Ausführen beliebiger Kommandos in pixman
ID: | USN-2918-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 12.04 LTS, Ubuntu 14.04 LTS |
Datum: | Do, 3. März 2016, 16:49 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9766 |
Applikationen: | Pixman |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8042572197606645341== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="SKJMJ5kp0kJox5FACsEkQAXUOxHBL423l" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --SKJMJ5kp0kJox5FACsEkQAXUOxHBL423l Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-2918-1 March 03, 2016 pixman vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: pixman could be made to crash or run programs as your login if it processed specially crafted data. Software Description: - pixman: pixel-manipulation library for X and cairo Details: Vincent LE GARREC discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, a remote attacker could cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libpixman-1-0 0.30.2-2ubuntu1.1 Ubuntu 12.04 LTS: libpixman-1-0 0.30.2-1ubuntu0.0.0.0.3 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2918-1 CVE-2014-9766 Package Information: https://launchpad.net/ubuntu/+source/pixman/0.30.2-2ubuntu1.1 https://launchpad.net/ubuntu/+source/pixman/0.30.2-1ubuntu0.0.0.0.3 --SKJMJ5kp0kJox5FACsEkQAXUOxHBL423l Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJW2FCVAAoJEGVp2FWnRL6T/hkP/3Rndz6mEBdwkENTNPJtaE13 J4NJOvhxkDhgMZfEyDLVpCJvuxVcZy2vQy7vxQGedh3bevoG6iRkvyscaN8DIvxu ieYr5Y9mM/SwxO0AOm8FeSQX6rmdsF+qacIMhh+8ONMeT5k+MfcANZZPpUpghZfZ Ou3I85PC82p+R8IfoM1040d9PDQjigsFL8eiqljxYK/CepRWS3m13OuMg9ZabvIT zbxFrLDakPyhRmiRIdw4aJ2ped/ThN4FrIkETGBb1N93kb2tpffMba02FE3QnAVc 7NoDqmg66+woHy9J90/oSw4kptiSOcnncEoy7YKt5wAu2xhN+2eD40NhTcHOjsEG 5Mgsi8bWuvhPrBaPhMZf/nA0W5F+aq8TowbNBiCoyoLpx3mjPx4N6LFTChw9T4RS NlpYyNRQyEgGnuTEk00Oo3NZ3lfNB3vg6WN9LN7uDHvTQKFMmtRapHk1KauhaRh6 u3ead+nn9RN1iT6Br4Q5g0oTlDW7SovjywsrIR5f5Kw3dPRm0+adav9maKYqg6/1 B6SVH9TCNnUUj/909FbhgY+uJGuvsnfM+EC2lK0PThWTjZHw/H2u3wijekobMrgt nxWZXFRcOTevpVcEw/R9l3ZoNj6cg67XzY+SEpSznxEZC3McchK5v7l8TQwCLRBQ 7o5L7fJ7zN0ZI5ifLdmL =uD59 -----END PGP SIGNATURE----- --SKJMJ5kp0kJox5FACsEkQAXUOxHBL423l-- --===============8042572197606645341== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============8042572197606645341==-- |