| Summary: | gdk-pixbuf2.0 new security issue CVE-2017-1000422 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | sysadmin-bugs |
| Version: | 5 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA5-64-OK | ||
| Source RPM: | gdk-pixbuf2.0-2.32.3-1.1.mga5.src.rpm | CVE: | CVE-2017-1000422 |
| Status comment: | |||
| Bug Depends on: | 22399 | ||
| Bug Blocks: | |||
|
Description
David Walser
2018-01-19 15:08:15 CET
Suggested advisory: ======================== The updated packages fix a security vulnerability: Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution (CVE-2017-1000422). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000422 https://www.debian.org/security/2018/dsa-4088 https://usn.ubuntu.com/usn/usn-3532-1/ ======================== Updated packages in core/updates_testing: ======================== gdk-pixbuf2.0-2.32.3-1.2.mga5 libgdk_pixbuf2.0_0-2.32.3-1.2.mga5 libgdk_pixbuf2.0-devel-2.32.3-1.2.mga5 libgdk_pixbuf-gir2.0-2.32.3-1.2.mga5 from gdk-pixbuf2.0-2.32.3-1.2.mga5.src.rpm Assignee:
sysadmin-bugs =>
qa-bugs Firefox uses this library. The update only affects GIF decoding, which still works fine in a new Firefox instance after updating on Mageia 5 x86_64. Whiteboard:
(none) =>
MGA5-64-OK
Lewis Smith
2018-01-21 20:42:27 CET
Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0090.html Resolution:
(none) =>
FIXED |