Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
89
security advisoryfedorasegmentation faultFedora 43: exiv2 Low ABI Breakage Fix CVE-2025-54080 2025-c23727e694
Exiv2 0.28.6 + patch to fix silent abi breakage Exiv2 v0.28.6 (Fixes two low severity CVEs). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c23727e694 2025-09-16 00:18:50.663507+00:00 -------------------------------------------------------------------------------- Name : exiv2 Product : Fedora 43 Version : 0.28.6 Release : 2.fc43 URL : https://exiv2.org/ Summary : Exif, IPTC and XMP metadata manipulation library Description : A command line utility to access image metadata, allowing one to: * print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag * print the Iptc metadata of Jpeg images * print the Jpeg comment of Jpeg images * set, add and delete Exif and Iptc metadata of Jpeg images * adjust the Exif timestamp (that's how it all started...) * rename Exif image files according to the Exif timestamp * extract, insert and delete Exif metadata (including thumbnails), Iptc metadata and Jpeg comments -------------------------------------------------------------------------------- Update Information: Exiv2 0.28.6 + patch to fix silent abi breakage Exiv2 v0.28.6 (Fixes two low severity CVEs) -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 31 2025 Steve Cossette - 0.28.6-2 - Make methods non-virtual (Fix for a silent ABI change introduced in 0.28.6) * Fri Aug 29 2025 Steve Cossette - 0.28.6-1 - 0.28.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391817 - CVE-2025-54080 exiv2: Exiv2 Segmentation Faults [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2391817 [ 2 ] Bug #2391838 - CVE-2025-55304 exiv2: Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2391838 [ 3 ] Bug #2391902 -exiv2-0.28.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2391902 [ 4 ] Bug #2391935 - FE: Exiv2 v0.28.6 https://bugzilla.redhat.com/show_bug.cgi?id=2391935 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c23727e694' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 16, 2025
•Low
Fedora
89
security advisoryfedorapatchFedora 42: exiv2 Low Severity Issues Fixed in Advisory 2025-387e64c9fd
Exiv2 0.28.6 + patch to fix silent abi breakage Exiv2 v0.28.6 (Fixes two low severity CVEs). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-387e64c9fd 2025-09-01 00:50:28.877933+00:00 -------------------------------------------------------------------------------- Name : exiv2 Product : Fedora 42 Version : 0.28.6 Release : 2.fc42 URL : https://exiv2.org/ Summary : Exif, IPTC and XMP metadata manipulation library Description : A command line utility to access image metadata, allowing one to: * print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag * print the Iptc metadata of Jpeg images * print the Jpeg comment of Jpeg images * set, add and delete Exif and Iptc metadata of Jpeg images * adjust the Exif timestamp (that's how it all started...) * rename Exif image files according to the Exif timestamp * extract, insert and delete Exif metadata (including thumbnails), Iptc metadata and Jpeg comments -------------------------------------------------------------------------------- Update Information: Exiv2 0.28.6 + patch to fix silent abi breakage Exiv2 v0.28.6 (Fixes two low severity CVEs) -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 31 2025 Steve Cossette - 0.28.6-2 - Make methods non-virtual (Fix for a silent ABI change introduced in 0.28.6) * Fri Aug 29 2025 Steve Cossette - 0.28.6-1 - 0.28.6 * Wed Jul 23 2025 Fedora Release Engineering - 0.28.