Red Hat Product Errata RHSA-2026:26224 - Security Advisory
Issued:
2026-06-16
Updated:
2026-06-16

RHSA-2026:26224 - Security Advisory

Synopsis

Moderate: libexif security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libexif is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libexif packages provide a library for extracting extra information from image files.

Security Fix(es):

  • libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling (CVE-2026-40385)
  • libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding (CVE-2026-40386)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x

Fixes

  • BZ - 2457687 - CVE-2026-40385 libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling
  • BZ - 2457689 - CVE-2026-40386 libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
libexif-0.6.22-6.el9_6.1.src.rpm SHA-256: f38efc3fa039d075b02a70fe8b361f9d77332d04927d5976a90202b85b0ef506
x86_64
libexif-0.6.22-6.el9_6.1.i686.rpm SHA-256: 32c06d1ced67145819a51c756f96261699b976d81807329d8c03695f11d920df
libexif-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: 24dc8363bd55c7fbd8b37d354a12bafdc1c430f78805d3f188346c4f13c1ca22
libexif-debuginfo-0.6.22-6.el9_6.1.i686.rpm SHA-256: dbe463662ede504cc25943b63331f7e8593d4925394868b114dd080ba71b9078
libexif-debuginfo-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: dc52fb592dd0a426dadac7ffd8f152fd71a80c8d74f734efa8678796dca1b457
libexif-debugsource-0.6.22-6.el9_6.1.i686.rpm SHA-256: 9beef447312c0739545e274fa2a11449ca5ae35b396ca5e4cce74fe4677f0391
libexif-debugsource-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: 7e35b9f63fdc07226c7497260334e9eea2a36216518cf1bff71a62ed89e91235

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
libexif-0.6.22-6.el9_6.1.src.rpm SHA-256: f38efc3fa039d075b02a70fe8b361f9d77332d04927d5976a90202b85b0ef506
x86_64
libexif-0.6.22-6.el9_6.1.i686.rpm SHA-256: 32c06d1ced67145819a51c756f96261699b976d81807329d8c03695f11d920df
libexif-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: 24dc8363bd55c7fbd8b37d354a12bafdc1c430f78805d3f188346c4f13c1ca22
libexif-debuginfo-0.6.22-6.el9_6.1.i686.rpm SHA-256: dbe463662ede504cc25943b63331f7e8593d4925394868b114dd080ba71b9078
libexif-debuginfo-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: dc52fb592dd0a426dadac7ffd8f152fd71a80c8d74f734efa8678796dca1b457
libexif-debugsource-0.6.22-6.el9_6.1.i686.rpm SHA-256: 9beef447312c0739545e274fa2a11449ca5ae35b396ca5e4cce74fe4677f0391
libexif-debugsource-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: 7e35b9f63fdc07226c7497260334e9eea2a36216518cf1bff71a62ed89e91235

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
libexif-0.6.22-6.el9_6.1.src.rpm SHA-256: f38efc3fa039d075b02a70fe8b361f9d77332d04927d5976a90202b85b0ef506
s390x
libexif-0.6.22-6.el9_6.1.s390x.rpm SHA-256: 0967cfa9dc0f832b3c08b7f8dbc6772c8773285e237db64bb6b5c93e54e4eda9
libexif-debuginfo-0.6.22-6.el9_6.1.s390x.rpm SHA-256: 5249602404a4d98b0648d199de0426777a18d56d7ae778fcbaca3a3cf1c1e285
libexif-debugsource-0.6.22-6.el9_6.1.s390x.rpm SHA-256: b81a3d461025568d8835760fd29780a0dd7197e27b5530292ffd04cb67d5a610

