[SECURITY] [DSA 4088-1] gdk-pixbuf security update

From: Moritz Muehlenhoff <jmm@debian.org>
To: bugtraq@securityfocus.com
Cc:
Subject: [SECURITY] [DSA 4088-1] gdk-pixbuf security update
Date:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4088-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 15, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gdk-pixbuf
CVE ID         : CVE-2017-1000422

It was discovered that multiple integer overflows in the GIF image loader
in the GDK Pixbuf library may result in denial of service and potentially
the execution of arbitrary code if a malformed image file is opened.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.31.1-2+deb8u7.

For the stable distribution (stretch), this problem has been fixed in
version 2.36.5-2+deb9u2. In addition this update provides fixes for
CVE-2017-6312, CVE-2017-6313 and CVE-2017-6314.

We recommend that you upgrade your gdk-pixbuf packages.

For the detailed security status of gdk-pixbuf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gdk-pixbuf

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlpdB9wACgkQEMKTtsN8
TjbZNw/9HC6/7XcvtoNhCLhlrOwZKsBbJpeDoZq4C4NsRWeDKEs+ECu5HeeCK/oa
s5idrv15kq6Ikb4kayi4hlYMorD4NzAU8yGEfItAhIvvLCmgmYG8mjkGN6yrZLjJ
2LZAGIJBeiAoh3rVwQsC2b+y/WS/6N5iicMCvP9IqSqTamhYzB6OXOUb4K0Jb18n
VLCBCV6WjHDLt3auW05diVhhrCSV1tdqij/imc3RgELx51thBdHDQ/0Yobu8Kc/g
gEPq/+2ynH1BrIwffcZMy/r4cCb8xuGj4SAaF4r7ic7ouU/+Me2Exg0C1KRkc9sC
/5174PS4AOadKpT9vqkNef2ux6VVUbegAbmv2/kbrf3hyk8lPY3vcl2rd+S+LF24
aWxLcHAwG9jeZ2JRGg4XLEl54sXMtzFN847cLIuOmnNTsPy3bGNCi+hHLpH9EKaZ
4KCHLa8DtTpx69xmaDpiqWOiCMUr66dfGaz9N5jiZkOJfS2rlg1wqdaJJ28bcnAs
5szrrT59GeUjp7IUgxDAgVFGMBnRle+58SsjJaS8IfMZj6oP5Cmpje7RS68pe37i
91L8YZgWEc9Xnq4BR74njKyBirt4yGR3+JaSmJzAaWc+TxbRJlkm3f0vZ1yQLcNm
Ww2WI/D9mZ40SyTY/fVfNcWoBCuRL9XTFDvAp8Z93KRY3G6rz1w=
=QqcC
-----END PGP SIGNATURE-----





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.