Slackware: 2020-140-02: libexif Security Update

    Date19 May 2020
    Posted ByLinuxSecurity Advisories
    New libexif packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    Hash: SHA1
    [slackware-security]  libexif (SSA:2020-140-02)
    New libexif packages are available for Slackware 14.0, 14.1, 14.2, and -current
    to fix security issues.
    Here are the details from the Slackware 14.2 ChangeLog:
    patches/packages/libexif-0.6.22-i486-1_slack14.2.txz:  Upgraded.
      This update fixes bugs and security issues:
      CVE-2018-20030: Fix for recursion DoS
      CVE-2020-13114: Time consumption DoS when parsing canon array markers
      CVE-2020-13113: Potential use of uninitialized memory
      CVE-2020-13112: Various buffer overread fixes due to integer overflows
                      in maker notes
      CVE-2020-0093:  read overflow
      CVE-2019-9278:  replaced integer overflow checks the compiler could
                      optimize away by safer constructs
      CVE-2020-12767: fixed division by zero
      CVE-2016-6328:  fixed integer overflow when parsing maker notes
      CVE-2017-7544:  fixed buffer overread
      For more information, see:
      (* Security fix *)
    Where to find the new packages:
    Thanks to the friendly folks at the OSU Open Source Lab
    ( for donating FTP and rsync hosting
    to the Slackware project!  :-)
    Also see the "Get Slack" section on for
    additional mirror sites near you.
    Updated package for Slackware 14.0:
    Updated package for Slackware x86_64 14.0:
    Updated package for Slackware 14.1:
    Updated package for Slackware x86_64 14.1:
    Updated package for Slackware 14.2:
    Updated package for Slackware x86_64 14.2:
    Updated package for Slackware -current:
    Updated package for Slackware x86_64 -current:
    MD5 signatures:
    Slackware 14.0 package:
    2825fe83815e20b929a0985865fbf127  libexif-0.6.22-i486-1_slack14.0.txz
    Slackware x86_64 14.0 package:
    b14ccbf85d034fd0a92daea836a9557c  libexif-0.6.22-x86_64-1_slack14.0.txz
    Slackware 14.1 package:
    3b2d8dff6959aa467313b9377f3ac073  libexif-0.6.22-i486-1_slack14.1.txz
    Slackware x86_64 14.1 package:
    f32b37e892990abef160b9399ec5e909  libexif-0.6.22-x86_64-1_slack14.1.txz
    Slackware 14.2 package:
    90e72524f13208223b7183a9b2d68d92  libexif-0.6.22-i486-1_slack14.2.txz
    Slackware x86_64 14.2 package:
    665307c2d16876490afb23e38aa436aa  libexif-0.6.22-x86_64-1_slack14.2.txz
    Slackware -current package:
    9c6c7ac8ca4e0889d60eab857c2135cf  l/libexif-0.6.22-i586-1.txz
    Slackware x86_64 -current package:
    37623fa8c756f7320c9d566cf3ccc932  l/libexif-0.6.22-x86_64-1.txz
    Installation instructions:
    Upgrade the package as root:
    # upgradepkg libexif-0.6.22-i486-1_slack14.2.txz

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.