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391817 - CVE-2025-54080 exiv2: Exiv2 Segmentation Faults [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2391817 [ 2 ] Bug #2391838 - CVE-2025-55304 exiv2: Exiv2 has quadratic performance in ICC profileparsing in JpegBase::readMetadata [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2391838 [ 3 ] Bug #2391902 - exiv2-0.28.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2391902 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-387e64c9fd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 01, 2025
•Low
Fedora
219
security advisorysecurity fiximportantRocky Linux 8 RLSA-2021:3153 Important: Compat-Exiv2 Security Issue
Important: compat-exiv2-026 security update. \{'type': 'Security', 'shortCode': 'RL', 'name': 'RLSA-2021:3153', 'synopsis': 'Important: compat-exiv2-026 security update', 'severity': 'Important', 'topic': 'An update for compat-exiv2-026 is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.', 'description': 'Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.', 'solution': None, 'affectedProducts': ['Rocky Linux 8'], 'fixes': ['1990327'], 'cves': ['Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31291.json:::CVE-2021-31291'], 'references': [], 'publishedAt': '2021-08-16T22:28:01.054438Z', 'rpms': ['compat-exiv2-026-0.26-4.el8_4.aarch64.rpm', 'compat-exiv2-026-0.26-4.el8_4.i686.rpm', 'compat-exiv2-026-0.26-4.el8_4.src.rpm', 'compat-exiv2-026-0.26-4.el8_4.x86_64.rpm', 'compat-exiv2-026-debuginfo-0.26-4.el8_4.aarch64.rpm', 'compat-exiv2-026-debuginfo-0.26-4.el8_4.i686.rpm', 'compat-exiv2-026-debuginfo-0.26-4.el8_4.x86_64.rpm', 'compat-exiv2-026-debugsource-0.26-4.el8_4.aarch64.rpm', 'compat-exiv2-026-debugsource-0.26-4.el8_4.i686.rpm', 'compat-exiv2-026-debugsource-0.26-4.el8_4.x86_64.rpm', 'exiv2-0.27.3-3.el8_4.aarch64.rpm', 'exiv2-0.27.3-3.el8_4.src.rpm', 'exiv2-0.27.3-3.el8_4.x86_64.rpm', 'exiv2-debuginfo-0.27.3-3.el8_4.aarch64.rpm', 'exiv2-debuginfo-0.27.3-3.el8_4.i686.rpm', 'exiv2-debuginfo-0.27.3-3.el8_4.x86_64.rpm','exiv2-debugsource-0.27.3-3.el8_4.aarch64.rpm', 'exiv2-debugsource-0.27.3-3.el8_4.i686.rpm', 'exiv2-debugsource-0.27.3-3.el8_4.x86_64.rpm', 'exiv2-devel-0.27.3-3.el8_4.aarch64.rpm', 'exiv2-devel-0.27.3-3.el8_4.i686.rpm', 'exiv2-devel-0.27.3-3.el8_4.x86_64.rpm', 'exiv2-doc-0.27.3-3.el8_4.noarch.rpm', 'exiv2-libs-0.27.3-3.el8_4.aarch64.rpm', 'exiv2-libs-0.27.3-3.el8_4.i686.rpm', 'exiv2-libs-0.27.3-3.el8_4.x86_64.rpm', 'exiv2-libs-debuginfo-0.27.3-3.el8_4.aarch64.rpm', 'exiv2-libs-debuginfo-0.27.3-3.el8_4.i686.rpm', 'exiv2-libs-debuginfo-0.27.3-3.el8_4.x86_64.rpm']}\. A crucial safety patch for compat-exiv2-026 has been released for Rocky Linux 8, tackling security vulnerabilities classified as significant.. Rocky Linux important update, compat-exiv2 security fix, Linux software patch. . Severity: Important. LinuxSecurity.com Team
Sep 02, 2022
•Important
Rocky Linux
89
security advisoryfedoraupdateFedora 34: Security Advisory for perl-Image-ExifTool 12.38 CVE-2022-23935
