Red Hat Product Errata RHSA-2026:20929 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20929 - Security Advisory Overview Updated Packages Synopsis Moderate: libexif security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libexif is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libexif packages provide a library for extracting extra information from image files. Security Fix(es): libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling (CVE-2026-40385) libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding (CVE-2026-40386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for x86_64 8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le Red Hat CodeReady Linux Builder for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2457687 - CVE-2026-40385 libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling BZ - 2457689 - CVE-2026-40386 libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding CVEs CVE-2026-40385 CVE-2026-40386 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5 x86_64 libexif-0.6.22-6.el8_10.i686.rpm SHA-256: 3407041262865c1a224bf1914643cc08d30123428841ac02c86992720ed9524c libexif-0.6.22-6.el8_10.x86_64.rpm SHA-256: 61462d100abb3495bf7804f2541b376298530e5d5c8e1e534686c2e6637e8365 libexif-debuginfo-0.6.22-6.el8_10.i686.rpm SHA-256: 4c40f6f8bf85f19e3f93d86b1c7deafb23aec6e41064fbc597cea1cc7bcab0e4 libexif-debuginfo-0.6.22-6.el8_10.x86_64.rpm SHA-256: 32aba06008c6ca4d8949f95e73a9a98abf59c05d5cfe2c209394be02f8287385 libexif-debugsource-0.6.22-6.el8_10.i686.rpm SHA-256: 5e4b2c2638b93a43c2548f001af32f769f0563b1c56b02bab3b38bba93e6e2a0 libexif-debugsource-0.6.22-6.el8_10.x86_64.rpm SHA-256: fc214ffcb33f8e978dfff6f8eb2d65dc503e272289f594cafc7ff263729aeb73 Red Hat Enterprise Linux for IBM z Systems 8 SRPM libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5 s390x libexif-0.6.22-6.el8_10.s390x.rpm SHA-256: 2dc570d14e5b293b15e20d3c2f70d3c75b809a61a6f1a6f3a3238b601c367ec9 libexif-debuginfo-0.6.22-6.el8_10.s390x.rpm SHA-256: 2b12bdcc600b6aa2ac5ed885c49f6e4c0fa7da9cdedc7a3d58668fff90f0d9c5 libexif-debugsource-0.6.22-6.el8_10.s390x.rpm SHA-256: c8d387ea4fa8a83d51be303217aa92bb69ae9df36f8f0858e96eb34393e812b6 Red Hat Enterprise Linux for Power, little endian 8 SRPM libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5 ppc64le libexif-0.6.22-6.el8_10.ppc64le.rpm SHA-256: 368313e8cdac4f09acc9216903051e0e2078ebbaaa84420dda6fd1b7a8823d5f libexif-debuginfo-0.6.22-6.el8_10.ppc64le.rpm SHA-256: f29614e9f1e4fab7bf9113dbc29edfc02479979a3987f6ff3b46b88860ee83b8 libexif-debugsource-0.6.22-6.el8_10.ppc64le.rpm SHA-256: 7f0dd64537f5fbfd165fa08158d132fa4dd41972e20871aff6f6f8d4a51aef5a Red Hat Enterprise Linux for ARM 64 8 SRPM libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5 aarch64 libexif-0.6.22-6.el8_10.aarch64.rpm SHA-256: eb4f510c9b8f697809c33b2ab3dc5912ef7a0e4ffc9af87331b7ab789e06cc91 libexif-debuginfo-0.6.22-6.el8_10.aarch64.rpm SHA-256: 957cb269e9a4ad46d5ad16528fe55a7016458172c0bc54249ff9e42f2b216ea6 libexif-debugsource-0.6.22-6.el8_10.aarch64.rpm SHA-256: 792d16fa3c708118d7ab462f3198b0ff013fd603b288209b8cee485c68c66720 Red Hat CodeReady Linux Builder for x86_64 8 SRPM x86_64 libexif-debuginfo-0.6.22-6.el8_10.i686.rpm SHA-256: 4c40f6f8bf85f19e3f93d86b1c7deafb23aec6e41064fbc597cea1cc7bcab0e4 libexif-debuginfo-0.6.22-6.el8_10.x86_64.rpm SHA-256: 32aba06008c6ca4d8949f95e73a9a98abf59c05d5cfe2c209394be02f8287385 libexif-debugsource-0.6.22-6.el8_10.i686.rpm SHA-256: 5e4b2c2638b93a43c2548f001af32f769f0563b1c56b02bab3b38bba93e6e2a0 libexif-debugsource-0.6.22-6.el8_10.x86_64.rpm SHA-256: fc214ffcb33f8e978dfff6f8eb2d65dc503e272289f594cafc7ff263729aeb73 libexif-devel-0.6.22-6.el8_10.i686.rpm SHA-256: b3f21e4445749f9df8abaa2c4b8d3813ebb0c9dd9b3cacd4c0e51a971637dd21 