Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2021:4319: Red Hat Security Advisory: compat-exiv2-026 security update

An update for compat-exiv2-026 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fix(es):

  • exiv2: Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS (CVE-2021-31292)
  • exiv2: Out-of-bounds read in Exiv2::Jp2Image::printStructure (CVE-2021-37618)
  • exiv2: Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header (CVE-2021-37619) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. Related CVEs:
  • CVE-2021-31292: exiv2: Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS
  • CVE-2021-37618: exiv2: Out-of-bounds read in Exiv2::Jp2Image::printStructure
  • CVE-2021-37619: exiv2: Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
Red Hat Security Data
#vulnerability#linux#red_hat

Related news

RHSA-2021:4235: Red Hat Security Advisory: jasper security update

An update for jasper is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es): * jasper: Heap-based buffer overflow in cp_create() in jpc_enc.c (CVE-2020-27828) * jasper: Heap-based buffer over-read in jp2_decode() in jp2_dec.c (CVE-2021-3272) * jasper: Out of bounds read in jp2_decode() in jp2_dec.c (CVE-2021-26926) * jasper: NULL pointer dereference in jp2_decode() in jp2_dec.c (CVE-2021-26927) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on cha...

RHSA-2021:4201: Red Hat Security Advisory: babel security and bug fix update

An update for babel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Babel provides tools to build and work with gettext message catalogs, and a Python interface to the CLDR (Common Locale Data Repository), providing access to various locale display names, localized number and date formatting, etc. Security Fix(es): * python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see t...

RHSA-2021:4519: Red Hat Security Advisory: autotrace security update

An update for autotrace is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.AutoTrace is a program for converting bitmaps to vector graphics. Security Fix(es): * autotrace: bitmap double free in main.c allows attackers to cause an unspecified impact (CVE-2019-19005) * autotrace: integer overflow in input-bmp.c (CVE-2019-19004) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. Related CVEs: * CVE-2019-19004: autotrace: integer overfl...

RHSA-2021:4173: Red Hat Security Advisory: exiv2 security, bug fix, and enhancement update

An update for exiv2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. The following packages have been upgraded to a later upstream version: exiv2 (0.27.4). (BZ#1989860) Security Fix(es): * exiv2: Heap-based buffer overflow in Jp2Image::readMetadata() (CVE-2021-3482) * exiv2: Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata (CVE-2021-29457) * exiv2: Out-of-bounds read in Exiv2::Internal::CrwMap::encode (CVE-2021-29458) * exiv2: Heap-based buffer overflow in Exiv2...

RHSA-2021:4373: Red Hat Security Advisory: pcre security update

An update for pcre is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.PCRE is a Perl-compatible regular expression library. Security Fix(es): * pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 (CVE-2019-20838) * pcre: Integer overflow when parsing callout numeric arguments (CVE-2020-14155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. Related CVEs: * CVE-2019-20838: pcre: Buffer ov...

RHSA-2021:4251: Red Hat Security Advisory: openjpeg2 security update

An update for openjpeg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. The following packages have been upgraded to a later upstream version: openjpeg2 (2.4.0). Security Fix(es): * openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor (CVE-2020-15389) * openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS (CVE-2020-27814) * openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode() (CVE-2020-27823) * openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575) * openjpeg: integer overflow i...

RHSA-2021:4382: Red Hat Security Advisory: json-c security and bug fix update

An update for json-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.JSON-C implements a reference counting object model that allows users to easily construct JavaScript Object Notation (JSON) objects in C, output them as JSON formatted strings, and parse JSON formatted strings back into the C representation of JSON objects. Security Fix(es): * json-c: integer overflow and out-of-bounds write via a large JSON file (CVE-2020-12762) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8...