ALAS-2020-1393

Amazon Linux 1 Security Advisory: ALAS-2020-1393
Advisory Release Date: 2020-07-14 01:51 Pacific
Advisory Updated Date: 2020-07-15 17:31 Pacific

Severity: Medium

References: CVE-2020-13112
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. (CVE-2020-13112)

Affected Packages:

libexif

Issue Correction:
Run yum update libexif to update your system.

New Packages:

i686:
    libexif-debuginfo-0.6.21-6.7.amzn1.i686
    libexif-devel-0.6.21-6.7.amzn1.i686
    libexif-0.6.21-6.7.amzn1.i686

src:
    libexif-0.6.21-6.7.amzn1.src

x86_64:
    libexif-devel-0.6.21-6.7.amzn1.x86_64
    libexif-0.6.21-6.7.amzn1.x86_64
    libexif-debuginfo-0.6.21-6.7.amzn1.x86_64

Additional References

Red Hat: CVE-2020-13112

Mitre: CVE-2020-13112