Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 87 articles for you...
217

Oracle Linux 10 libexif Moderate Integer Underflow Vuln ELSA-2026-22529

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-22529 http://linux.oracle.com/errata/ELSA-2026-22529.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: libexif-0.6.24-9.el10_2.1.x86_64.rpm libexif-devel-0.6.24-9.el10_2.1.x86_64.rpm libexif-doc-0.6.24-9.el10_2.1.x86_64.rpm aarch64: libexif-0.6.24-9.el10_2.1.aarch64.rpm libexif-devel-0.6.24-9.el10_2.1.aarch64.rpm libexif-doc-0.6.24-9.el10_2.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/libexif-0.6.24-9.el10_2.1.src.rpm Related CVEs: CVE-2026-40386 Description of changes: [0.6.24-9.1] - Fix integer underflow in MakerNote decoding (CVE-2026-40386) Resolves: RHEL-170240 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updated Oracle Linux 10 packages address moderate issues in libexif including integer underflow vulnerability.. Oracle Linux, libexif, integer underflow, security patch, advisory. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 17, 2026 moderate Oracle
172

Ubuntu 26.04 libexif Important DoS Vulnerabilities USN-8531-1

Several security issues were fixed in libexif.. ========================================================================== Ubuntu Security Notice USN-8531-1 July 13, 2026 libexif vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in libexif. Software Description: - libexif: library to parse EXIF files Details: It was discovered that libexif had an integer overflow in its MakerNote decoder when called with a zero-length buffer. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-32775) It was discovered that libexif had an integer overflow in its Nikon MakerNote handler on 32-bit systems. A local attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-40385) It was discovered that libexif had an integer underflow in its size checking for Fuji and Olympus MakerNote decoding. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-40386) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libexif12 0.6.25-2ubuntu0.1 Ubuntu 24.04 LTS libexif12 0.6.24-1ubuntu0.24.04.1 Ubuntu 22.04 LTS libexif12 0.6.24-1ubuntu0.22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8531-1 CVE-2026-32775, CVE-2026-40385, CVE-2026-40386 Package Information: https://launchpad.net/ubuntu/+source/libexif/0.6.25-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libexif/0.6.24-1ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/libexif/0.6.24-1ubuntu0.22.04.1 . Multiple security issues in libexif for Ubunturequire immediate updates to prevent potential attacks.. libexif security, Ubuntu update, software vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Important Ubuntu
217

Oracle Linux 7 libexif Moderate Fix ELSA-2026-26567 with CVE-2026-40385

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-26567 http://linux.oracle.com/errata/ELSA-2026-26567.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: libexif-0.6.22-2.0.1.el7_9.i686.rpm libexif-0.6.22-2.0.1.el7_9.x86_64.rpm libexif-devel-0.6.22-2.0.1.el7_9.i686.rpm libexif-devel-0.6.22-2.0.1.el7_9.x86_64.rpm libexif-doc-0.6.22-2.0.1.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/libexif-0.6.22-2.0.1.el7_9.src.rpm Related CVEs: CVE-2026-40385 CVE-2026-40386 Description of changes: [0.6.22-2.0.1] - Backport fix for CVE-2026-40386 [Orabug: 39574457] - Backport fix for CVE-2026-40385 [Orabug: 39574457] _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updates for Oracle Linux 7 including fixes for libexif vulnerabilities CVE-2026-40385 and CVE-2026-40386 have been released.. Oracle Linux updates, libexif security fixes, moderate vulnerabilities. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 moderate Oracle
100

SUSE libexif Moderate Info Disclosure and DoS Issue SUSE-SU-2026-2838-1

An update that solves three vulnerabilities can now be installed.. # Security update for libexif Announcement ID: SUSE-SU-2026:2838-1 Release Date: 2026-07-10T08:02:27Z Rating: moderate References: * bsc#1259755 * bsc#1262000 * bsc#1262001 Cross-References: * CVE-2026-32775 * CVE-2026-40385 * CVE-2026-40386 CVSS scores: * CVE-2026-32775 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-32775 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-32775 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32775 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40385 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-40385 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-40385 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-40386 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-40386 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-40386 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for libexif fixes the following issues * CVE-2026-40385: Fixed information disclosure and crashes via integer overflow in Nikon MakerNote handling (bsc#1262000) * CVE-2026-40386: Fixed denial of service and information disclosure via integer underflow in MakerNote decoding (bsc#1262001) * CVE-2026-32775: Fixed Buffer overwrite via integer underflow in MakerNotes decoding (bsc#1259755) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listedfor your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2838=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libexif-debugsource-0.6.22-8.16.1 * libexif12-debuginfo-0.6.22-8.16.1 * libexif12-debuginfo-32bit-0.6.22-8.16.1 * libexif-devel-0.6.22-8.16.1 * libexif12-32bit-0.6.22-8.16.1 * libexif12-0.6.22-8.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32775.html * https://www.suse.com/security/cve/CVE-2026-40385.html * https://www.suse.com/security/cve/CVE-2026-40386.html * https://bugzilla.suse.com/show_bug.cgi?id=1259755 * https://bugzilla.suse.com/show_bug.cgi?id=1262000 * https://bugzilla.suse.com/show_bug.cgi?id=1262001 . SUSE update resolves multiple issues in libexif addressing information disclosure and denial of service vulnerabilities.. SUSE Updates, libexif Security, Information Disclosure, Denial of Service, Linux Updates. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 moderate SuSE
100