libexif-devel-0.6.22-6.el8_10.x86_64.rpm SHA-256: e87fd9fb8975d9a55928bf6ec6283046577e7961f76a41c63aac2390400127a1 Red Hat CodeReady Linux Builder for Power, little endian 8 SRPM ppc64le libexif-debuginfo-0.6.22-6.el8_10.ppc64le.rpm SHA-256: f29614e9f1e4fab7bf9113dbc29edfc02479979a3987f6ff3b46b88860ee83b8 libexif-debugsource-0.6.22-6.el8_10.ppc64le.rpm SHA-256: 7f0dd64537f5fbfd165fa08158d132fa4dd41972e20871aff6f6f8d4a51aef5a libexif-devel-0.6.22-6.el8_10.ppc64le.rpm SHA-256: dfaf2949269ece85d9281bd62c4055a7c3487a0e7bad56e68f2c34af74e008b4 Red Hat CodeReady Linux Builder for ARM 64 8 SRPM aarch64 libexif-debuginfo-0.6.22-6.el8_10.aarch64.rpm SHA-256: 957cb269e9a4ad46d5ad16528fe55a7016458172c0bc54249ff9e42f2b216ea6 libexif-debugsource-0.6.22-6.el8_10.aarch64.rpm SHA-256: 792d16fa3c708118d7ab462f3198b0ff013fd603b288209b8cee485c68c66720 libexif-devel-0.6.22-6.el8_10.aarch64.rpm SHA-256: 871c1af84ee86302344c013b4028b828d7f9352710425fd598a6c5b1fe2294c2 Red Hat CodeReady Linux Builder for IBM z Systems 8 SRPM s390x libexif-debuginfo-0.6.22-6.el8_10.s390x.rpm SHA-256: 2b12bdcc600b6aa2ac5ed885c49f6e4c0fa7da9cdedc7a3d58668fff90f0d9c5 libexif-debugsource-0.6.22-6.el8_10.s390x.rpm SHA-256: c8d387ea4fa8a83d51be303217aa92bb69ae9df36f8f0858e96eb34393e812b6 libexif-devel-0.6.22-6.el8_10.s390x.rpm SHA-256: e3a8ff57120d1ca700534e23399be059643285d56ae438c5bf7ea494cc736c15 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 SRPM libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5 x86_64 libexif-0.6.22-6.el8_10.i686.rpm SHA-256: 3407041262865c1a224bf1914643cc08d30123428841ac02c86992720ed9524c libexif-0.6.22-6.el8_10.x86_64.rpm SHA-256: 61462d100abb3495bf7804f2541b376298530e5d5c8e1e534686c2e6637e8365 libexif-debuginfo-0.6.22-6.el8_10.i686.rpm SHA-256: 4c40f6f8bf85f19e3f93d86b1c7deafb23aec6e41064fbc597cea1cc7bcab0e4 libexif-debuginfo-0.6.22-6.el8_10.x86_64.rpm SHA-256: 32aba06008c6ca4d8949f95e73a9a98abf59c05d5cfe2c209394be02f8287385 libexif-debugsource-0.6.22-6.el8_10.i686.rpm SHA-256: 5e4b2c2638b93a43c2548f001af32f769f0563b1c56b02bab3b38bba93e6e2a0 libexif-debugsource-0.6.22-6.el8_10.x86_64.rpm SHA-256: fc214ffcb33f8e978dfff6f8eb2d65dc503e272289f594cafc7ff263729aeb73 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 SRPM libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5 aarch64 libexif-0.6.22-6.el8_10.aarch64.rpm SHA-256: eb4f510c9b8f697809c33b2ab3dc5912ef7a0e4ffc9af87331b7ab789e06cc91 libexif-debuginfo-0.6.22-6.el8_10.aarch64.rpm SHA-256: 957cb269e9a4ad46d5ad16528fe55a7016458172c0bc54249ff9e42f2b216ea6 libexif-debugsource-0.6.22-6.el8_10.aarch64.rpm SHA-256: 792d16fa3c708118d7ab462f3198b0ff013fd603b288209b8cee485c68c66720 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 SRPM libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5 ppc64le libexif-0.6.22-6.el8_10.ppc64le.rpm SHA-256: 368313e8cdac4f09acc9216903051e0e2078ebbaaa84420dda6fd1b7a8823d5f libexif-debuginfo-0.6.22-6.el8_10.ppc64le.rpm SHA-256: f29614e9f1e4fab7bf9113dbc29edfc02479979a3987f6ff3b46b88860ee83b8 libexif-debugsource-0.6.22-6.el8_10.ppc64le.rpm SHA-256: 7f0dd64537f5fbfd165fa08158d132fa4dd41972e20871aff6f6f8d4a51aef5a Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 SRPM libexif-0.6.22-6.el8_10.src.rpm SHA-256: d2cb45e2f2162bcbbea497826d387472dcc18205e9cd67865dbe373855c00bf5 s390x libexif-0.6.22-6.el8_10.s390x.rpm SHA-256: 2dc570d14e5b293b15e20d3c2f70d3c75b809a61a6f1a6f3a3238b601c367ec9 libexif-debuginfo-0.6.22-6.el8_10.s390x.rpm SHA-256: 2b12bdcc600b6aa2ac5ed885c49f6e4c0fa7da9cdedc7a3d58668fff90f0d9c5 libexif-debugsource-0.6.22-6.el8_10.s390x.rpm SHA-256: c8d387ea4fa8a83d51be303217aa92bb69ae9df36f8f0858e96eb34393e812b6 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .