Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:26567 - Security Advisory
Issued:
2026-06-17
Updated:
2026-06-17

RHSA-2026:26567 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: libexif security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libexif is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libexif packages provide a library for extracting extra information from image files.

Security Fix(es):

  • libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling (CVE-2026-40385)
  • libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding (CVE-2026-40386)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 2457687 - CVE-2026-40385 libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling
  • BZ - 2457689 - CVE-2026-40386 libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding

CVEs

  • CVE-2026-40385
  • CVE-2026-40386

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
libexif-0.6.22-3.el7_9.src.rpm SHA-256: c238792a4a1018f716c0ad8f61b5303c66b3f7d94caf5cf0c96233077012a655
x86_64
libexif-0.6.22-3.el7_9.i686.rpm SHA-256: 7f178c803c33355cbcb3df5788a26d86f284c4bedd2571f68e5aec2b5a3afe5f
libexif-0.6.22-3.el7_9.x86_64.rpm SHA-256: 88df1d05d6e7b52bb891d8e0593b3d56428f765ac4e875b8f0de7fc354f66442
libexif-debuginfo-0.6.22-3.el7_9.i686.rpm SHA-256: e62f9753932769695ba426038d45b97cf2b49006774f0f2d78e685f9380d10a3
libexif-debuginfo-0.6.22-3.el7_9.i686.rpm SHA-256: e62f9753932769695ba426038d45b97cf2b49006774f0f2d78e685f9380d10a3
libexif-debuginfo-0.6.22-3.el7_9.x86_64.rpm SHA-256: ea7d8b6b5dc92c3bb9b2bac8eea88212511c98d00fbb5adb24d19dc8077b7c66
libexif-debuginfo-0.6.22-3.el7_9.x86_64.rpm SHA-256: ea7d8b6b5dc92c3bb9b2bac8eea88212511c98d00fbb5adb24d19dc8077b7c66
libexif-devel-0.6.22-3.el7_9.i686.rpm SHA-256: f732c97ac8110a69bca1677bfdc6e3cda7c0dd51d4b5853f7df6d5ad130b49a2
libexif-devel-0.6.22-3.el7_9.x86_64.rpm SHA-256: 9b4941c1040af310188de46e0b7533b5c5d1228045622616357b665a73dc06ee
libexif-doc-0.6.22-3.el7_9.x86_64.rpm SHA-256: 8abbb6825ecabff487465c492d539a07fa9c075a78aa0fdc75fb7b835fdb63ec

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
libexif-0.6.22-3.el7_9.src.rpm SHA-256: c238792a4a1018f716c0ad8f61b5303c66b3f7d94caf5cf0c96233077012a655
s390x
libexif-0.6.22-3.el7_9.s390.rpm SHA-256: 5a6ad234855d789dc2bdd3891ea99c3eded1179781fb95de97e3e702cfe7d9de
libexif-0.6.22-3.el7_9.s390x.rpm SHA-256: f5d72236d5a9748cd90a7e9a3181a9d15e852608ccd33810e2d0dfb0e464b8bd
libexif-debuginfo-0.6.22-3.el7_9.s390.rpm SHA-256: 8ee589f8c423c0001fe31d9eb8fb60746234b4b011e3536041abda2ed23ecdd4
libexif-debuginfo-0.6.22-3.el7_9.s390.rpm SHA-256: 8ee589f8c423c0001fe31d9eb8fb60746234b4b011e3536041abda2ed23ecdd4
libexif-debuginfo-0.6.22-3.el7_9.s390x.rpm SHA-256: feaaf0d0f7c617d6509d8de54aa3789de04a8b681553c42adb29615c504802a0
libexif-debuginfo-0.6.22-3.el7_9.s390x.rpm SHA-256: feaaf0d0f7c617d6509d8de54aa3789de04a8b681553c42adb29615c504802a0
libexif-devel-0.6.22-3.el7_9.s390.rpm SHA-256: bce85682b6bf76c0537a012ae4bd86264741c3bb418b90224e2eb59db1c2b79a
libexif-devel-0.6.22-3.el7_9.s390x.rpm SHA-256: 52ed8aecc79cba4a03d02627ead520cc6cf5400fb90cdcc8733dcd4b82cc5903
libexif-doc-0.6.22-3.el7_9.s390x.rpm SHA-256: 5476629d87fa539e86d567141512789d1ee6487e50072aa4cbfabd834248fe08

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
libexif-0.6.22-3.el7_9.src.rpm SHA-256: c238792a4a1018f716c0ad8f61b5303c66b3f7d94caf5cf0c96233077012a655
ppc64
libexif-0.6.22-3.el7_9.ppc.rpm SHA-256: 985113df75b595616a5254df758836dda564426dbee7f2406d8c2b82058ebc16
libexif-0.6.22-3.el7_9.ppc64.rpm SHA-256: d54cdf3549dcc8f11313efb3ae67b2e1058977657161746ff541c5a4c90ed04b
libexif-debuginfo-0.6.22-3.el7_9.ppc.rpm SHA-256: 5b467337653f71405e70618cfee9f7718e934bc3eba8b509c1a5b946277ac275
libexif-debuginfo-0.6.22-3.el7_9.ppc.rpm SHA-256: 5b467337653f71405e70618cfee9f7718e934bc3eba8b509c1a5b946277ac275
libexif-debuginfo-0.6.22-3.el7_9.ppc64.rpm SHA-256: 0da4b252bf58aa0f107b84b675e1bcbe8e8b6d2c748b2ab0b75d83a849c344ba
libexif-debuginfo-0.6.22-3.el7_9.ppc64.rpm SHA-256: 0da4b252bf58aa0f107b84b675e1bcbe8e8b6d2c748b2ab0b75d83a849c344ba
libexif-devel-0.6.22-3.el7_9.ppc.rpm SHA-256: c4e4818c42d879c8d525ccc4d158d190308121c5e8f3e4bcd312084796a5f432
libexif-devel-0.6.22-3.el7_9.ppc64.rpm SHA-256: 4418fbdefccd6981083e1ba5f15d51122922f7a49cf73fc2e1200651152ea476
libexif-doc-0.6.22-3.el7_9.ppc64.rpm SHA-256: c574bc4d0f0460d2ad49b592029406312d3094e5794a9adf103175b854246544

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
libexif-0.6.22-3.el7_9.src.rpm SHA-256: c238792a4a1018f716c0ad8f61b5303c66b3f7d94caf5cf0c96233077012a655
ppc64le
libexif-0.6.22-3.el7_9.ppc64le.rpm SHA-256: f086f08fa4fece6bf1dbbe25306750861c8706ef674427b5b8ed2a17907623a8
libexif-debuginfo-0.6.22-3.el7_9.ppc64le.rpm SHA-256: 6a9bce56661b047070f29ed43ad64b086e8804e661db80be8eebb127cf32a158
libexif-debuginfo-0.6.22-3.el7_9.ppc64le.rpm SHA-256: 6a9bce56661b047070f29ed43ad64b086e8804e661db80be8eebb127cf32a158
libexif-devel-0.6.22-3.el7_9.ppc64le.rpm SHA-256: be4a805bd45c22b26f8b2d69a34cda36e18e7920f34409bbfb5b4e25d11f6561
libexif-doc-0.6.22-3.el7_9.ppc64le.rpm SHA-256: b6649bbcdbcc67034c41969cd3453ee35bbfe4a06644827143fb665f75f0cd02

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility