Updated libraw packages fix security vulnerabilities
Publication date: 28 Jul 2017Modification date: 28 Jul 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-6886 , CVE-2017-6887 , CVE-2017-6889 , CVE-2017-6890
Description
A memory corruption in parse_tiff_ifd() function (CVE-2017-6886).
A memory corruption via e.g. a specially crafted KDC file
parse_tiff_ifd() (CVE-2017-6887).
An integer overflow error within the "foveon_load_camf()" function
(CVE-2017-6889).
A boundary error within the "foveon_load_camf()" function
(CVE-2017-6890).
References
- https://bugs.mageia.org/show_bug.cgi?id=21004
- https://lists.opensuse.org/opensuse-updates/2017-05/msg00111.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6889
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6890
SRPMS
5/core
- libraw-0.16.2-1.2.mga5