 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.879524 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora: Security Advisory for perl-Image-ExifTool (FEDORA-2021-de850ed71e) |
| Summary: | The remote host is missing an update for the 'perl-Image-ExifTool'; package(s) announced via the FEDORA-2021-de850ed71e advisory. |
| Description: | Summary: The remote host is missing an update for the 'perl-Image-ExifTool' package(s) announced via the FEDORA-2021-de850ed71e advisory. Vulnerability Insight: ExifTool is a Perl module with an included command-line application for reading and writing meta information in image, audio, and video files. It reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, and ID3 meta information from JPG, JP2, TIFF, GIF, PNG, MNG, JNG, MIFF, EPS, PS, AI, PDF, PSD, BMP, THM, CRW, CR2, MRW, NEF, PEF, ORF, DNG, and many other types of images. ExifTool also extracts information from the maker notes of many digital cameras by various manufacturers including Canon, Casio, FujiFilm, GE, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Reconyx, Ricoh, Samsung, Sanyo, Sigma/Foveon, and Sony. Affected Software/OS: 'perl-Image-ExifTool' package(s) on Fedora 34. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-22204 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json Debian Security Information: DSA-4910 (Google Search) https://www.debian.org/security/2021/dsa-4910 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/ http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800 https://hackerone.com/reports/1154542 https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html http://www.openwall.com/lists/oss-security/2021/05/09/1 http://www.openwall.com/lists/oss-security/2021/05/10/5 |
| Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |