[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2043-1] gdk-pixbuf security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : gdk-pixbuf
Version        : 2.31.1-2+deb8u8
CVE ID         : CVE-2016-6352 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313
                 CVE-2017-6314

Several issues in gdk-pixbuf, a library to handle pixbuf, have been found.

CVE-2016-6352
     fix for denial of service (out-of-bounds write and crash) via
     crafted dimensions in an ICO file

CVE-2017-2870
     Fix for an exploitable integer overflow vulnerability in the
     tiff_image_parse functionality. When software is compiled with
     clang, A specially crafted tiff file can cause a heap-overflow
     resulting in remote code execution. Debian package is compiled
     with gcc and is not affected, but probably some downstream is.

CVE-2017-6312
     Fix for an integer overflow in io-ico.c that allows attackers
     to cause a denial of service (segmentation fault and application
     crash) via a crafted image

CVE-2017-6313
     Fix for an integer underflow in the load_resources function in
     io-icns.c that allows attackers to cause a denial of service
     (out-of-bounds read and program crash) via a crafted image entry
     size in an ICO file

CVE-2017-6314
     Fix for an infinite loop in the make_available_at_least function
     in io-tiff.c that allows attackers to cause a denial of service
     via a large TIFF file.


For Debian 8 "Jessie", these problems have been fixed in version
2.31.1-2+deb8u8.

We recommend that you upgrade your gdk-pixbuf packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl37w3pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdNHA/9E1SoWRPCnx82sOaFyDZFmMhTGkq04Y3h9ETtxI3uC+FKSJxTWdMe4UTA
a3V8PLSWrZX4ixwcFFbnBr8zHVV6Z3LiC44s2QuIIg3267gokyanImA8NSL3Q/qy
Cmx1LTJbQXS5FA3ZJI+zHOzJoaZGNyDlROJ2s0tVXNDghbuu7bQTUGt4HxGn5p47
UvL5uDinM0TXQr1i+OWBJv9gfrSasM/Vr5Pl4T84aRsYsbJ0H6xY07VuHNNkV1VF
p6q/VhoLmIJcGJhKZguo/VYP6QrDnlR9c/ujQxeUEBRODtlYSOYLxbhWEUh030tO
iphLNBB31bTr9T527qxTpN/Iv5/blqcWPayxbcKC8acWkJBF2wvYVmjDXOwZK8mL
czndI+RLGCvBgD674exVsEOGTnrNvHOBv+RO9wl0yR9fGDhJFsMld/OZhanCRxOq
F9cEaXhXfVt+eJYSIyPS2S61AKbHCEPdLWfFwcl5OtYrmGag4T24pKM2sZs4qhkQ
XPklvlTaiRQQMlWYXy+L7XcjTub5ePocbt3l8G9VyQ7uKEcxdcvxiBSDsU8YEaLn
ddm0UwwFaz0QRb3aiC+TW1CoBG5tmrpe/TtompqHwnU5DrVL5PucfQnmGEQJsdGB
AsPHTxKhCpcpD8OqUd10TGFE1yf0AXMuJGBEtXh1Rp5LwFfKs7Q=
=Dlrx
-----END PGP SIGNATURE-----


Reply to: