Updated icoutils packages fix security vulnerability
Publication date: 23 Mar 2017Modification date: 23 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-6009 , CVE-2017-6010 , CVE-2017-6011
Description
Multiple vulnerabilities were discovered in the icotool (CVE-2017-6010,
CVE-2017-6011) and wrestool (CVE-2017-6009) tools of icoutils, a set of
programs that deal with MS Windows icons and cursors, which may result in
denial of service or the execution of arbitrary code if a malformed .ico
or .exe file is processed.
References
- https://bugs.mageia.org/show_bug.cgi?id=20477
- https://www.debian.org/security/2017/dsa-3807
- http://git.savannah.gnu.org/cgit/icoutils.git/tree/NEWS?h=0.31.3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6009
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6010
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6011
SRPMS
5/core
- icoutils-0.31.3-1.mga5