Update to 12.38 to fix CVE-2022-23935. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-f3ab9c77bc 2022-02-04 01:20:59.298205 --------------------------------------------------------------------------------Name : perl-Image-ExifTool Product : Fedora 34 Version : 12.38 Release : 1.fc34 URL : https://exiftool.org/ Summary : Utility for reading and writing image meta info Description : ExifTool is a Perl module with an included command-line application for reading and writing meta information in image, audio, and video files. It reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, and ID3 meta information from JPG, JP2, TIFF, GIF, PNG, MNG, JNG, MIFF, EPS, PS, AI, PDF, PSD, BMP, THM, CRW, CR2, MRW, NEF, PEF, ORF, DNG, and many other types of images. ExifTool also extracts information from the maker notes of many digital cameras by various manufacturers including Canon, Casio, FujiFilm, GE, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Reconyx, Ricoh, Samsung, Sanyo, Sigma/Foveon, and Sony. --------------------------------------------------------------------------------Update Information: Update to 12.38 to fix CVE-2022-23935 --------------------------------------------------------------------------------ChangeLog: * Tue Jan 25 2022 Tom Callaway - 12.38-1 - update to 12.38 for CVE-2022-23935 NOTE: 12.38 is not considered a "Stable" release and is not on CPAN * Fri Jan 21 2022 Fedora Release Engineering - 12.30-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2045028 - CVE-2022-23935 perl-Image-ExifTool: lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check https://bugzilla.redhat.com/show_bug.cgi?id=2045028 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-f3ab9c77bc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 03, 2022
•Important
Fedora
98
security advisorymoderateRed HatRed Hat Enterprise Linux 8 RHSA-2021:4319-01 Moderate: compat-exiv2-026 DoS
An update for compat-exiv2-026 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: compat-exiv2-026 security update Advisory ID: RHSA-2021:4319-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4319 Issue date: 2021-11-09 CVE Names: CVE-2021-31292 CVE-2021-37618 CVE-2021-37619 ==================================================================== 1. Summary: An update for compat-exiv2-026 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fix(es): * exiv2: Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS (CVE-2021-31292) * exiv2: Out-of-bounds read in Exiv2::Jp2Image::printStructure (CVE-2021-37618) * exiv2: Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header (CVE-2021-37619) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailedinformation on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1990330 - CVE-2021-31292 exiv2: Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS 1992165 - CVE-2021-37618 exiv2: Out-of-bounds read in Exiv2::Jp2Image::printStructure 1992174 - CVE-2021-37619 exiv2: Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: compat-exiv2-026-0.26-6.el8.src.rpm aarch64: compat-exiv2-026-0.26-6.el8.aarch64.rpm compat-exiv2-026-debuginfo-0.26-6.el8.aarch64.rpm compat-exiv2-026-debugsource-0.26-6.el8.aarch64.rpm ppc64le: compat-exiv2-026-0.26-6.el8.ppc64le.rpm compat-exiv2-026-debuginfo-0.26-6.el8.ppc64le.rpm compat-exiv2-026-debugsource-0.26-6.el8.ppc64le.rpm s390x: compat-exiv2-026-0.26-6.el8.s390x.rpm compat-exiv2-026-debuginfo-0.26-6.el8.s390x.rpm compat-exiv2-026-debugsource-0.26-6.el8.s390x.rpm x86_64: compat-exiv2-026-0.26-6.el8.i686.rpm compat-exiv2-026-0.26-6.el8.x86_64.rpm compat-exiv2-026-debuginfo-0.26-6.el8.i686.rpm compat-exiv2-026-debuginfo-0.26-6.el8.x86_64.rpm compat-exiv2-026-debugsource-0.26-6.el8.i686.rpm compat-exiv2-026-debugsource-0.26-6.