1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3378-1] gdk-pixbuf security update

    From Salvatore Bonaccorso@1:229/2 to All on Sat Oct 24 22:50:01 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 24, 2015 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : gdk-pixbuf
    CVE ID : CVE-2015-7673 CVE-2015-7674

    Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit
    for image loading and pixel buffer manipulation. The Common
    Vulnerabilities and Exposures project identifies the following problems:

    CVE-2015-7673

    Gustavo Grieco discovered a heap overflow in the processing of TGA
    images which may result in the execution of arbitrary code or denial
    of service (process crash) if a malformed image is opened.

    CVE-2015-7674

    Gustavo Grieco discovered an integer overflow flaw in the processing
    of GIF images which may result in the execution of arbitrary code or
    denial of service (process crash) if a malformed image is opened.

    For the oldstable distribution (wheezy), these problems have been fixed
    in version 2.26.1-1+deb7u2.

    For the stable distribution (jessie), these problems have been fixed in
    version 2.31.1-2+deb8u3.

    For the testing distribution (stretch), these problems have been fixed
    in version 2.32.1-1 or earlier.

    For the unstable distribution (sid), these problems have been fixed in
    version 2.32.1-1 or earlier.

    We recommend that you upgrade your gdk-pixbuf packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJWK+1uAAoJEAVMuPMTQ89EK28P/Rj6Wzv8+M8b++1TGlBtOJIk TjDm7/+V/j7VGX7yBNqunDbpr9r5+u74IcWhEPUC3+XUBfSbxMb5ykPqFdolKDlm T1NjGb8enrErfqarBf0lZuSiykM1cc+uz+yx08Rw1XiW/APTCq3CzJTdcO8dBeOZ Aj65w4qeoghbdyPYWNVaC5abYeng6YSDztBzaq9VROHXPRHPzWWIE+VvJXtViZV9 I0rtgXOHwn2SVrMXKpbD96NDQgIOtT+IefTMu1CR3NWxVZsx7K6yfqR0D6wXRdre 8MtLtbqHPvmavq5wA/IBYkDzNKA79K6FoSiFx3bRDHFvEGV2UI+FtczMsB1U+dX/ wVGR84i7ZzRtqYBjALozwBzUfD0r2SlqiCOevVBqLNTtkH/DfeQrsluhMLvH4ecA LdafwXz6CtisoeVaUoJ6bO8mLmKS1v2MrqPQsQdJsdnfeZoAjU1jZbU2IBeJEQYr ObYUZwpdztjO7Ki/Gz535rQ0u30+NZpXn1IwSFh+gevODOv0C0Ajld7ia4RLHCom HC4TL68eoy2/MJdcM0BTYfYC0qbrdIpBrU56zjQtX7ybb8d8ojswH7iWYfUkNJW7 lJoN8QRjlLEzMb6/UgjPcann72jYie9UEOQySutsrX2mMlQT5vdPlsuii1N5B21H TTLhaE2DoNUz39sPtqCd
    =CY0a
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)