Advisories » MGASA-2017-0080

Updated icoutils packages fix security vulnerability

Publication date: 23 Mar 2017
Modification date: 23 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-6009 , CVE-2017-6010 , CVE-2017-6011

Description

Multiple vulnerabilities were discovered in the icotool (CVE-2017-6010,
CVE-2017-6011) and wrestool (CVE-2017-6009) tools of icoutils, a set of
programs that deal with MS Windows icons and cursors, which may result in
denial of service or the execution of arbitrary code if a malformed .ico
or .exe file is processed.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20477
• https://www.debian.org/security/2017/dsa-3807
• http://git.savannah.gnu.org/cgit/icoutils.git/tree/NEWS?h=0.31.3
• https://www.cve.org/CVERecord?id=CVE-2017-6009
• https://www.cve.org/CVERecord?id=CVE-2017-6010
• https://www.cve.org/CVERecord?id=CVE-2017-6011

SRPMS

5/core

• icoutils-0.31.3-1.mga5