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-31292 https://access.redhat.com/security/cve/CVE-2021-37618 https://access.redhat.com/security/cve/CVE-2021-37619 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.5_release_notes/index 8. Contact: The Red Hat security contact is . Morecontact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYrd/dzjgjWX9erEAQj7gA/+M19KLrkOOD/i8CQL4jzhiraUP1EbW2Mi F//zYV7rhExkNmkxZVeMYy60eUEHZBVU/jYLxUs23inLirBUg4vfAfVQ/brarewJ Uik6I/VbRfDxRm/VFMhj/l0ddS9RAwVQ/cUEuKLONTLep0Vs3nCM7FrxdnV3bsbQ aqAlxveaLorzBH2XFGMWlC6qNgjZ52Ah5Nes/RbGkuqQIBc66aXtKYCkY8PoPLOk E1uwzCpvFxRSceyi7KRFg12nB8u5syUW62r43UPv4VAE9oknrJ3vdpLHnckiXk9z /8yUVzPbVNM22mOKSIStxix1pKYbChuBX35sh/ec8eE4+WE6GkmrWJK+49W65Bco smrSzfdcR4ZAKCMa315sXT53F2MVv9wpRoB0jyy0HUkepENNWEWJNVkDzDmmJ6tX 0zQCBIaFuT/oYxa6TqG/ZctpGUS6LsmlqV7T01jBDGWYmz2MuxSq7qk4XQw+au4j XxcIcyGSuyVnFKDTk0XwweUhqRYJWpUyPK0Cfd8cRcMND6WaoZOzthYNCmtx+oqM zkuYcpFr+LpBoAsOgnF2sXTsXxj54JPT3TsjBLH5LShzwwPiBmAk6xVXfbSY4xQr y3mftTPkjxfFhnCuw0bYYkRI70Irb9DjpoPs88ttA1dCJIAi7a1h8ltqfT7m0WgB AvlRwMGZqPo=3axx -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 09, 2021
Red Hat
98
security advisoryRed Hatbuffer overflowRedHat: RHSA-2021-3240-01 Critical: compat-libpng-001 Stack Overflow
An update for compat-exiv2-026 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: compat-exiv2-026 security update Advisory ID: RHSA-2021:3230-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3230 Issue date: 2021-08-19 CVE Names: CVE-2021-31291 ==================================================================== 1. Summary: An update for compat-exiv2-026 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fix(es): * exiv2: Heap-based buffer overflow vulnerability in jp2image.cpp (CVE-2021-31291) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 1990327 - CVE-2021-31291 exiv2: Heap-based buffer overflow vulnerability in jp2image.cpp 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: compat-exiv2-026-0.26-4.el8_2.src.rpm aarch64: compat-exiv2-026-0.26-4.el8_2.aarch64.rpm compat-exiv2-026-debuginfo-0.26-4.el8_2.aarch64.rpm compat-exiv2-026-debugsource-0.26-4.el8_2.aarch64.rpm ppc64le: compat-exiv2-026-0.26-4.el8_2.ppc64le.rpm compat-exiv2-026-debuginfo-0.26-4.el8_2.ppc64le.rpm compat-exiv2-026-debugsource-0.26-4.el8_2.ppc64le.rpm s390x: compat-exiv2-026-0.26-4.el8_2.s390x.rpm compat-exiv2-026-debuginfo-0.26-4.el8_2.s390x.rpm compat-exiv2-026-debugsource-0.26-4.el8_2.s390x.rpm x86_64: compat-exiv2-026-0.26-4.el8_2.i686.rpm compat-exiv2-026-0.26-4.el8_2.x86_64.rpm compat-exiv2-026-debuginfo-0.26-4.el8_2.i686.rpm compat-exiv2-026-debuginfo-0.26-4.el8_2.x86_64.rpm compat-exiv2-026-debugsource-0.26-4.el8_2.i686.rpm compat-exiv2-026-debugsource-0.26-4.