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
libexif-0.6.22-6.el9_6.1.src.rpm SHA-256: f38efc3fa039d075b02a70fe8b361f9d77332d04927d5976a90202b85b0ef506
ppc64le
libexif-0.6.22-6.el9_6.1.ppc64le.rpm SHA-256: 1e105b22e156d1a2555f0a58b543fb2a8eb799dfdb374a93b42f858de42acc08
libexif-debuginfo-0.6.22-6.el9_6.1.ppc64le.rpm SHA-256: a04896e2fb9833049caee1c3b9b080d7618d4bb559b39175d1438a16f21c0542
libexif-debugsource-0.6.22-6.el9_6.1.ppc64le.rpm SHA-256: e3e1789d2f98f1912a6f6a5b8772d411d28cebfa3e286749c1b67dea4c2ce23a

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
libexif-0.6.22-6.el9_6.1.src.rpm SHA-256: f38efc3fa039d075b02a70fe8b361f9d77332d04927d5976a90202b85b0ef506
aarch64
libexif-0.6.22-6.el9_6.1.aarch64.rpm SHA-256: 377df436cc11bb0739c3c267c437ae5c558c1a4acab7445ea2e8cb257431e404
libexif-debuginfo-0.6.22-6.el9_6.1.aarch64.rpm SHA-256: 488b3ca4f9fff2defc2588fa45b5fb1daeb6599b7611a7a2eedf282fbed116b0
libexif-debugsource-0.6.22-6.el9_6.1.aarch64.rpm SHA-256: 1a80a24927a57a6651e8a683bc64920202373c89e155b4d3fe3bbcd26fd45f8b

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
libexif-0.6.22-6.el9_6.1.src.rpm SHA-256: f38efc3fa039d075b02a70fe8b361f9d77332d04927d5976a90202b85b0ef506
ppc64le
libexif-0.6.22-6.el9_6.1.ppc64le.rpm SHA-256: 1e105b22e156d1a2555f0a58b543fb2a8eb799dfdb374a93b42f858de42acc08
libexif-debuginfo-0.6.22-6.el9_6.1.ppc64le.rpm SHA-256: a04896e2fb9833049caee1c3b9b080d7618d4bb559b39175d1438a16f21c0542
libexif-debugsource-0.6.22-6.el9_6.1.ppc64le.rpm SHA-256: e3e1789d2f98f1912a6f6a5b8772d411d28cebfa3e286749c1b67dea4c2ce23a

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
libexif-0.6.22-6.el9_6.1.src.rpm SHA-256: f38efc3fa039d075b02a70fe8b361f9d77332d04927d5976a90202b85b0ef506
x86_64
libexif-0.6.22-6.el9_6.1.i686.rpm SHA-256: 32c06d1ced67145819a51c756f96261699b976d81807329d8c03695f11d920df
libexif-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: 24dc8363bd55c7fbd8b37d354a12bafdc1c430f78805d3f188346c4f13c1ca22
libexif-debuginfo-0.6.22-6.el9_6.1.i686.rpm SHA-256: dbe463662ede504cc25943b63331f7e8593d4925394868b114dd080ba71b9078
libexif-debuginfo-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: dc52fb592dd0a426dadac7ffd8f152fd71a80c8d74f734efa8678796dca1b457
libexif-debugsource-0.6.22-6.el9_6.1.i686.rpm SHA-256: 9beef447312c0739545e274fa2a11449ca5ae35b396ca5e4cce74fe4677f0391
libexif-debugsource-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: 7e35b9f63fdc07226c7497260334e9eea2a36216518cf1bff71a62ed89e91235

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6

SRPM
x86_64
libexif-debuginfo-0.6.22-6.el9_6.1.i686.rpm SHA-256: dbe463662ede504cc25943b63331f7e8593d4925394868b114dd080ba71b9078
libexif-debuginfo-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: dc52fb592dd0a426dadac7ffd8f152fd71a80c8d74f734efa8678796dca1b457
libexif-debugsource-0.6.22-6.el9_6.1.i686.rpm SHA-256: 9beef447312c0739545e274fa2a11449ca5ae35b396ca5e4cce74fe4677f0391
libexif-debugsource-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: 7e35b9f63fdc07226c7497260334e9eea2a36216518cf1bff71a62ed89e91235
libexif-devel-0.6.22-6.el9_6.1.i686.rpm SHA-256: 3523f8a25e59f10d5c7b875536d13344644490e344f671fd7aa7feb523e232ec
libexif-devel-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: a8db46cc5a8bb096dee087dfbb8d9cb334e3ec94f52537556ad2a449daa812a5

