You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa exiv2

Sigurnosni nedostatak programskog paketa exiv2

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Low: exiv2 security update
Advisory ID: RHSA-2020:4030-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4030
Issue date: 2020-09-29
CVE Names: CVE-2019-17402
=====================================================================

1. Summary:

An update for exiv2 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) – x86_64
Red Hat Enterprise Linux Client Optional (v. 7) – noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) – x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) – x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) – noarch, x86_64

3. Description:

The exiv2 packages provide a command line utility which can display and
manipulate image metadata such as EXIF, LPTC, and JPEG comments.

Security Fix(es):

* exiv2: out-of-bounds read in CiffDirectory::readDirectory due to lack of
size check (CVE-2019-17402)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.9 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1773683 – CVE-2019-17402 exiv2: out-of-bounds read in CiffDirectory::readDirectory due to lack of size check

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
exiv2-0.27.0-3.el7_8.src.rpm

x86_64:
exiv2-0.27.0-3.el7_8.x86_64.rpm
exiv2-debuginfo-0.27.0-3.el7_8.i686.rpm
exiv2-debuginfo-0.27.0-3.el7_8.x86_64.rpm
exiv2-libs-0.27.0-3.el7_8.i686.rpm
exiv2-libs-0.27.0-3.el7_8.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
exiv2-doc-0.27.0-3.el7_8.noarch.rpm

x86_64:
exiv2-debuginfo-0.27.0-3.el7_8.i686.rpm
exiv2-debuginfo-0.27.0-3.el7_8.x86_64.rpm
exiv2-devel-0.27.0-3.el7_8.i686.rpm
exiv2-devel-0.27.0-3.el7_8.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
exiv2-0.27.0-3.el7_8.src.rpm

x86_64:
exiv2-0.27.0-3.el7_8.x86_64.rpm
exiv2-debuginfo-0.27.0-3.el7_8.i686.rpm
exiv2-debuginfo-0.27.0-3.el7_8.x86_64.rpm
exiv2-libs-0.27.0-3.el7_8.i686.rpm
exiv2-libs-0.27.0-3.el7_8.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
exiv2-doc-0.27.0-3.el7_8.noarch.rpm

x86_64:
exiv2-debuginfo-0.27.0-3.el7_8.i686.rpm
exiv2-debuginfo-0.27.0-3.el7_8.x86_64.rpm
exiv2-devel-0.27.0-3.el7_8.i686.rpm
exiv2-devel-0.27.0-3.el7_8.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
exiv2-0.27.0-3.el7_8.src.rpm

ppc64:
exiv2-0.27.0-3.el7_8.ppc64.rpm
exiv2-debuginfo-0.27.0-3.el7_8.ppc.rpm
exiv2-debuginfo-0.27.0-3.el7_8.ppc64.rpm
exiv2-libs-0.27.0-3.el7_8.ppc.rpm
exiv2-libs-0.27.0-3.el7_8.ppc64.rpm

ppc64le:
exiv2-0.27.0-3.el7_8.ppc64le.rpm
exiv2-debuginfo-0.27.0-3.el7_8.ppc64le.rpm
exiv2-libs-0.27.0-3.el7_8.ppc64le.rpm

s390x:
exiv2-0.27.0-3.el7_8.s390x.rpm
exiv2-debuginfo-0.27.0-3.el7_8.s390.rpm
exiv2-debuginfo-0.27.0-3.el7_8.s390x.rpm
exiv2-libs-0.27.0-3.el7_8.s390.rpm
exiv2-libs-0.27.0-3.el7_8.s390x.rpm

x86_64:
exiv2-0.27.0-3.el7_8.x86_64.rpm
exiv2-debuginfo-0.27.0-3.el7_8.i686.rpm
exiv2-debuginfo-0.27.0-3.el7_8.x86_64.rpm
exiv2-libs-0.27.0-3.el7_8.i686.rpm
exiv2-libs-0.27.0-3.el7_8.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
exiv2-doc-0.27.0-3.el7_8.noarch.rpm