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-31291 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYSe+VNzjgjWX9erEAQiqxBAAmJYPzb5h4fz9lYJmrzt/uNoWbvtTCrr+ 1ngDlaq1YUXNvwLwRNThprAVpGNBiEfqGm7pBi8VLMkUpmV9dW6fS+fHaLxijXFz /Lcr7VUCn3rliePMChs8bZTvxc6KiCEep4J/A9xRU4z+YVIoOkwqgLmXgdufFA2K OYXZb/GTBGpwZKbYg8kGsJbDNk4LJTibeV2RXZk8zXLKmz9DgU7VjI1uu87F8nvv aRGkkPBcXF1jZV9U7Q4urX7s256Uhm487G4OwCgHBc6DPrzinerPc2EWorUzEvh0 qQM7StpoHBYl3IkgstPfC9I7ifEhDplDLkE/CyiDBgieuIeW6KvnrWg4YxPrvap9 t03c1q5iLkkz4HQVLOJ/nvikQ8HBsnLl1XCDO5/6TPVrJC4dB1qv5J9WEde6Ir1d 2X60b90S4bYbNNeD79p4vxcK09ha/qLiaugydGIPSdlak/5+YAwMs8ZDNWYzH21P cu6U5u7i1FbYf8j0Yar87iD0LiKeYBmW+1s49kCisnWLzvSIx33k1IdJlWHfZf2Q EynyzXWvjlcFl7P4JVzEOLm7CdWTOaxE/BbUA0Hm6UoI+pXiOZh+gDF/Y4Ee4wfA tzpF0TQQ0vDNRDjHHvKJxIguprpDIBek7Zy81283EyGnstgiw3/AgAA/XWSWjzfV VGANttYh2h8=/IK/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 26, 2021
•Important
Red Hat
98
security advisoryRed Hatbug fixRHEL 8 RHSA-2021-1758-01 Low: exiv2 Out-of-Bounds Read Security Fix
An update for exiv2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: exiv2 security, bug fix, and enhancement update Advisory ID: RHSA-2021:1758-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1758 Issue date: 2021-05-18 CVE Names: CVE-2019-17402 ==================================================================== 1. Summary: An update for exiv2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. The following packages have been upgraded to a later upstream version: exiv2 (0.27.3). (BZ#1880984) Security Fix(es): * exiv2: out-of-bounds read in CiffDirectory::readDirectory due to lack of size check (CVE-2019-17402) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Noteslinked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1773683 - CVE-2019-17402 exiv2: out-of-bounds read in CiffDirectory::readDirectory due to lack of size check 1880984 - Rebase exiv2 to 0.27.3 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: exiv2-0.27.3-2.el8.src.rpm aarch64: exiv2-0.27.3-2.el8.aarch64.rpm exiv2-debuginfo-0.27.3-2.el8.aarch64.rpm exiv2-debugsource-0.27.3-2.el8.aarch64.rpm exiv2-libs-0.27.3-2.el8.aarch64.rpm exiv2-libs-debuginfo-0.27.3-2.el8.aarch64.rpm ppc64le: exiv2-0.27.3-2.el8.ppc64le.rpm exiv2-debuginfo-0.27.3-2.el8.ppc64le.rpm exiv2-debugsource-0.27.3-2.el8.ppc64le.rpm exiv2-libs-0.27.3-2.el8.ppc64le.rpm exiv2-libs-debuginfo-0.27.3-2.el8.ppc64le.rpm s390x: exiv2-0.27.3-2.el8.s390x.rpm exiv2-debuginfo-0.27.3-2.el8.s390x.rpm exiv2-debugsource-0.27.3-2.el8.s390x.rpm exiv2-libs-0.27.3-2.el8.s390x.rpm exiv2-libs-debuginfo-0.27.3-2.el8.s390x.rpm x86_64: exiv2-0.27.3-2.el8.x86_64.rpm exiv2-debuginfo-0.27.3-2.el8.i686.rpm exiv2-debuginfo-0.27.3-2.el8.x86_64.rpm exiv2-debugsource-0.27.3-2.el8.i686.rpm exiv2-debugsource-0.27.3-2.el8.x86_64.rpm exiv2-libs-0.27.3-2.el8.i686.rpm exiv2-libs-0.27.3-2.el8.x86_64.rpm exiv2-libs-debuginfo-0.27.3-2.el8.i686.rpm exiv2-libs-debuginfo-0.27.3-2.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): aarch64: exiv2-debuginfo-0.27.3-2.el8.aarch64.rpm exiv2-debugsource-0.27.3-2.el8.aarch64.rpm exiv2-devel-0.27.3-2.el8.aarch64.rpm exiv2-libs-debuginfo-0.27.3-2.el8.aarch64.rpm noarch: exiv2-doc-0.27.3-2.el8.noarch.rpm ppc64le: exiv2-debuginfo-0.27.3-2.el8.ppc64le.rpm exiv2-debugsource-0.27.3-2.el8.ppc64le.rpm exiv2-devel-0.27.3-2.el8.ppc64le.rpm exiv2-libs-debuginfo-0.27.3-2.el8.ppc64le.rpm s390x: exiv2-debuginfo-0.27.3-2.el8.s390x.rpm exiv2-debugsource-0.27.3-2.el8.s390x.rpm exiv2-devel-0.27.3-2.el8.s390x.rpm exiv2-libs-debuginfo-0.27.3-2.el8.s390x.rpm x86_64: exiv2-debuginfo-0.27.3-2.el8.i686.rpm exiv2-debuginfo-0.27.3-2.el8.x86_64.rpm exiv2-debugsource-0.27.3-2.el8.i686.rpm exiv2-debugsource-0.27.3-2.el8.x86_64.rpm exiv2-devel-0.27.3-2.el8.i686.rpm exiv2-devel-0.27.3-2.el8.x86_64.rpm exiv2-libs-debuginfo-0.27.3-2.el8.i686.rpm exiv2-libs-debuginfo-0.27.3-2.