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6

SRPM
ppc64le
libexif-debuginfo-0.6.22-6.el9_6.1.ppc64le.rpm SHA-256: a04896e2fb9833049caee1c3b9b080d7618d4bb559b39175d1438a16f21c0542
libexif-debugsource-0.6.22-6.el9_6.1.ppc64le.rpm SHA-256: e3e1789d2f98f1912a6f6a5b8772d411d28cebfa3e286749c1b67dea4c2ce23a
libexif-devel-0.6.22-6.el9_6.1.ppc64le.rpm SHA-256: b5ac980a197bd9c1c812a9a22c60a4c192be0a2e42bace69db0d762ded47918c

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6

SRPM
s390x
libexif-debuginfo-0.6.22-6.el9_6.1.s390x.rpm SHA-256: 5249602404a4d98b0648d199de0426777a18d56d7ae778fcbaca3a3cf1c1e285
libexif-debugsource-0.6.22-6.el9_6.1.s390x.rpm SHA-256: b81a3d461025568d8835760fd29780a0dd7197e27b5530292ffd04cb67d5a610
libexif-devel-0.6.22-6.el9_6.1.s390x.rpm SHA-256: 9fab05cd63cbb0f387327eb69ba4f0f17821ffb336b08c6c8d925ac935b18a43

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6

SRPM
aarch64
libexif-debuginfo-0.6.22-6.el9_6.1.aarch64.rpm SHA-256: 488b3ca4f9fff2defc2588fa45b5fb1daeb6599b7611a7a2eedf282fbed116b0
libexif-debugsource-0.6.22-6.el9_6.1.aarch64.rpm SHA-256: 1a80a24927a57a6651e8a683bc64920202373c89e155b4d3fe3bbcd26fd45f8b
libexif-devel-0.6.22-6.el9_6.1.aarch64.rpm SHA-256: 9ce6090d0809a093a9eb4d4302bf864fb6caf7f82fd7f5383c700928a6be470d

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
libexif-0.6.22-6.el9_6.1.src.rpm SHA-256: f38efc3fa039d075b02a70fe8b361f9d77332d04927d5976a90202b85b0ef506
aarch64
libexif-0.6.22-6.el9_6.1.aarch64.rpm SHA-256: 377df436cc11bb0739c3c267c437ae5c558c1a4acab7445ea2e8cb257431e404
libexif-debuginfo-0.6.22-6.el9_6.1.aarch64.rpm SHA-256: 488b3ca4f9fff2defc2588fa45b5fb1daeb6599b7611a7a2eedf282fbed116b0
libexif-debugsource-0.6.22-6.el9_6.1.aarch64.rpm SHA-256: 1a80a24927a57a6651e8a683bc64920202373c89e155b4d3fe3bbcd26fd45f8b

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
libexif-0.6.22-6.el9_6.1.src.rpm SHA-256: f38efc3fa039d075b02a70fe8b361f9d77332d04927d5976a90202b85b0ef506
s390x
libexif-0.6.22-6.el9_6.1.s390x.rpm SHA-256: 0967cfa9dc0f832b3c08b7f8dbc6772c8773285e237db64bb6b5c93e54e4eda9
libexif-debuginfo-0.6.22-6.el9_6.1.s390x.rpm SHA-256: 5249602404a4d98b0648d199de0426777a18d56d7ae778fcbaca3a3cf1c1e285
libexif-debugsource-0.6.22-6.el9_6.1.s390x.rpm SHA-256: b81a3d461025568d8835760fd29780a0dd7197e27b5530292ffd04cb67d5a610

