Xorg-Server and Libexif updates for Slackware

Slackware 1247 Published by

Slackware Linux has released urgent security updates for both xorg-server and libexif packages across their 15.0 and current branches. The xorg-server rebuild targets several critical flaws including integer underflows, buffer overflows, and use-after-free vulnerabilities within various subsystems. Meanwhile users of the libexif library need to install a new version that resolves unsigned integer issues specifically found in camera makernote handling code. Administrators must run standard upgrade commands with root privileges to install the corrected files from the official FTP mirrors immediately.

xorg-server (SSA:2026-104-02)
libexif (SSA:2026-104-01)




xorg-server (SSA:2026-104-02)


xorg-server (SSA:2026-104-02)

New xorg-server packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.20.14-i586-19_slack15.0.txz: Rebuilt.
This update fixes security issues:
XKB Integer Underflow in XkbSetCompatMap().
XKB Out-of-bounds Read in CheckSetGeom().
XSYNC Use-after-free in miSyncTriggerFence().
XKB Out-of-bounds read in CheckModifierMap().
XKB Buffer overflow in CheckKeyTypes().
For more information, see:
https://lists.x.org/archives/xorg-devel/2026-April/059446.html
https://www.cve.org/CVERecord?id=CVE-2026-33999
https://www.cve.org/CVERecord?id=CVE-2026-34000
https://www.cve.org/CVERecord?id=CVE-2026-34001
https://www.cve.org/CVERecord?id=CVE-2026-34002
https://www.cve.org/CVERecord?id=CVE-2026-34003
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-19_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-19_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-19_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-17_slack15.0.txz: Rebuilt.
This update fixes security issues:
XKB Integer Underflow in XkbSetCompatMap().
XKB Out-of-bounds Read in CheckSetGeom().
XSYNC Use-after-free in miSyncTriggerFence().
XKB Out-of-bounds read in CheckModifierMap().
XKB Buffer overflow in CheckKeyTypes().
For more information, see:
https://lists.x.org/archives/xorg-devel/2026-April/059446.html
https://www.cve.org/CVERecord?id=CVE-2026-33999
https://www.cve.org/CVERecord?id=CVE-2026-34000
https://www.cve.org/CVERecord?id=CVE-2026-34001
https://www.cve.org/CVERecord?id=CVE-2026-34002
https://www.cve.org/CVERecord?id=CVE-2026-34003
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-19_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xephyr-1.20.14-i586-19_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xnest-1.20.14-i586-19_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xvfb-1.20.14-i586-19_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xwayland-21.1.4-i586-17_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-1.20.14-x86_64-19_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xephyr-1.20.14-x86_64-19_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xnest-1.20.14-x86_64-19_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xvfb-1.20.14-x86_64-19_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xwayland-21.1.4-x86_64-17_slack15.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-21.1.22-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-21.1.22-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-21.1.22-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-21.1.22-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xwayland-24.1.10-i686-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-21.1.22-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-21.1.22-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-21.1.22-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-21.1.22-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xwayland-24.1.10-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 packages:
9935c5c229bcab4edc593b3431158d3f xorg-server-1.20.14-i586-19_slack15.0.txz
d626cec0003c688e9ddd8a4354be3865 xorg-server-xephyr-1.20.14-i586-19_slack15.0.txz
1a9f2c1f92980b59a4ad432165e8bb99 xorg-server-xnest-1.20.14-i586-19_slack15.0.txz
28d25dc6926c2acb01bf5fdb13d62b4c xorg-server-xvfb-1.20.14-i586-19_slack15.0.txz
77e1c32e47857c1613c389317301d9e4 xorg-server-xwayland-21.1.4-i586-17_slack15.0.txz

Slackware x86_64 15.0 packages:
c4762ba3ba5f3f9a65009eeafb366384 xorg-server-1.20.14-x86_64-19_slack15.0.txz
5156374045dd79e29dc9f2abb619a2af xorg-server-xephyr-1.20.14-x86_64-19_slack15.0.txz
20bf03c1c7f694b57325d5523d0ddf4b xorg-server-xnest-1.20.14-x86_64-19_slack15.0.txz
40b9de889ed24fa4c0822aaf72c29d6e xorg-server-xvfb-1.20.14-x86_64-19_slack15.0.txz
3b14892335fb83ec4ad96aa3b0295c23 xorg-server-xwayland-21.1.4-x86_64-17_slack15.0.txz

Slackware -current packages:
6026945c1c8b8e462c5005669c54abd8 x/xorg-server-21.1.22-i686-1.txz
462cb1dba3886f17add9c48b037d766a x/xorg-server-xephyr-21.1.22-i686-1.txz
c6adf21ce90ee79deae79a5ee42dc94b x/xorg-server-xnest-21.1.22-i686-1.txz
0d30f26e236abc661ad635c359dbeb9e x/xorg-server-xvfb-21.1.22-i686-1.txz
6b721a355c506a7e191c3ee7e35d1e4c x/xorg-server-xwayland-24.1.10-i686-1.txz

Slackware x86_64 -current packages:
dae7283da10ba622614a29e7465a1fe1 x/xorg-server-21.1.22-x86_64-1.txz
f538e1758ace5335e096be3e4c65b6bc x/xorg-server-xephyr-21.1.22-x86_64-1.txz
27f831896e9cd7ff83a7d4a7fccaf56e x/xorg-server-xnest-21.1.22-x86_64-1.txz
05ca6daa0237d8e1cfc86a30824d25b7 x/xorg-server-xvfb-21.1.22-x86_64-1.txz
d7c57ad4679456a029d2e0563dff5b5c x/xorg-server-xwayland-24.1.10-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg xorg-server-*.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key



libexif (SSA:2026-104-01)


libexif (SSA:2026-104-01)

New libexif packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/libexif-0.6.26-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
An unsigned integer underflow in Fuji and Olympus makernote handling.
An unsigned integer overflow on 32bit systems in Nikon makernote handling.
A buffer overwrite via integer underflow in makernote handling.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-40386
https://www.cve.org/CVERecord?id=CVE-2026-40385
https://www.cve.org/CVERecord?id=CVE-2026-32775
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libexif-0.6.26-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libexif-0.6.26-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libexif-0.6.26-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libexif-0.6.26-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
7c5c034a4800c3cb6ad1bfaa3c8725d8 libexif-0.6.26-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
567537407dde6e35dd1c47932007f210 libexif-0.6.26-x86_64-1_slack15.0.txz

Slackware -current package:
1457b6ebd9ce3395682c9d221b19d46a l/libexif-0.6.26-i686-1.txz

Slackware x86_64 -current package:
dc4b8f4b93e3e1d1155116e201b254c5 l/libexif-0.6.26-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libexif-0.6.26-i586-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key


Fontforge, Perl-XML-Parser, NodeJS, Perl, Ruby updates for Rocky Linux

TigerVNC, Openvswitch, Sudo, and more updates for SUSE

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...