You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa gdk-pixbuf

Sigurnosni nedostaci programskog paketa gdk-pixbuf

by ncert - 0

==========================================================================
Ubuntu Security Notice USN-2767-1
October 13, 2015

gdk-pixbuf vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 15.04
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

GDK-PixBuf could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
– gdk-pixbuf: GDK Pixbuf library

Details:

Gustavo Grieco discovered that the GDK-PixBuf library did not properly
handle scaling tga image files, leading to a heap overflow. If a
user or automated system were tricked into opening a tga image file,
a remote attacker could use this flaw to cause GDK-PixBuf to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-7673)

Gustavo Grieco discovered that the GDK-PixBuf library contained
an integer overflow when handling certain GIF images. If a user
or automated system were tricked into opening a GIF image file,
a remote attacker could use this flaw to cause GDK-PixBuf to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-7674)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
libgdk-pixbuf2.0-0 2.31.3-1ubuntu0.2

Ubuntu 14.04 LTS:
libgdk-pixbuf2.0-0 2.30.7-0ubuntu1.2

Ubuntu 12.04 LTS:
libgdk-pixbuf2.0-0 2.26.1-1ubuntu1.3

After a standard system update you need to restart your session to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2767-1
CVE-2015-7673, CVE-2015-7674

Package Information:
https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.31.3-1ubuntu0.2
https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.30.7-0ubuntu1.2
https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.26.1-1ubuntu1.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJWHWzzAAoJEC8Jno0AXoH0cXIP/R1qQqssbA5fzoKcxqo6DNnw
1llC/dZw/L9tcZu7Dngse38vMvS1OcZHWd0r6ZPmJvgqms5WfPp/5Q0gFE65x5PK
mMpNptBJ9WgVB7jlSPRCIZIwiQnXE51LhahrnGqRZoYC+DGG0cHlylpfv1pR1kTS
5SLL/+ubFRYwyyDzYY5rDsdKjiiromN22e6SxAzeQb8Be4HhBjWdBJ8AuMJzwMyn
CJJaefQYSsycSDAs9IqWA28d1EyKk3hy4bwuUNgabNlJ7bRJjSIBdAshkqgb67Wd
kmEjzlJ4qC4PXqqMUQyn0Qlk234ChDgt7IzDiDf7K2ngegbnC6noejSufqOifxG6
hiAGl9bGd8JzfxTfqA+rQ+F/N4EpztakUCKGzQpQrhusBRJl01ECIe0ad18kbcsR
dFnXLV0Zhm9TTcgEkGfpBKoQ/RNaY9LuDpkLgV4NS1lWKl5hecLph/CIRy0VBMgc
VBerkyP3e0i0ZPFiOpFXf3mNUfJ2RL8gZHS4jnokwvH84cgN8si4L8YhmddGKTAL
8GiMgEOrwGHv5FzI4C/SU/L+WeKhjl7YGPm30RFB+XNa7IcAOeE2bzBzXK7aFlyL
yImd+CYwDuwM2mQ2GtBShst+h4Iand3nuWtj9wGsEv4s4Aldt1ssbTvnZRMjdB6L
ztKjjUzy1i27z1Iat9KM
=Bj3K
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Ranjivost programskog paketa fossil

Fedora je izdala novu inačicu programskog paketa fossil koja sadrži zakrpu za ranjivost poznatiju pod nazivom POODLE. Ranjivost se nalazila...

Close