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6

SRPM
libexif-0.6.22-6.el9_6.1.src.rpm SHA-256: f38efc3fa039d075b02a70fe8b361f9d77332d04927d5976a90202b85b0ef506
x86_64
libexif-0.6.22-6.el9_6.1.i686.rpm SHA-256: 32c06d1ced67145819a51c756f96261699b976d81807329d8c03695f11d920df
libexif-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: 24dc8363bd55c7fbd8b37d354a12bafdc1c430f78805d3f188346c4f13c1ca22
libexif-debuginfo-0.6.22-6.el9_6.1.i686.rpm SHA-256: dbe463662ede504cc25943b63331f7e8593d4925394868b114dd080ba71b9078
libexif-debuginfo-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: dc52fb592dd0a426dadac7ffd8f152fd71a80c8d74f734efa8678796dca1b457
libexif-debugsource-0.6.22-6.el9_6.1.i686.rpm SHA-256: 9beef447312c0739545e274fa2a11449ca5ae35b396ca5e4cce74fe4677f0391
libexif-debugsource-0.6.22-6.el9_6.1.x86_64.rpm SHA-256: 7e35b9f63fdc07226c7497260334e9eea2a36216518cf1bff71a62ed89e91235

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6

SRPM
libexif-0.6.22-6.el9_6.1.src.rpm SHA-256: f38efc3fa039d075b02a70fe8b361f9d77332d04927d5976a90202b85b0ef506
aarch64
libexif-0.6.22-6.el9_6.1.aarch64.rpm SHA-256: 377df436cc11bb0739c3c267c437ae5c558c1a4acab7445ea2e8cb257431e404
libexif-debuginfo-0.6.22-6.el9_6.1.aarch64.rpm SHA-256: 488b3ca4f9fff2defc2588fa45b5fb1daeb6599b7611a7a2eedf282fbed116b0
libexif-debugsource-0.6.22-6.el9_6.1.aarch64.rpm SHA-256: 1a80a24927a57a6651e8a683bc64920202373c89e155b4d3fe3bbcd26fd45f8b

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6

SRPM
libexif-0.6.22-6.el9_6.1.src.rpm SHA-256: f38efc3fa039d075b02a70fe8b361f9d77332d04927d5976a90202b85b0ef506
ppc64le
libexif-0.6.22-6.el9_6.1.ppc64le.rpm SHA-256: 1e105b22e156d1a2555f0a58b543fb2a8eb799dfdb374a93b42f858de42acc08
libexif-debuginfo-0.6.22-6.el9_6.1.ppc64le.rpm SHA-256: a04896e2fb9833049caee1c3b9b080d7618d4bb559b39175d1438a16f21c0542
libexif-debugsource-0.6.22-6.el9_6.1.ppc64le.rpm SHA-256: e3e1789d2f98f1912a6f6a5b8772d411d28cebfa3e286749c1b67dea4c2ce23a

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6

SRPM
libexif-0.6.22-6.el9_6.1.src.rpm SHA-256: f38efc3fa039d075b02a70fe8b361f9d77332d04927d5976a90202b85b0ef506
s390x
libexif-0.6.22-6.el9_6.1.s390x.rpm SHA-256: 0967cfa9dc0f832b3c08b7f8dbc6772c8773285e237db64bb6b5c93e54e4eda9
libexif-debuginfo-0.6.22-6.el9_6.1.s390x.rpm SHA-256: 5249602404a4d98b0648d199de0426777a18d56d7ae778fcbaca3a3cf1c1e285
libexif-debugsource-0.6.22-6.el9_6.1.s390x.rpm SHA-256: b81a3d461025568d8835760fd29780a0dd7197e27b5530292ffd04cb67d5a610

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.