compat-exiv2-026-0.26-7.el8

エラータID: AXSA:2022-3455:01

Release date: 
Thursday, July 7, 2022 - 06:00
Subject: 
compat-exiv2-026-0.26-7.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats.

Security Fix(es):

* exiv2: stack exhaustion issue in the printIFDStructure function may lead to DoS (CVE-2020-18898)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.6 Release Notes linked from the References section.

CVE-2020-18898
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.

Solution: 

Update packages.

CVEs: 
CVE-2020-18898
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.
Additional Info: 

N/A

Download: 

SRPMS
  1. compat-exiv2-026-0.26-7.el8.src.rpm
    MD5: c220f1a4d95e8b7d69aeccf8a30f7f8c
    SHA-256: 14efd28f1edec898bd48498d5021357978a6c8b0a92cccf64a5570b76cc3dd8c
    Size: 25.67 MB

Asianux Server 8 for x86_64
  1. compat-exiv2-026-0.26-7.el8.x86_64.rpm
    MD5: 97a799c643b57f52d461defe02098a9f
    SHA-256: 87281544211fa1ac7da3205a11221aa8aa460d37a7e496a4297cdd38497918b2
    Size: 888.07 kB
  2. compat-exiv2-026-0.26-7.el8.i686.rpm
    MD5: ec54755a5548ef421c047fb175c673be
    SHA-256: dbd9a8c7f1bffa772c20e0896bdb7dacad2fdf32e753e859bac2742ad65a2c4c
    Size: 925.82 kB