Updated gdk-pixbuf2.0 packages fix security vulnerability
Publication date: 01 Jan 2018Modification date: 01 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-2862 , CVE-2017-2870 , CVE-2017-6311 , CVE-2017-6312 , CVE-2017-6313 , CVE-2017-6314
Description
JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability (CVE-2017-2862). tiff_image_parse Code Execution Vulnerability (CVE-2017-2870). Ariel Zelivansky discovered that the GDK-PixBuf library did not properly handle printing certain error messages. If an user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service (CVE-2017-6311). Out-of-bounds read on io-ico.c (CVE-2017-6312). A dangerous integer underflow in io-icns.c (CVE-2017-6313). Infinite loop in io-tiff.c (CVE-2017-6314). Note, the CVE-2017-2862, CVE-2017-2870, and CVE-2017-6311 issues only affected Mageia 5.
References
- https://bugs.mageia.org/show_bug.cgi?id=21680
- https://usn.ubuntu.com/usn/usn-3418-1/
- https://lists.opensuse.org/opensuse-updates/2017-09/msg00031.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2870
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6312
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6313
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6314
SRPMS
5/core
- gdk-pixbuf2.0-2.32.3-1.1.mga5
6/core
- gdk-pixbuf2.0-2.36.10-1.1.mga6