Updated gdk-pixbuf2.0 packages fix security vulnerability
Publication date: 01 Jan 2018Modification date: 01 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-2862 , CVE-2017-2870 , CVE-2017-6311 , CVE-2017-6312 , CVE-2017-6313 , CVE-2017-6314
Description
JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability
(CVE-2017-2862).
tiff_image_parse Code Execution Vulnerability (CVE-2017-2870).
Ariel Zelivansky discovered that the GDK-PixBuf library did not properly
handle printing certain error messages. If an user or automated system were
tricked into opening a specially crafted image file, a remote attacker
could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of
service (CVE-2017-6311).
Out-of-bounds read on io-ico.c (CVE-2017-6312).
A dangerous integer underflow in io-icns.c (CVE-2017-6313).
Infinite loop in io-tiff.c (CVE-2017-6314).
Note, the CVE-2017-2862, CVE-2017-2870, and CVE-2017-6311 issues only
affected Mageia 5.
References
- https://bugs.mageia.org/show_bug.cgi?id=21680
- https://usn.ubuntu.com/usn/usn-3418-1/
- https://lists.opensuse.org/opensuse-updates/2017-09/msg00031.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2870
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6312
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6313
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6314
SRPMS
5/core
- gdk-pixbuf2.0-2.32.3-1.1.mga5
6/core
- gdk-pixbuf2.0-2.36.10-1.1.mga6