An update for libexif is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1352 Final 1.0 1.0 2021-09-30 Initial 2021-09-30 2021-09-30 openEuler SA Tool V1.0 2021-09-30 libexif security update An update for libexif is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags. Security Fix(es): An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.(CVE-2020-13112) An update for libexif is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical libexif https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1352 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-13112 https://nvd.nist.gov/vuln/detail/CVE-2020-13112 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 libexif-debugsource-0.6.21-23.oe1.aarch64.rpm libexif-0.6.21-23.oe1.aarch64.rpm libexif-debuginfo-0.6.21-23.oe1.aarch64.rpm libexif-devel-0.6.21-23.oe1.aarch64.rpm libexif-debuginfo-0.6.21-23.oe1.aarch64.rpm libexif-debugsource-0.6.21-23.oe1.aarch64.rpm libexif-0.6.21-23.oe1.aarch64.rpm libexif-devel-0.6.21-23.oe1.aarch64.rpm libexif-help-0.6.21-23.oe1.noarch.rpm libexif-help-0.6.21-23.oe1.noarch.rpm libexif-0.6.21-23.oe1.src.rpm libexif-0.6.21-23.oe1.src.rpm libexif-debugsource-0.6.21-23.oe1.x86_64.rpm libexif-devel-0.6.21-23.oe1.x86_64.rpm libexif-debuginfo-0.6.21-23.oe1.x86_64.rpm libexif-0.6.21-23.oe1.x86_64.rpm libexif-debugsource-0.6.21-23.oe1.x86_64.rpm libexif-debuginfo-0.6.21-23.oe1.x86_64.rpm libexif-0.6.21-23.oe1.x86_64.rpm libexif-devel-0.6.21-23.oe1.x86_64.rpm An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. 2021-09-30 CVE-2020-13112 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H libexif security update 2021-09-30 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1352