[SECURITY] [DLA 1306-1] vips security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1306-1] vips security update
From: Chris Lamb <lamby@debian.org>
Date: Sun, 11 Mar 2018 17:50:37 +0000
Message-id: <[🔎] 1520790637.1233646.1299178056.00D9DD4E@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : vips
Version        : 7.28.5-1+deb7u2
CVE ID         : CVE-2018-7998
Debian Bug     : #892589

It was discovered that there was NULL function pointer dereference
vulnerability in vips, an image processing system for very large images.

Remote attackers could cause a denial of service via a specially-crafted
image file which  occurred due to a race condition involving a failed
image load and other worker threads.

For Debian 7 "Wheezy", this issue has been fixed in vips version
7.28.5-1+deb7u2.

We recommend that you upgrade your vips packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqlbGkACgkQHpU+J9Qx
HlhlZg/+JARD0ct7/CwIsXKXI61vTZQUDcH843W4TWoTu9fyQgU4BAga4e79I2Dc
hltsrkTglAgdQWSc+G0pt+ajFs85481TFVh9hq2QHLzc61ttHudcL/5RSs1HD/lr
x/ek7rIP8J8LUegB383SwhCWZrOJnnPb96/B9clo/BoZqeB6WWvopgerlJOEV8ZF
xd8WjupcxgWozb3/f9DS4ALdZbsxf8aXzrtG6DvRLFsUWLJp5CVj7MPsMRiUgPVm
RidF8Na6oTcfFvGP6s6KC9Lccd8Wy+FYryBXhBL9Hyg/Y59rvyIMhM1y04PR1a1U
4ze0JDTzECuDoTTZmlSQCdjjHFqg4lWLF/D0C97JdLG+vObvAfmnLv20GXRVRPfl
c17/A9ojmKpqjOq4EpsZ8y2iKG5l2Qhsh05ey6nnecXN2fBhWWYJFc3sqCyeuMYk
q2t53OkVEE7OyfIC7pRWoN5jETj+OzN3N9LCCv2KC2ZZs549UwYt+O1cfFmwfLNh
iL7GMvQ3iILEGXMQvekJWvYl16Na1AUStgJ6feDBds7pSt3jx/c+8pPXMGDVn+HE
Gdm9z34zlsuUNdh28EDmfzh4rfX9t/fq7duYBX9OK893MNRNPpgKExmPbmHJXXAG
Btfkh8laF5AkCr0BBuuZscv9LZj458XYlyfhqHkx8agutt5o47g=
=zP5x
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1305-1] ming security update
Next by Date: [SECURITY] [DLA 1308-1] firefox-esr security update
Previous by thread: [SECURITY] [DLA 1305-1] ming security update
Next by thread: [SECURITY] [DLA 1308-1] firefox-esr security update
Index(es):
- Date
- Thread