[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 434-1] gtk+2.0 security update



Package        : gtk+2.0
Version        : 2.20.1-2+deb6u2
CVE ID         : CVE-2015-4491 CVE-2015-7673 CVE-2015-7674

Gustavo Grieco discovered different security issues in Gtk+2.0's
gdk-pixbuf.

CVE-2015-4491

    Heap overflow when processing BMP images which may allow to execute
    of arbitrary code via malformed images.

CVE-2015-7673

    Heap overflow when processing TGA images which may allow execute
    arbitrary code or denial of service (process crash) via malformed
    images.

CVE-2015-7674

    Integer overflow when processing GIF images which may allow to
    execute arbitrary code or denial of service (process crash) via
    malformed image.

For Debian 6 "Squeeze", these issues have been fixed in gtk+2.0 version
2.20.1-2+deb6u2. We recommend you to upgrade your gtk+2.0 packages.

Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/

Attachment: signature.asc
Description: Digital signature


Reply to: