv2-debuginfo-0.27.2-6.el8_2.x86_64.rpm	SHA-256: eb0dfbdd07a75aad0ace3c40040d3bab6332d4c1efce3b5e6f29a34de936bc74
exiv2-debugsource-0.27.2-6.el8_2.i686.rpm	SHA-256: 36506c7872a6c46b0f2708350ef80533b28d4168d25883160116e12f69b1e613
exiv2-debugsource-0.27.2-6.el8_2.x86_64.rpm	SHA-256: aaca6e53b3823e17dc9af27b554ae1d2fff74fb99e39107c3c57a3b20e7c6c4c
exiv2-libs-0.27.2-6.el8_2.i686.rpm	SHA-256: 7fdced785526d687905b120ea54a16fb812090d8fe70187a52d10721528e0752
exiv2-libs-0.27.2-6.el8_2.x86_64.rpm	SHA-256: f5a64166729656a820a72279586b2e559734dde1e18d472e6712875d01c84c09
exiv2-libs-debuginfo-0.27.2-6.el8_2.i686.rpm	SHA-256: bf0ce577343070a1b7ba2ca931a9211d1070c3555809a9b0e7e4291474cefe1a
exiv2-libs-debuginfo-0.27.2-6.el8_2.x86_64.rpm	SHA-256: 2d8fd4b19efa8308969410d6b73d2beeeb338da25346ca32cc2b756caf6f6840

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2

SRPM
exiv2-0.27.2-6.el8_2.src.rpm	SHA-256: b8aab067dacae8497aff1b7c4764934db20c6a8492146b59081bf7910813d31e
ppc64le
exiv2-0.27.2-6.el8_2.ppc64le.rpm	SHA-256: 8f263364c32c0ce04c444e3f2cb0088fd19343f48393ab92f60a82f3572f088f
exiv2-debuginfo-0.27.2-6.el8_2.ppc64le.rpm	SHA-256: 610f0c74b01060ada280e8163a11d0eaf10bd37ab88e21a8a578840fc0e4f3cf
exiv2-debugsource-0.27.2-6.el8_2.ppc64le.rpm	SHA-256: 840840bc034fc681bda1de254108612c35409b917f1f1765c06adfaeb73c1639
exiv2-libs-0.27.2-6.el8_2.ppc64le.rpm	SHA-256: b96d60d09fd3b02a42cfdbcfe76516921c6840f767c94b9245dd9dde7ee0a16c
exiv2-libs-debuginfo-0.27.2-6.el8_2.ppc64le.rpm	SHA-256: 5237b4cb64d828c8b1622b43258a88c667a0e8f27e37e2bf2a2c87a3491178fe

Red Hat Enterprise Linux Server - TUS 8.2

SRPM
exiv2-0.27.2-6.el8_2.src.rpm	SHA-256: b8aab067dacae8497aff1b7c4764934db20c6a8492146b59081bf7910813d31e
x86_64
exiv2-0.27.2-6.el8_2.x86_64.rpm	SHA-256: c3de574de55030a430a5881a8883ec3d483e75779aad074e7e9202eefe7f6c30
exiv2-debuginfo-0.27.2-6.el8_2.i686.rpm	SHA-256: 73f59c14e16f959cfacba248dccd65b7e6ec705da4983dfd76afbb803bdcf076
exiv2-debuginfo-0.27.2-6.el8_2.x86_64.rpm	SHA-256: eb0dfbdd07a75aad0ace3c40040d3bab6332d4c1efce3b5e6f29a34de936bc74
exiv2-debugsource-0.27.2-6.el8_2.i686.rpm	SHA-256: 36506c7872a6c46b0f2708350ef80533b28d4168d25883160116e12f69b1e613
exiv2-debugsource-0.27.2-6.el8_2.x86_64.rpm	SHA-256: aaca6e53b3823e17dc9af27b554ae1d2fff74fb99e39107c3c57a3b20e7c6c4c
exiv2-libs-0.27.2-6.el8_2.i686.rpm	SHA-256: 7fdced785526d687905b120ea54a16fb812090d8fe70187a52d10721528e0752
exiv2-libs-0.27.2-6.el8_2.x86_64.rpm	SHA-256: f5a64166729656a820a72279586b2e559734dde1e18d472e6712875d01c84c09
exiv2-libs-debuginfo-0.27.2-6.el8_2.i686.rpm	SHA-256: bf0ce577343070a1b7ba2ca931a9211d1070c3555809a9b0e7e4291474cefe1a
exiv2-libs-debuginfo-0.27.2-6.el8_2.x86_64.rpm	SHA-256: 2d8fd4b19efa8308969410d6b73d2beeeb338da25346ca32cc2b756caf6f6840

