ID de Prueba:	1.3.6.1.4.1.25623.1.1.13.2020.140.02
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2020-140-02)
Resumen:	The remote host is missing an update for the 'libexif' package(s) announced via the SSA:2020-140-02 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libexif' package(s) announced via the SSA:2020-140-02 advisory. Vulnerability Insight: New libexif packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libexif-0.6.22-i486-1_slack14.2.txz: Upgraded. This update fixes bugs and security issues: CVE-2018-20030: Fix for recursion DoS CVE-2020-13114: Time consumption DoS when parsing canon array markers CVE-2020-13113: Potential use of uninitialized memory CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes CVE-2020-0093: read overflow CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs CVE-2020-12767: fixed division by zero CVE-2016-6328: fixed integer overflow when parsing maker notes CVE-2017-7544: fixed buffer overread For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'libexif' package(s) on Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6328 GLSA-202007-05 https://security.gentoo.org/glsa/202007-05 USN-4277-1 https://usn.ubuntu.com/4277-1/ [debian-lts-announce] 20200518 [SECURITY] [DLA 2214-1] libexif security update https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328 openSUSE-SU-2020:0793 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2017-7544 https://sourceforge.net/p/libexif/bugs/130/ Common Vulnerability Exposure (CVE) ID: CVE-2018-20030 https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/ https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html SuSE Security Announcement: openSUSE-SU-2020:0264 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html SuSE Security Announcement: openSUSE-SU-2020:0793 (Google Search) https://usn.ubuntu.com/4358-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9278 Bugtraq: 20200210 [SECURITY] [DSA 4618-1] libexif security update (Google Search) https://seclists.org/bugtraq/2020/Feb/9 Debian Security Information: DSA-4618 (Google Search) https://www.debian.org/security/2020/dsa-4618 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/ https://source.android.com/security/bulletin/android-10 https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html http://www.openwall.com/lists/oss-security/2019/10/25/17 http://www.openwall.com/lists/oss-security/2019/10/27/1 http://www.openwall.com/lists/oss-security/2019/11/07/1 Common Vulnerability Exposure (CVE) ID: CVE-2020-0093 https://source.android.com/security/bulletin/2020-05-01 https://usn.ubuntu.com/4396-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-12767 Common Vulnerability Exposure (CVE) ID: CVE-2020-13112 https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 Common Vulnerability Exposure (CVE) ID: CVE-2020-13113 https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f Common Vulnerability Exposure (CVE) ID: CVE-2020-13114 https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.