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-17402 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYKPzIdzjgjWX9erEAQjwig/9EM2mCdcKvnddm/ryFHjzkA6bm3BTMXBh RBxCoxzaCQRK2C9MzJU/xnhaYmVufIszK4dXnvtcv7YVViC9bpwhbP22v8QPPRj7 ZS/2JtsSsRuCfS5JoKQofnCkqpl4jQ5DQmmH1m8P/xZvjg/L0we+sXI8t3NrGlSb CBeiEKZ3g7p4C206SYQU0vsuNJYJZ1wkjTz9zCel6tKxcOux6A6dKK2E078DLwMs zm18OQCb1tGi0uGRdN0tcLBoZYO/LB5PEiijV+aMtfjXcWirQE5WQVkvvNBOKqZY DJ/7Bu9HXXN4OH4GpHduVwN3x+xdREsmvVMxpWW1IkCtST5CPQN9yli4ldWEN+CN 0cdjVBqdk66w3BqGfi5bhxcGO97jCWkw0mVMV1oQAtiBH/MEmLfiCsVHTdNdhhVn X98Q8XNpEgUCw9MaAysoCMCLmyku4SvCKMSNgtUJFXNaOIDzpHY8DxxKILIXf+8B SWY/zgSPTwQXMhyJzewbpeEMs2VN0CyCTKv+5t3Qdjlp0HNeGIv3mtkoDcC32ffW BeBK9wUbjuUztzub15PY5omba2xAYy4G2EjSeioLU8mQXi9FfxvxSaePSIOBRFk8 1i+l0PKUd7iiz27HHoEQTeXsMtK3M0yCxdtopRPXYGZ64edEXIpUNeV1gcGKebuC +PFkDzyK4gA=Vfrz -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 18, 2021
•Low
Red Hat
89
security advisorysecurity issuefedoraFedora: 2022-bc8d56b18f Urgent Exiv2 Memory Leak Resolution
Exiv2 update fixing security issues.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-be94728b95 2021-05-14 21:09:17.379351 --------------------------------------------------------------------------------Name : exiv2 Product : Fedora 33 Version : 0.27.3 Release : 6.fc33 URL : Summary : Exif and Iptc metadata manipulation library Description : A command line utility to access image metadata, allowing one to: * print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag * print the Iptc metadata of Jpeg images * print the Jpeg comment of Jpeg images * set, add and delete Exif and Iptc metadata of Jpeg images * adjust the Exif timestamp (that's how it all started...) * rename Exif image files according to the Exif timestamp * extract, insert and delete Exif metadata (including thumbnails), Iptc metadata and Jpeg comments --------------------------------------------------------------------------------Update Information: Exiv2 update fixing security issues. --------------------------------------------------------------------------------ChangeLog: * Thu Apr 29 2021 Jan Grulich - 0.27.3-6 - CVE-2021-3482: Fix heap-based buffer overflow in Jp2Image::readMetadata() CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata * Tue Jan 26 2021 Fedora Release Engineering - 0.27.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1946315 - CVE-2021-3482 exiv2: heap-based buffer overflow in Jp2Image::readMetadata() in jp2image.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1946315 [ 2 ] Bug #1952608 - CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1952608 [ 3 ] Bug #1952613 - CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1952613 [ 4 ] Bug #1953709 - CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1953709 [ 5 ] Bug #1954066 - CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1954066 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-be94728b95' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 14, 2021
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!