Nacionalni CERT

Sigurnosni nedostatak programskog paketa gifsicle

<p>-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA512<br /><br />- -------------------------------------------------------------------------<br />Debian Security Advisory DSA-4084-1 security@debian.org<br />https://www.debian.org/security/ Sebastien Delafond<br />January 12, 2018 https://www.debian.org/security/faq<br />- -------------------------------------------------------------------------<br /><br />Package : gifsicle<br />CVE ID : CVE-2017-1000421<br /><br />It was discovered that gifsicle, a tool for manipulating GIF image<br />files, contained a flaw that could lead to arbitrary code execution.<br /><br />For the oldstable distribution (jessie), this problem has been fixed<br />in version 1.86-1+deb8u1.<br /><br />For the stable distribution (stretch), this problem has been fixed in<br />version 1.88-3+deb9u1.<br /><br />We recommend that you upgrade your gifsicle packages.<br /><br />For the detailed security status of gifsicle please refer to<br />its security tracker page at:<br />https://security-tracker.debian.org/tracker/gifsicle<br /><br />Further information about Debian Security Advisories, how to apply<br />these updates to your system and frequently asked questions can be<br />found at: https://www.debian.org/security/<br /><br />Mailing list: debian-security-announce@lists.debian.org<br />-----BEGIN PGP SIGNATURE-----<br /><br />iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlpYpIwACgkQEL6Jg/PV<br />nWRjYAgAo0Drf8Jo7xHbRjuStl9ixkAC/UBNOngLvs38BdE5hDPRMIngwjnKEIGl<br />ms11ascazOu4vKRbsZwQxt0mDI6J4XMnMBSLV4JfsFlqdNTFwdyLSAULHEJ6/N3T<br />zBRMfW8nD/kYWLbyFkTG3BXXWmgCXXSuwoXg2+G4rUox2XK4PNAJ0uloveQS46pm<br />GwYgqS4f9HFBAbXZnUDfQHdUsRZ/Q2spzvvBT69n88jEEYAcGi7YDW+smDXGgnuU<br />Vsu3N+dPrCLLPAsUPsyFbLEXxbg9el4chLe2Ged/ZUUYt/ZGZlM5t4MR9HqtORNB<br />gB1ApmNxoTyC0Y5BrqmSU+mmXvVfDQ==<br />=jqum<br />-----END PGP SIGNATURE-----</p>
Otkriven je sigurnosni nedostatak u programskom paketu gifsicle za operacijski sustav Debian. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog koda. Savjetuje se ažuriranje izdanim zakrpama.