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2

SRPM
exiv2-0.27.2-6.el8_2.src.rpm	SHA-256: b8aab067dacae8497aff1b7c4764934db20c6a8492146b59081bf7910813d31e
aarch64
exiv2-0.27.2-6.el8_2.aarch64.rpm	SHA-256: 2ad09cb64274cae3e6fe13602182ddbc2afb1b9216ca54d7d1f1da948cec7567
exiv2-debuginfo-0.27.2-6.el8_2.aarch64.rpm	SHA-256: b57e4264de97c4ad9ad00a5e7a18030508ebdb24180a0db6bfb1108fde41c3ee
exiv2-debugsource-0.27.2-6.el8_2.aarch64.rpm	SHA-256: c7a1cd0d54b32394ab375e0e9dbbb2681f327f22fcedb5b792b58ac643e230bd
exiv2-libs-0.27.2-6.el8_2.aarch64.rpm	SHA-256: 9a2ee4be38959d0838526be383ccb2eb9340425a070a8b497f2720e57a7ba23a
exiv2-libs-debuginfo-0.27.2-6.el8_2.aarch64.rpm	SHA-256: d638a5dd324bcd56ca971ac1c51471670874c64b9f0910e0206959eb8ad29765

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM
exiv2-0.27.2-6.el8_2.src.rpm	SHA-256: b8aab067dacae8497aff1b7c4764934db20c6a8492146b59081bf7910813d31e
ppc64le
exiv2-0.27.2-6.el8_2.ppc64le.rpm	SHA-256: 8f263364c32c0ce04c444e3f2cb0088fd19343f48393ab92f60a82f3572f088f
exiv2-debuginfo-0.27.2-6.el8_2.ppc64le.rpm	SHA-256: 610f0c74b01060ada280e8163a11d0eaf10bd37ab88e21a8a578840fc0e4f3cf
exiv2-debugsource-0.27.2-6.el8_2.ppc64le.rpm	SHA-256: 840840bc034fc681bda1de254108612c35409b917f1f1765c06adfaeb73c1639
exiv2-libs-0.27.2-6.el8_2.ppc64le.rpm	SHA-256: b96d60d09fd3b02a42cfdbcfe76516921c6840f767c94b9245dd9dde7ee0a16c
exiv2-libs-debuginfo-0.27.2-6.el8_2.ppc64le.rpm	SHA-256: 5237b4cb64d828c8b1622b43258a88c667a0e8f27e37e2bf2a2c87a3491178fe

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM
exiv2-0.27.2-6.el8_2.src.rpm	SHA-256: b8aab067dacae8497aff1b7c4764934db20c6a8492146b59081bf7910813d31e
x86_64
exiv2-0.27.2-6.el8_2.x86_64.rpm	SHA-256: c3de574de55030a430a5881a8883ec3d483e75779aad074e7e9202eefe7f6c30
exiv2-debuginfo-0.27.2-6.el8_2.i686.rpm	SHA-256: 73f59c14e16f959cfacba248dccd65b7e6ec705da4983dfd76afbb803bdcf076
exiv2-debuginfo-0.27.2-6.el8_2.x86_64.rpm	SHA-256: eb0dfbdd07a75aad0ace3c40040d3bab6332d4c1efce3b5e6f29a34de936bc74
exiv2-debugsource-0.27.2-6.el8_2.i686.rpm	SHA-256: 36506c7872a6c46b0f2708350ef80533b28d4168d25883160116e12f69b1e613
exiv2-debugsource-0.27.2-6.el8_2.x86_64.rpm	SHA-256: aaca6e53b3823e17dc9af27b554ae1d2fff74fb99e39107c3c57a3b20e7c6c4c
exiv2-libs-0.27.2-6.el8_2.i686.rpm	SHA-256: 7fdced785526d687905b120ea54a16fb812090d8fe70187a52d10721528e0752
exiv2-libs-0.27.2-6.el8_2.x86_64.rpm	SHA-256: f5a64166729656a820a72279586b2e559734dde1e18d472e6712875d01c84c09
exiv2-libs-debuginfo-0.27.2-6.el8_2.i686.rpm	SHA-256: bf0ce577343070a1b7ba2ca931a9211d1070c3555809a9b0e7e4291474cefe1a
exiv2-libs-debuginfo-0.27.2-6.el8_2.x86_64.rpm	SHA-256: 2d8fd4b19efa8308969410d6b73d2beeeb338da25346ca32cc2b756caf6f6840

