Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-22529 http://linux.oracle.com/errata/ELSA-2026-22529.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: libexif-0.6.24-9.el10_2.1.x86_64.rpm libexif-devel-0.6.24-9.el10_2.1.x86_64.rpm libexif-doc-0.6.24-9.el10_2.1.x86_64.rpm aarch64: libexif-0.6.24-9.el10_2.1.aarch64.rpm libexif-devel-0.6.24-9.el10_2.1.aarch64.rpm libexif-doc-0.6.24-9.el10_2.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/libexif-0.6.24-9.el10_2.1.src.rpm Related CVEs: CVE-2026-40386 Description of changes: [0.6.24-9.1] - Fix integer underflow in MakerNote decoding (CVE-2026-40386) Resolves: RHEL-170240 _______________________________________________ El-errata mailing list
Several security issues were fixed in libexif.. ========================================================================== Ubuntu Security Notice USN-8531-1 July 13, 2026 libexif vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in libexif. Software Description: - libexif: library to parse EXIF files Details: It was discovered that libexif had an integer overflow in its MakerNote decoder when called with a zero-length buffer. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-32775) It was discovered that libexif had an integer overflow in its Nikon MakerNote handler on 32-bit systems. A local attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-40385) It was discovered that libexif had an integer underflow in its size checking for Fuji and Olympus MakerNote decoding. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-40386) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libexif12 0.6.25-2ubuntu0.1 Ubuntu 24.04 LTS libexif12 0.6.24-1ubuntu0.24.04.1 Ubuntu 22.04 LTS libexif12 0.6.24-1ubuntu0.22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8531-1 CVE-2026-32775, CVE-2026-40385, CVE-2026-40386 Package Information: https://launchpad.net/ubuntu/+source/libexif/0.6.25-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libexif/0.6.24-1ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/libexif/0.6.24-1ubuntu0.22.04.1 . Multiple security issues in libexif for Ubunturequire immediate updates to prevent potential attacks.. libexif security, Ubuntu update, software vulnerabilities. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-26567 http://linux.oracle.com/errata/ELSA-2026-26567.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: libexif-0.6.22-2.0.1.el7_9.i686.rpm libexif-0.6.22-2.0.1.el7_9.x86_64.rpm libexif-devel-0.6.22-2.0.1.el7_9.i686.rpm libexif-devel-0.6.22-2.0.1.el7_9.x86_64.rpm libexif-doc-0.6.22-2.0.1.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/libexif-0.6.22-2.0.1.el7_9.src.rpm Related CVEs: CVE-2026-40385 CVE-2026-40386 Description of changes: [0.6.22-2.0.1] - Backport fix for CVE-2026-40386 [Orabug: 39574457] - Backport fix for CVE-2026-40385 [Orabug: 39574457] _______________________________________________ El-errata mailing list
An update that solves three vulnerabilities can now be installed.. # Security update for libexif Announcement ID: SUSE-SU-2026:2838-1 Release Date: 2026-07-10T08:02:27Z Rating: moderate References: * bsc#1259755 * bsc#1262000 * bsc#1262001 Cross-References: * CVE-2026-32775 * CVE-2026-40385 * CVE-2026-40386 CVSS scores: * CVE-2026-32775 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-32775 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-32775 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32775 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40385 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-40385 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-40385 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-40386 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-40386 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-40386 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for libexif fixes the following issues * CVE-2026-40385: Fixed information disclosure and crashes via integer overflow in Nikon MakerNote handling (bsc#1262000) * CVE-2026-40386: Fixed denial of service and information disclosure via integer underflow in MakerNote decoding (bsc#1262001) * CVE-2026-32775: Fixed Buffer overwrite via integer underflow in MakerNotes decoding (bsc#1259755) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listedfor your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2838=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libexif-debugsource-0.6.22-8.16.1 * libexif12-debuginfo-0.6.22-8.16.1 * libexif12-debuginfo-32bit-0.6.22-8.16.1 * libexif-devel-0.6.22-8.16.1 * libexif12-32bit-0.6.22-8.16.1 * libexif12-0.6.22-8.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32775.html * https://www.suse.com/security/cve/CVE-2026-40385.html * https://www.suse.com/security/cve/CVE-2026-40386.html * https://bugzilla.suse.com/show_bug.cgi?id=1259755 * https://bugzilla.suse.com/show_bug.cgi?id=1262000 * https://bugzilla.suse.com/show_bug.cgi?id=1262001 . SUSE update resolves multiple issues in libexif addressing information disclosure and denial of service vulnerabilities.. SUSE Updates, libexif Security, Information Disclosure, Denial of Service, Linux Updates. . Severity: moderate. LinuxSecurity.com Team
An update that solves three vulnerabilities can now be installed.. # Security update for libexif Announcement ID: SUSE-SU-2026:22324-1 Release Date: 2026-06-22T14:30:37Z Rating: moderate References: * bsc#1259755 * bsc#1262000 * bsc#1262001 Cross-References: * CVE-2026-32775 * CVE-2026-40385 * CVE-2026-40386 CVSS scores: * CVE-2026-32775 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-32775 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-32775 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32775 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40385 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-40385 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-40385 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-40386 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-40386 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-40386 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for libexif fixes the following issues * CVE-2026-32775: Buffer overwrite via integer underflow in MakerNotes decoding (bsc#1259755). * CVE-2026-40385: information disclosure and crashes via integer overflow in Nikon MakerNote handling (bsc#1262000). * CVE-2026-40386: denial of service and information disclosure via integer underflow in MakerNote decoding (bsc#1262001). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-1035=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-1035=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libexif12-debuginfo-0.6.26-160000.1.1 * libexif12-0.6.26-160000.1.1 * libexif-debugsource-0.6.26-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libexif12-debuginfo-0.6.26-160000.1.1 * libexif12-0.6.26-160000.1.1 * libexif-debugsource-0.6.26-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32775.html * https://www.suse.com/security/cve/CVE-2026-40385.html * https://www.suse.com/security/cve/CVE-2026-40386.html * https://bugzilla.suse.com/show_bug.cgi?id=1259755 * https://bugzilla.suse.com/show_bug.cgi?id=1262000 * https://bugzilla.suse.com/show_bug.cgi?id=1262001 . Addressing three key security issues in libexif with this moderate update, enhancing system stability and safety.. SUSE, libexif, security update, information disclosure, denial of service. . Severity: moderate. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-22553 http://linux.oracle.com/errata/ELSA-2026-22553.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libexif-0.6.22-6.el9_8.1.i686.rpm libexif-0.6.22-6.el9_8.1.x86_64.rpm libexif-devel-0.6.22-6.el9_8.1.i686.rpm libexif-devel-0.6.22-6.el9_8.1.x86_64.rpm aarch64: libexif-0.6.22-6.el9_8.1.aarch64.rpm libexif-devel-0.6.22-6.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/libexif-0.6.22-6.el9_8.1.src.rpm Related CVEs: CVE-2026-40385 CVE-2026-40386 Description of changes: [0.6.22-6.1] - Fix integer underflow in MakerNote decoding (CVE-2026-40386) - Fix integer overflow in Nikon MakerNote handling (CVE-2026-40385) Resolves: RHEL-170253, RHEL-170234 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-20929 http://linux.oracle.com/errata/ELSA-2026-20929.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libexif-0.6.22-6.el8_10.i686.rpm libexif-0.6.22-6.el8_10.x86_64.rpm libexif-devel-0.6.22-6.el8_10.i686.rpm libexif-devel-0.6.22-6.el8_10.x86_64.rpm aarch64: libexif-0.6.22-6.el8_10.aarch64.rpm libexif-devel-0.6.22-6.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/libexif-0.6.22-6.el8_10.src.rpm Related CVEs: CVE-2026-40385 CVE-2026-40386 Description of changes: [0.6.22-6] - Fix integer underflow in MakerNote decoding (CVE-2026-40386) - Fix integer overflow in Nikon MakerNote handling (CVE-2026-40385) Resolves: RHEL-170243, RHEL-170220 _______________________________________________ El-errata mailing list
MGASA-2026-0112 - Updated libexif packages fix security vulnerabilities. MGASA-2026-0112 - Updated libexif packages fix security vulnerabilities Publication date: 07 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0112.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-32775, CVE-2026-40385, CVE-2026-40386 Description: CVE-2026-32775: libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. CVE-2026-40385: In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. CVE-2026-40386: In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs. References: - https://bugs.mageia.org/show_bug.cgi?id=35368 - http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.368011 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32775 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40385 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40386 SRPMS: - 9/core/libexif-0.6.26-1.mga9 . Updated libexif packages for Mageia address critical security threats with integer underflow and crashes.. Mageia security advisory, libexif vulnerabilities, information leak risks, integer underflow prevention. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.