Ubuntu Security Notice 3532-1 - It was discovered that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled certain images. An attacker could use this to cause a denial of service. Various other issues were also addressed.
48fc0affae45f86677383560b579d812b01f35ba7cf67e43a1cc7c2b83b12dcb
==========================================================================
Ubuntu Security Notice USN-3532-1
January 15, 2018
gdk-pixbuf vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in GDK-PixBuf.
Software Description:
- gdk-pixbuf: GDK Pixbuf library
Details:
It was discoreved that GDK-PixBuf incorrectly handled certain gif
images. An attacker could use this to execute arbitrary code. This
issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2017-1000422)
Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled certain
images. An attacker could use this to cause a denial of service.
(CVE-2017-6312, CVE-2017-6313)
Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled large
TIFF files. An attacker could use this to cause a denial of service.
(CVE-2017-6314)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libgdk-pixbuf2.0-0 2.36.11-1ubuntu0.1
Ubuntu 16.04 LTS:
libgdk-pixbuf2.0-0 2.32.2-1ubuntu1.4
Ubuntu 14.04 LTS:
libgdk-pixbuf2.0-0 2.30.7-0ubuntu1.8
After a standard system update you need to restart your session to make
all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3532-1
CVE-2017-1000422, CVE-2017-6312, CVE-2017-6313, CVE-2017-6314
Package Information:
https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.36.11-1ubuntu0.1
https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.32.2-1ubuntu1.4
https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.30.7-0ubuntu1.8