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2

SRPM
x86_64
exiv2-debuginfo-0.27.2-6.el8_2.i686.rpm	SHA-256: 73f59c14e16f959cfacba248dccd65b7e6ec705da4983dfd76afbb803bdcf076
exiv2-debuginfo-0.27.2-6.el8_2.x86_64.rpm	SHA-256: eb0dfbdd07a75aad0ace3c40040d3bab6332d4c1efce3b5e6f29a34de936bc74
exiv2-debugsource-0.27.2-6.el8_2.i686.rpm	SHA-256: 36506c7872a6c46b0f2708350ef80533b28d4168d25883160116e12f69b1e613
exiv2-debugsource-0.27.2-6.el8_2.x86_64.rpm	SHA-256: aaca6e53b3823e17dc9af27b554ae1d2fff74fb99e39107c3c57a3b20e7c6c4c
exiv2-devel-0.27.2-6.el8_2.i686.rpm	SHA-256: 3634269e2f2815ee7101ac80e8009bd61c832b5f31ef02e8be5ddd8fbf46b6f7
exiv2-devel-0.27.2-6.el8_2.x86_64.rpm	SHA-256: 384f6f8baf643a504a5209bcf92aaf444a7c716bcb5606e47c442bd281ef40c5
exiv2-doc-0.27.2-6.el8_2.noarch.rpm	SHA-256: 904f1bc8962af0350cd5d538c42a30471a54cbb382b8447f47826112fbefe9e0
exiv2-libs-debuginfo-0.27.2-6.el8_2.i686.rpm	SHA-256: bf0ce577343070a1b7ba2ca931a9211d1070c3555809a9b0e7e4291474cefe1a
exiv2-libs-debuginfo-0.27.2-6.el8_2.x86_64.rpm	SHA-256: 2d8fd4b19efa8308969410d6b73d2beeeb338da25346ca32cc2b756caf6f6840

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2

SRPM
ppc64le
exiv2-debuginfo-0.27.2-6.el8_2.ppc64le.rpm	SHA-256: 610f0c74b01060ada280e8163a11d0eaf10bd37ab88e21a8a578840fc0e4f3cf
exiv2-debugsource-0.27.2-6.el8_2.ppc64le.rpm	SHA-256: 840840bc034fc681bda1de254108612c35409b917f1f1765c06adfaeb73c1639
exiv2-devel-0.27.2-6.el8_2.ppc64le.rpm	SHA-256: be92ca5d5bfcfa76a59fff0629146e433ecf6154eeb55aa52646473b88181e41
exiv2-doc-0.27.2-6.el8_2.noarch.rpm	SHA-256: 904f1bc8962af0350cd5d538c42a30471a54cbb382b8447f47826112fbefe9e0
exiv2-libs-debuginfo-0.27.2-6.el8_2.ppc64le.rpm	SHA-256: 5237b4cb64d828c8b1622b43258a88c667a0e8f27e37e2bf2a2c87a3491178fe

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.2

SRPM
s390x
exiv2-0.27.2-6.el8_2.s390x.rpm	SHA-256: 17891f760ab24b693f6c7f448d426bea9539f54d364c7342003c18a5198ad6d2
exiv2-debuginfo-0.27.2-6.el8_2.s390x.rpm	SHA-256: 1d172981f22b67ec976b5eb5c4525fb334d14f2cf0004a4d57bd47b4b47003ab
exiv2-debugsource-0.27.2-6.el8_2.s390x.rpm	SHA-256: 821ca113318d43fa3177fa38395424efc26efbc57a329561e110fd631ec3e9ab
exiv2-devel-0.27.2-6.el8_2.s390x.rpm	SHA-256: 5e0ad4dec2d28beefc50c6a4689abfdb0f964396f012a60cca80ad7108546a3c
exiv2-doc-0.27.2-6.el8_2.noarch.rpm	SHA-256: 904f1bc8962af0350cd5d538c42a30471a54cbb382b8447f47826112fbefe9e0
exiv2-libs-0.27.2-6.el8_2.s390x.rpm	SHA-256: cb291a48e09529d1558d1895c044c8f58b5d622d5790da4c5cbc49e0c9edbaa8
exiv2-libs-debuginfo-0.27.2-6.el8_2.s390x.rpm	SHA-256: 0e0e318a7a277a74995188d0965918da23cfbe2f2638370d13b61d2c27c52982

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2

SRPM
aarch64
exiv2-debuginfo-0.27.2-6.el8_2.aarch64.rpm	SHA-256: b57e4264de97c4ad9ad00a5e7a18030508ebdb24180a0db6bfb1108fde41c3ee
exiv2-debugsource-0.27.2-6.el8_2.aarch64.rpm	SHA-256: c7a1cd0d54b32394ab375e0e9dbbb2681f327f22fcedb5b792b58ac643e230bd
exiv2-devel-0.27.2-6.el8_2.aarch64.rpm	SHA-256: d0954980f4bb3abb252b291293f2aad3449f9fd89453d4e38488d1406efbcfde
exiv2-doc-0.27.2-6.el8_2.noarch.rpm	SHA-256: 904f1bc8962af0350cd5d538c42a30471a54cbb382b8447f47826112fbefe9e0
exiv2-libs-debuginfo-0.27.2-6.el8_2.aarch64.rpm	SHA-256: d638a5dd324bcd56ca971ac1c51471670874c64b9f0910e0206959eb8ad29765

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation