Slackware 14.x: 2020-140-02 Critical: Libexif Buffer Overflow
slackware
May 19, 2020
New libexif packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues
Summary
Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libexif-0.6.22-i486-1_slack14.2.txz: Upgraded. This update fixes bugs and security issues: CVE-2018-20030: Fix for recursion DoS CVE-2020-13114: Time consumption DoS when parsing canon array markers CVE-2020-13113: Potential use of uninitialized memory CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes CVE-2020-0093: read overflow CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs CVE-2020-12767: fixed division by zero CVE-2016-6328: fixed integer overflow when parsing maker notes CVE-2017-7544: fixed buffer overread For more information, see: https://www.cve.org/CVERecord?id=CVE-2018-20030 https://www.cve.org/CVERecord?id=CVE-2020-13114 https://www.cve.org/CVERecord?id=CVE-2020-13113 https://www.cve.org/CVERecord?id=CVE-2020-13112
Read the Full Advisory
Topics Covered
Where Find New Packages
Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libexif-0.6.22-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libexif-0.6.22-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libexif-0.6.22-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libexif-0.6.22-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libexif-0.6.22-i486-1_slack14.2.txz
Updated package for S...
MD5 Signatures
Slackware 14.0 package:
2825fe83815e20b929a0985865fbf127 libexif-0.6.22-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
b14ccbf85d034fd0a92daea836a9557c libexif-0.6.22-x86_64-1_slack14.0.txz
Slackware 14.1 package:
3b2d8dff6959aa467313b9377f3ac073 libexif-0.6.22-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
f32b37e892990abef160b9399ec5e909 libexif-0.6.22-x86_64-1_slack14.1.txz
Slackware 14.2 package:
90e72524f13208223b7183a9b2d68d92 libexif-0.6.22-i486-1_slack14.2.txz
Slackware x86_64 14.2 package:
665307c2d16876490afb23e38aa436aa libexif-0.6.22-x86_64-1_slack14.2.txz
Slackware -current package:
9c6c7ac8ca4e0889d60eab857c2135cf l/libexif-0.6.22-i586-1.txz
Slackware x86_64 -current package:
37623fa8c756f7320c9d566cf3ccc932 l/libexif-0.6.22-x86_64-1.txz
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Installation instructions: Upgrade the package as root: # upgradepkg libexif-0.6.22-i486-1_slack14.2.txz
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!