Lucene search

DebianDEBIAN:DSA-4088-1:BE67E

HistoryJan 15, 2018 - 7:59 p.m.

[SECURITY] [DSA 4088-1] gdk-pixbuf security update

2018-01-1519:59:55

lists.debian.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.006

Percentile

79.4%

JSON

Debian Security Advisory DSA-4088-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
January 15, 2018 https://www.debian.org/security/faq

Package : gdk-pixbuf
CVE ID : CVE-2017-1000422

It was discovered that multiple integer overflows in the GIF image loader
in the GDK Pixbuf library may result in denial of service and potentially
the execution of arbitrary code if a malformed image file is opened.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.31.1-2+deb8u7.

For the stable distribution (stretch), this problem has been fixed in
version 2.36.5-2+deb9u2. In addition this update provides fixes for
CVE-2017-6312, CVE-2017-6313 and CVE-2017-6314.

We recommend that you upgrade your gdk-pixbuf packages.

For the detailed security status of gdk-pixbuf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gdk-pixbuf

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8armelgir1.2-gdkpixbuf-2.0< 2.31.1-2+deb8u7gir1.2-gdkpixbuf-2.0_2.31.1-2+deb8u7_armel.deb
Debian8mipslibgdk-pixbuf2.0-0< 2.31.1-2+deb8u7libgdk-pixbuf2.0-0_2.31.1-2+deb8u7_mips.deb
Debian9amd64libgdk-pixbuf2.0-0-udeb< 2.36.5-2+deb9u2libgdk-pixbuf2.0-0-udeb_2.36.5-2+deb9u2_amd64.deb
Debian9armellibgdk-pixbuf2.0-0-dbgsym< 2.36.5-2+deb9u2libgdk-pixbuf2.0-0-dbgsym_2.36.5-2+deb9u2_armel.deb
Debian9armellibgdk-pixbuf2.0-0-udeb< 2.36.5-2+deb9u2libgdk-pixbuf2.0-0-udeb_2.36.5-2+deb9u2_armel.deb
Debian9mipsellibgdk-pixbuf2.0-dev-dbgsym< 2.36.5-2+deb9u2libgdk-pixbuf2.0-dev-dbgsym_2.36.5-2+deb9u2_mipsel.deb
Debian8armhflibgdk-pixbuf2.0-0-dbg< 2.31.1-2+deb8u8libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u8_armhf.deb
Debian8ppc64ellibgdk-pixbuf2.0-0-udeb< 2.31.1-2+deb8u7libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u7_ppc64el.deb
Debian9mipsellibgdk-pixbuf2.0-dev< 2.36.5-2+deb9u2libgdk-pixbuf2.0-dev_2.36.5-2+deb9u2_mipsel.deb
Debian9i386libgdk-pixbuf2.0-0-udeb< 2.36.5-2+deb9u2libgdk-pixbuf2.0-0-udeb_2.36.5-2+deb9u2_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	armel	gir1.2-gdkpixbuf-2.0	< 2.31.1-2+deb8u7	gir1.2-gdkpixbuf-2.0_2.31.1-2+deb8u7_armel.deb
Debian	8	mips	libgdk-pixbuf2.0-0	< 2.31.1-2+deb8u7	libgdk-pixbuf2.0-0_2.31.1-2+deb8u7_mips.deb
Debian	9	amd64	libgdk-pixbuf2.0-0-udeb	< 2.36.5-2+deb9u2	libgdk-pixbuf2.0-0-udeb_2.36.5-2+deb9u2_amd64.deb
Debian	9	armel	libgdk-pixbuf2.0-0-dbgsym	< 2.36.5-2+deb9u2	libgdk-pixbuf2.0-0-dbgsym_2.36.5-2+deb9u2_armel.deb
Debian	9	armel	libgdk-pixbuf2.0-0-udeb	< 2.36.5-2+deb9u2	libgdk-pixbuf2.0-0-udeb_2.36.5-2+deb9u2_armel.deb
Debian	9	mipsel	libgdk-pixbuf2.0-dev-dbgsym	< 2.36.5-2+deb9u2	libgdk-pixbuf2.0-dev-dbgsym_2.36.5-2+deb9u2_mipsel.deb
Debian	8	armhf	libgdk-pixbuf2.0-0-dbg	< 2.31.1-2+deb8u8	libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u8_armhf.deb
Debian	8	ppc64el	libgdk-pixbuf2.0-0-udeb	< 2.31.1-2+deb8u7	libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u7_ppc64el.deb
Debian	9	mipsel	libgdk-pixbuf2.0-dev	< 2.36.5-2+deb9u2	libgdk-pixbuf2.0-dev_2.36.5-2+deb9u2_mipsel.deb
Debian	9	i386	libgdk-pixbuf2.0-0-udeb	< 2.36.5-2+deb9u2	libgdk-pixbuf2.0-0-udeb_2.36.5-2+deb9u2_i386.deb