Amazon Linux 1 Security Advisory: ALAS-2020-1393
Advisory Release Date: 2020-07-14 01:51 Pacific
Advisory Updated Date: 2020-07-15 17:31 Pacific
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. (CVE-2020-13112)
Affected Packages:
libexif
Issue Correction:
Run yum update libexif to update your system.
i686:
libexif-debuginfo-0.6.21-6.7.amzn1.i686
libexif-devel-0.6.21-6.7.amzn1.i686
libexif-0.6.21-6.7.amzn1.i686
src:
libexif-0.6.21-6.7.amzn1.src
x86_64:
libexif-devel-0.6.21-6.7.amzn1.x86_64
libexif-0.6.21-6.7.amzn1.x86_64
libexif-debuginfo-0.6.21-6.7.amzn1.x86_64