ALSA-2021:1758

[ALSA-2021:1758] Low: exiv2 security, bug fix, and enhancement update

Type:

security

Severity:

low

Release date:

2021-08-11

Description:

The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments.

The following packages have been upgraded to a later upstream version: exiv2 (0.27.3). (BZ#1880984)

Security Fix(es):

* exiv2: out-of-bounds read in CiffDirectory::readDirectory due to lack of size check (CVE-2019-17402)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

CVE-2019-17402

Updated packages listed below:

Architecture	Package	Checksum
i686	exiv2-devel-0.27.3-2.el8.i686.rpm	8e618524117a0f18661529904ff4c8d7815847a571cc52d8ff918989d148cb1f
noarch	exiv2-doc-0.27.3-2.el8.noarch.rpm	e16cc0ae939168e40f19bd7a96479634fd0ad40b7d04c72fbf81dc9d19989b8c
x86_64	exiv2-devel-0.27.3-2.el8.x86_64.rpm	2fcb62622ab94828cb7fa8f55feeea093006e965f73c6563f671d7b197718b07

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.