ppc64:
exiv2-debuginfo-0.27.0-3.el7_8.ppc.rpm
exiv2-debuginfo-0.27.0-3.el7_8.ppc64.rpm
exiv2-devel-0.27.0-3.el7_8.ppc.rpm
exiv2-devel-0.27.0-3.el7_8.ppc64.rpm

ppc64le:
exiv2-debuginfo-0.27.0-3.el7_8.ppc64le.rpm
exiv2-devel-0.27.0-3.el7_8.ppc64le.rpm

s390x:
exiv2-debuginfo-0.27.0-3.el7_8.s390.rpm
exiv2-debuginfo-0.27.0-3.el7_8.s390x.rpm
exiv2-devel-0.27.0-3.el7_8.s390.rpm
exiv2-devel-0.27.0-3.el7_8.s390x.rpm

x86_64:
exiv2-debuginfo-0.27.0-3.el7_8.i686.rpm
exiv2-debuginfo-0.27.0-3.el7_8.x86_64.rpm
exiv2-devel-0.27.0-3.el7_8.i686.rpm
exiv2-devel-0.27.0-3.el7_8.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
exiv2-0.27.0-3.el7_8.src.rpm

x86_64:
exiv2-0.27.0-3.el7_8.x86_64.rpm
exiv2-debuginfo-0.27.0-3.el7_8.i686.rpm
exiv2-debuginfo-0.27.0-3.el7_8.x86_64.rpm
exiv2-libs-0.27.0-3.el7_8.i686.rpm
exiv2-libs-0.27.0-3.el7_8.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
exiv2-doc-0.27.0-3.el7_8.noarch.rpm

x86_64:
exiv2-debuginfo-0.27.0-3.el7_8.i686.rpm
exiv2-debuginfo-0.27.0-3.el7_8.x86_64.rpm
exiv2-devel-0.27.0-3.el7_8.i686.rpm
exiv2-devel-0.27.0-3.el7_8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-17402
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX3Oh3NzjgjWX9erEAQhDig/7BzKtq2TfA2bn3wYdk8U2N7m+qirD6fSO
aJ/Eyh6Kmp+KLAihzYmENXa4DK7LlecgYI6Y9xIka8G57RmaD0y9KOh4ICdLHoeu
aSoZlCYrk67lAttEUNxVr+7O5+nEKW7Q3f0KMUc7Ih9nLqqFtZg5ZzlXbopCFGP/
M3yHBDNTWS673uurgfQBJOqZAkuWkSpEv5sogcMpYxLKUKPQoIasdHq2PBoHi5PS
Doz0W4NfHPcYxCO4cJn7nj1LBppMe3+TnnosvMJEO7CX2PAWngqh5wagvT+6btc1
r5oBTOEcWFDh8N5dMu1lo18HmqWYXmNXDccB5q+tyn2hBli8giKKJChiWR2Zg/2y
2tKkBXSY9Rr9eL1UZQPxKNclPs/bhRTomCmy0hd4uyNmeFEAEbTF17BTC6jmHr13
+941Cr615iqeweAkSyeJ0Yv+SknxyUONp6ETMYQQ7nVQ/MR/HM/7XUyor3uHNLKx
XBoolaYU1f0iJRyEt0bBsFr2psaEvbtcbVrWXQfzID/yS+26fcL6eQaxBkFmQ5mm
f29VdjoVbuGgDCznxwLc6O5l9YQo0IcBtybfqhCfHR+9iVJRP/bTSX1PgfpaNN7a
aKPjNBtycfUrVtycRPTpK3/Nd56LyfA+wTOXa1D/LhxVK9zFBfZKAesXobtBIjvt
uyQK3yZKV6o=
=nxf4
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libpng

Otkriven je sigurnosni nedostatak programske biblioteke libpng za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja, izvršavanje...

Close