-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4088-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff January 15, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gdk-pixbuf CVE ID : CVE-2017-1000422 It was discovered that multiple integer overflows in the GIF image loader in the GDK Pixbuf library may result in denial of service and potentially the execution of arbitrary code if a malformed image file is opened. For the oldstable distribution (jessie), this problem has been fixed in version 2.31.1-2+deb8u7. For the stable distribution (stretch), this problem has been fixed in version 2.36.5-2+deb9u2. In addition this update provides fixes for CVE-2017-6312, CVE-2017-6313 and CVE-2017-6314. We recommend that you upgrade your gdk-pixbuf packages. For the detailed security status of gdk-pixbuf please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gdk-pixbuf Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlpdB9wACgkQEMKTtsN8 TjbZNw/9HC6/7XcvtoNhCLhlrOwZKsBbJpeDoZq4C4NsRWeDKEs+ECu5HeeCK/oa s5idrv15kq6Ikb4kayi4hlYMorD4NzAU8yGEfItAhIvvLCmgmYG8mjkGN6yrZLjJ 2LZAGIJBeiAoh3rVwQsC2b+y/WS/6N5iicMCvP9IqSqTamhYzB6OXOUb4K0Jb18n VLCBCV6WjHDLt3auW05diVhhrCSV1tdqij/imc3RgELx51thBdHDQ/0Yobu8Kc/g gEPq/+2ynH1BrIwffcZMy/r4cCb8xuGj4SAaF4r7ic7ouU/+Me2Exg0C1KRkc9sC /5174PS4AOadKpT9vqkNef2ux6VVUbegAbmv2/kbrf3hyk8lPY3vcl2rd+S+LF24 aWxLcHAwG9jeZ2JRGg4XLEl54sXMtzFN847cLIuOmnNTsPy3bGNCi+hHLpH9EKaZ 4KCHLa8DtTpx69xmaDpiqWOiCMUr66dfGaz9N5jiZkOJfS2rlg1wqdaJJ28bcnAs 5szrrT59GeUjp7IUgxDAgVFGMBnRle+58SsjJaS8IfMZj6oP5Cmpje7RS68pe37i 91L8YZgWEc9Xnq4BR74njKyBirt4yGR3+JaSmJzAaWc+TxbRJlkm3f0vZ1yQLcNm Ww2WI/D9mZ40SyTY/fVfNcWoBCuRL9XTFDvAp8Z93KRY3G6rz1w= =QqcC -----END PGP SIGNATURE-----
