红帽产品勘误 RHSA-2026:20929 - Security Advisory
发布:
2026-05-26
已更新:
2026-05-26

RHSA-2026:20929 - Security Advisory

概述

Moderate: libexif security update

类型/严重性

Security Advisory: Moderate

Red Hat Insights 补丁分析

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for libexif is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

The libexif packages provide a library for extracting extra information from image files.

Security Fix(es):

  • libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling (CVE-2026-40385)
  • libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding (CVE-2026-40386)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x

修复

  • BZ - 2457687 - CVE-2026-40385 libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling
  • BZ - 2457689 - CVE-2026-40386 libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding

Red Hat Enterprise Linux for x86_64 8

SRPM
libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5
x86_64
libexif-0.6.22-6.el8_10.i686.rpm SHA-256: 3407041262865c1a224bf1914643cc08d30123428841ac02c86992720ed9524c
libexif-0.6.22-6.el8_10.x86_64.rpm SHA-256: 61462d100abb3495bf7804f2541b376298530e5d5c8e1e534686c2e6637e8365
libexif-debuginfo-0.6.22-6.el8_10.i686.rpm SHA-256: 4c40f6f8bf85f19e3f93d86b1c7deafb23aec6e41064fbc597cea1cc7bcab0e4
libexif-debuginfo-0.6.22-6.el8_10.x86_64.rpm SHA-256: 32aba06008c6ca4d8949f95e73a9a98abf59c05d5cfe2c209394be02f8287385
libexif-debugsource-0.6.22-6.el8_10.i686.rpm SHA-256: 5e4b2c2638b93a43c2548f001af32f769f0563b1c56b02bab3b38bba93e6e2a0
libexif-debugsource-0.6.22-6.el8_10.x86_64.rpm SHA-256: fc214ffcb33f8e978dfff6f8eb2d65dc503e272289f594cafc7ff263729aeb73

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5
s390x
libexif-0.6.22-6.el8_10.s390x.rpm SHA-256: 2dc570d14e5b293b15e20d3c2f70d3c75b809a61a6f1a6f3a3238b601c367ec9
libexif-debuginfo-0.6.22-6.el8_10.s390x.rpm SHA-256: 2b12bdcc600b6aa2ac5ed885c49f6e4c0fa7da9cdedc7a3d58668fff90f0d9c5
libexif-debugsource-0.6.22-6.el8_10.s390x.rpm SHA-256: c8d387ea4fa8a83d51be303217aa92bb69ae9df36f8f0858e96eb34393e812b6

Red Hat Enterprise Linux for Power, little endian 8

SRPM
libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5
ppc64le
libexif-0.6.22-6.el8_10.ppc64le.rpm SHA-256: 368313e8cdac4f09acc9216903051e0e2078ebbaaa84420dda6fd1b7a8823d5f
libexif-debuginfo-0.6.22-6.el8_10.ppc64le.rpm SHA-256: f29614e9f1e4fab7bf9113dbc29edfc02479979a3987f6ff3b46b88860ee83b8
libexif-debugsource-0.6.22-6.el8_10.ppc64le.rpm SHA-256: 7f0dd64537f5fbfd165fa08158d132fa4dd41972e20871aff6f6f8d4a51aef5a

Red Hat Enterprise Linux for ARM 64 8

SRPM
libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5
aarch64
libexif-0.6.22-6.el8_10.aarch64.rpm SHA-256: eb4f510c9b8f697809c33b2ab3dc5912ef7a0e4ffc9af87331b7ab789e06cc91
libexif-debuginfo-0.6.22-6.el8_10.aarch64.rpm SHA-256: 957cb269e9a4ad46d5ad16528fe55a7016458172c0bc54249ff9e42f2b216ea6
libexif-debugsource-0.6.22-6.el8_10.aarch64.rpm SHA-256: 792d16fa3c708118d7ab462f3198b0ff013fd603b288209b8cee485c68c66720

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
libexif-debuginfo-0.6.22-6.el8_10.i686.rpm SHA-256: 4c40f6f8bf85f19e3f93d86b1c7deafb23aec6e41064fbc597cea1cc7bcab0e4
libexif-debuginfo-0.6.22-6.el8_10.x86_64.rpm SHA-256: 32aba06008c6ca4d8949f95e73a9a98abf59c05d5cfe2c209394be02f8287385
libexif-debugsource-0.6.22-6.el8_10.i686.rpm SHA-256: 5e4b2c2638b93a43c2548f001af32f769f0563b1c56b02bab3b38bba93e6e2a0
libexif-debugsource-0.6.22-6.el8_10.x86_64.rpm SHA-256: fc214ffcb33f8e978dfff6f8eb2d65dc503e272289f594cafc7ff263729aeb73
libexif-devel-0.6.22-6.el8_10.i686.rpm SHA-256: b3f21e4445749f9df8abaa2c4b8d3813ebb0c9dd9b3cacd4c0e51a971637dd21
libexif-devel-0.6.22-6.el8_10.x86_64.rpm SHA-256: e87fd9fb8975d9a55928bf6ec6283046577e7961f76a41c63aac2390400127a1