SUSE libexif Moderate Information Leak Service Disruption 2026-22324-1

An update that solves three vulnerabilities can now be installed.. # Security update for libexif Announcement ID: SUSE-SU-2026:22324-1 Release Date: 2026-06-22T14:30:37Z Rating: moderate References: * bsc#1259755 * bsc#1262000 * bsc#1262001 Cross-References: * CVE-2026-32775 * CVE-2026-40385 * CVE-2026-40386 CVSS scores: * CVE-2026-32775 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-32775 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-32775 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32775 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40385 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-40385 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-40385 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-40386 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-40386 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-40386 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for libexif fixes the following issues * CVE-2026-32775: Buffer overwrite via integer underflow in MakerNotes decoding (bsc#1259755). * CVE-2026-40385: information disclosure and crashes via integer overflow in Nikon MakerNote handling (bsc#1262000). * CVE-2026-40386: denial of service and information disclosure via integer underflow in MakerNote decoding (bsc#1262001). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-1035=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-1035=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libexif12-debuginfo-0.6.26-160000.1.1 * libexif12-0.6.26-160000.1.1 * libexif-debugsource-0.6.26-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libexif12-debuginfo-0.6.26-160000.1.1 * libexif12-0.6.26-160000.1.1 * libexif-debugsource-0.6.26-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32775.html * https://www.suse.com/security/cve/CVE-2026-40385.html * https://www.suse.com/security/cve/CVE-2026-40386.html * https://bugzilla.suse.com/show_bug.cgi?id=1259755 * https://bugzilla.suse.com/show_bug.cgi?id=1262000 * https://bugzilla.suse.com/show_bug.cgi?id=1262001 . Addressing three key security issues in libexif with this moderate update, enhancing system stability and safety.. SUSE, libexif, security update, information disclosure, denial of service. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 moderate SuSE
217

Oracle Linux 9 libexif Moderate Integer Issues Advisory ELSA-2026-22553

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-22553 http://linux.oracle.com/errata/ELSA-2026-22553.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libexif-0.6.22-6.el9_8.1.i686.rpm libexif-0.6.22-6.el9_8.1.x86_64.rpm libexif-devel-0.6.22-6.el9_8.1.i686.rpm libexif-devel-0.6.22-6.el9_8.1.x86_64.rpm aarch64: libexif-0.6.22-6.el9_8.1.aarch64.rpm libexif-devel-0.6.22-6.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/libexif-0.6.22-6.el9_8.1.src.rpm Related CVEs: CVE-2026-40385 CVE-2026-40386 Description of changes: [0.6.22-6.1] - Fix integer underflow in MakerNote decoding (CVE-2026-40386) - Fix integer overflow in Nikon MakerNote handling (CVE-2026-40385) Resolves: RHEL-170253, RHEL-170234 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 9 updates address moderate vulnerabilities in libexif, fixing integer issues. Stay patched for security!. Oracle Linux 9, libexif updates, moderate vulnerabilities, security advisory, integer underflow fix. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 moderate Oracle
217

Oracle Linux 8 ELSA-2026-20929 libexif Moderate Fix Integer Issues

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-20929 http://linux.oracle.com/errata/ELSA-2026-20929.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libexif-0.6.22-6.el8_10.i686.rpm libexif-0.6.22-6.el8_10.x86_64.rpm libexif-devel-0.6.22-6.el8_10.i686.rpm libexif-devel-0.6.22-6.el8_10.x86_64.rpm aarch64: libexif-0.6.22-6.el8_10.aarch64.rpm libexif-devel-0.6.22-6.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/libexif-0.6.22-6.el8_10.src.rpm Related CVEs: CVE-2026-40385 CVE-2026-40386 Description of changes: [0.6.22-6] - Fix integer underflow in MakerNote decoding (CVE-2026-40386) - Fix integer overflow in Nikon MakerNote handling (CVE-2026-40385) Resolves: RHEL-170243, RHEL-170220 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Advisory ELSA-2026-20929 informs on libexif updates addressing critical integer underflow issues.. Oracle Linux, libexif updates, security patch, integer underflow. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 May 29, 2026 moderate Oracle
203

Mageia 9 libexif Important Integer Underflow Risks MGASA-2026-0112

MGASA-2026-0112 - Updated libexif packages fix security vulnerabilities. MGASA-2026-0112 - Updated libexif packages fix security vulnerabilities Publication date: 07 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0112.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-32775, CVE-2026-40385, CVE-2026-40386 Description: CVE-2026-32775: libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. CVE-2026-40385: In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. CVE-2026-40386: In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs. References: - https://bugs.mageia.org/show_bug.cgi?id=35368 - http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.368011 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32775 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40385 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40386 SRPMS: - 9/core/libexif-0.6.26-1.mga9 . Updated libexif packages for Mageia address critical security threats with integer underflow and crashes.. Mageia security advisory, libexif vulnerabilities, information leak risks, integer underflow prevention. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 07, 2026 Important Mageia
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200