Slackware: 2020-140-02: libexif Security Update

    Date19 May 2020
    56
    Posted ByLinuxSecurity Advisories
    New libexif packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    [slackware-security]  libexif (SSA:2020-140-02)
    
    New libexif packages are available for Slackware 14.0, 14.1, 14.2, and -current
    to fix security issues.
    
    
    Here are the details from the Slackware 14.2 ChangeLog:
    +--------------------------+
    patches/packages/libexif-0.6.22-i486-1_slack14.2.txz:  Upgraded.
      This update fixes bugs and security issues:
      CVE-2018-20030: Fix for recursion DoS
      CVE-2020-13114: Time consumption DoS when parsing canon array markers
      CVE-2020-13113: Potential use of uninitialized memory
      CVE-2020-13112: Various buffer overread fixes due to integer overflows
                      in maker notes
      CVE-2020-0093:  read overflow
      CVE-2019-9278:  replaced integer overflow checks the compiler could
                      optimize away by safer constructs
      CVE-2020-12767: fixed division by zero
      CVE-2016-6328:  fixed integer overflow when parsing maker notes
      CVE-2017-7544:  fixed buffer overread
      For more information, see:
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544
      (* Security fix *)
    +--------------------------+
    
    
    Where to find the new packages:
    +-----------------------------+
    
    Thanks to the friendly folks at the OSU Open Source Lab
    (https://osuosl.org) for donating FTP and rsync hosting
    to the Slackware project!  :-)
    
    Also see the "Get Slack" section on https://slackware.com for
    additional mirror sites near you.
    
    Updated package for Slackware 14.0:
    ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libexif-0.6.22-i486-1_slack14.0.txz
    
    Updated package for Slackware x86_64 14.0:
    ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libexif-0.6.22-x86_64-1_slack14.0.txz
    
    Updated package for Slackware 14.1:
    ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libexif-0.6.22-i486-1_slack14.1.txz
    
    Updated package for Slackware x86_64 14.1:
    ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libexif-0.6.22-x86_64-1_slack14.1.txz
    
    Updated package for Slackware 14.2:
    ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libexif-0.6.22-i486-1_slack14.2.txz
    
    Updated package for Slackware x86_64 14.2:
    ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libexif-0.6.22-x86_64-1_slack14.2.txz
    
    Updated package for Slackware -current:
    ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libexif-0.6.22-i586-1.txz
    
    Updated package for Slackware x86_64 -current:
    ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libexif-0.6.22-x86_64-1.txz
    
    
    MD5 signatures:
    +-------------+
    
    Slackware 14.0 package:
    2825fe83815e20b929a0985865fbf127  libexif-0.6.22-i486-1_slack14.0.txz
    
    Slackware x86_64 14.0 package:
    b14ccbf85d034fd0a92daea836a9557c  libexif-0.6.22-x86_64-1_slack14.0.txz
    
    Slackware 14.1 package:
    3b2d8dff6959aa467313b9377f3ac073  libexif-0.6.22-i486-1_slack14.1.txz
    
    Slackware x86_64 14.1 package:
    f32b37e892990abef160b9399ec5e909  libexif-0.6.22-x86_64-1_slack14.1.txz
    
    Slackware 14.2 package:
    90e72524f13208223b7183a9b2d68d92  libexif-0.6.22-i486-1_slack14.2.txz
    
    Slackware x86_64 14.2 package:
    665307c2d16876490afb23e38aa436aa  libexif-0.6.22-x86_64-1_slack14.2.txz
    
    Slackware -current package:
    9c6c7ac8ca4e0889d60eab857c2135cf  l/libexif-0.6.22-i586-1.txz
    
    Slackware x86_64 -current package:
    37623fa8c756f7320c9d566cf3ccc932  l/libexif-0.6.22-x86_64-1.txz
    
    
    Installation instructions:
    +------------------------+
    
    Upgrade the package as root:
    # upgradepkg libexif-0.6.22-i486-1_slack14.2.txz
    
    
    +-----+
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.