Amazon Linux 2 Security Advisory: ALAS-2020-1443
Advisory Release Date: 2020-06-26 22:52 Pacific
Advisory Updated Date: 2020-07-01 00:02 Pacific
Severity:
Medium
Issue Overview:
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. (CVE-2020-13112)
Affected Packages:
libexif
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update libexif to update your system.
New Packages:
aarch64:
libexif-0.6.21-7.amzn2.aarch64
libexif-devel-0.6.21-7.amzn2.aarch64
libexif-doc-0.6.21-7.amzn2.aarch64
libexif-debuginfo-0.6.21-7.amzn2.aarch64
i686:
libexif-0.6.21-7.amzn2.i686
libexif-devel-0.6.21-7.amzn2.i686
libexif-doc-0.6.21-7.amzn2.i686
libexif-debuginfo-0.6.21-7.amzn2.i686
src:
libexif-0.6.21-7.amzn2.src
x86_64:
libexif-0.6.21-7.amzn2.x86_64
libexif-devel-0.6.21-7.amzn2.x86_64
libexif-doc-0.6.21-7.amzn2.x86_64
libexif-debuginfo-0.6.21-7.amzn2.x86_64