ALAS-2020-1393


Amazon Linux AMI Security Advisory: ALAS-2020-1393
Advisory Release Date: 2020-07-14 01:51 Pacific
Advisory Updated Date: 2020-07-15 17:31 Pacific
Severity: Medium
References: CVE-2020-13112 

Issue Overview:

An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093 . (CVE-2020-13112 )


Affected Packages:

libexif


Issue Correction:
Run yum update libexif to update your system.

New Packages:
i686:
    libexif-debuginfo-0.6.21-6.7.amzn1.i686
    libexif-devel-0.6.21-6.7.amzn1.i686
    libexif-0.6.21-6.7.amzn1.i686

src:
    libexif-0.6.21-6.7.amzn1.src

x86_64:
    libexif-devel-0.6.21-6.7.amzn1.x86_64
    libexif-0.6.21-6.7.amzn1.x86_64
    libexif-debuginfo-0.6.21-6.7.amzn1.x86_64