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
libexif-debuginfo-0.6.22-6.el8_10.ppc64le.rpm SHA-256: f29614e9f1e4fab7bf9113dbc29edfc02479979a3987f6ff3b46b88860ee83b8
libexif-debugsource-0.6.22-6.el8_10.ppc64le.rpm SHA-256: 7f0dd64537f5fbfd165fa08158d132fa4dd41972e20871aff6f6f8d4a51aef5a
libexif-devel-0.6.22-6.el8_10.ppc64le.rpm SHA-256: dfaf2949269ece85d9281bd62c4055a7c3487a0e7bad56e68f2c34af74e008b4

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
libexif-debuginfo-0.6.22-6.el8_10.aarch64.rpm SHA-256: 957cb269e9a4ad46d5ad16528fe55a7016458172c0bc54249ff9e42f2b216ea6
libexif-debugsource-0.6.22-6.el8_10.aarch64.rpm SHA-256: 792d16fa3c708118d7ab462f3198b0ff013fd603b288209b8cee485c68c66720
libexif-devel-0.6.22-6.el8_10.aarch64.rpm SHA-256: 871c1af84ee86302344c013b4028b828d7f9352710425fd598a6c5b1fe2294c2

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
libexif-debuginfo-0.6.22-6.el8_10.s390x.rpm SHA-256: 2b12bdcc600b6aa2ac5ed885c49f6e4c0fa7da9cdedc7a3d58668fff90f0d9c5
libexif-debugsource-0.6.22-6.el8_10.s390x.rpm SHA-256: c8d387ea4fa8a83d51be303217aa92bb69ae9df36f8f0858e96eb34393e812b6
libexif-devel-0.6.22-6.el8_10.s390x.rpm SHA-256: e3a8ff57120d1ca700534e23399be059643285d56ae438c5bf7ea494cc736c15

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10

SRPM
libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5
x86_64
libexif-0.6.22-6.el8_10.i686.rpm SHA-256: 3407041262865c1a224bf1914643cc08d30123428841ac02c86992720ed9524c
libexif-0.6.22-6.el8_10.x86_64.rpm SHA-256: 61462d100abb3495bf7804f2541b376298530e5d5c8e1e534686c2e6637e8365
libexif-debuginfo-0.6.22-6.el8_10.i686.rpm SHA-256: 4c40f6f8bf85f19e3f93d86b1c7deafb23aec6e41064fbc597cea1cc7bcab0e4
libexif-debuginfo-0.6.22-6.el8_10.x86_64.rpm SHA-256: 32aba06008c6ca4d8949f95e73a9a98abf59c05d5cfe2c209394be02f8287385
libexif-debugsource-0.6.22-6.el8_10.i686.rpm SHA-256: 5e4b2c2638b93a43c2548f001af32f769f0563b1c56b02bab3b38bba93e6e2a0
libexif-debugsource-0.6.22-6.el8_10.x86_64.rpm SHA-256: fc214ffcb33f8e978dfff6f8eb2d65dc503e272289f594cafc7ff263729aeb73

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10

SRPM
libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5
aarch64
libexif-0.6.22-6.el8_10.aarch64.rpm SHA-256: eb4f510c9b8f697809c33b2ab3dc5912ef7a0e4ffc9af87331b7ab789e06cc91
libexif-debuginfo-0.6.22-6.el8_10.aarch64.rpm SHA-256: 957cb269e9a4ad46d5ad16528fe55a7016458172c0bc54249ff9e42f2b216ea6
libexif-debugsource-0.6.22-6.el8_10.aarch64.rpm SHA-256: 792d16fa3c708118d7ab462f3198b0ff013fd603b288209b8cee485c68c66720

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10

SRPM
libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5
ppc64le
libexif-0.6.22-6.el8_10.ppc64le.rpm SHA-256: 368313e8cdac4f09acc9216903051e0e2078ebbaaa84420dda6fd1b7a8823d5f
libexif-debuginfo-0.6.22-6.el8_10.ppc64le.rpm SHA-256: f29614e9f1e4fab7bf9113dbc29edfc02479979a3987f6ff3b46b88860ee83b8
libexif-debugsource-0.6.22-6.el8_10.ppc64le.rpm SHA-256: 7f0dd64537f5fbfd165fa08158d132fa4dd41972e20871aff6f6f8d4a51aef5a

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10

SRPM
libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5
s390x
libexif-0.6.22-6.el8_10.s390x.rpm SHA-256: 2dc570d14e5b293b15e20d3c2f70d3c75b809a61a6f1a6f3a3238b601c367ec9
libexif-debuginfo-0.6.22-6.el8_10.s390x.rpm SHA-256: 2b12bdcc600b6aa2ac5ed885c49f6e4c0fa7da9cdedc7a3d58668fff90f0d9c5
libexif-debugsource-0.6.22-6.el8_10.s390x.rpm SHA-256: c8d387ea4fa8a83d51be303217aa92bb69ae9df36f8f0858e96eb34393e812b6

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/