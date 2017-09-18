

Ubuntu Security Notice USN-3418-1

September 18, 2017



gdk-pixbuf vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:



- Ubuntu 17.04

- Ubuntu 16.04 LTS

- Ubuntu 14.04 LTS



Summary:



GDK-PixBuf could be made to crash or run programs as your login if it

opened a specially crafted file.



Software Description:

- gdk-pixbuf: GDK Pixbuf library



Details:



It was discovered that the GDK-PixBuf library did not properly handle

certain jpeg images. If an user or automated system were tricked into

opening a specially crafted jpeg file, a remote attacker could use this

flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or

possibly execute arbitrary code. (CVE-2017-2862)



It was discovered that the GDK-PixBuf library did not properly handle

certain tiff images. If an user or automated system were tricked into

opening a specially crafted tiff file, a remote attacker could use this

flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or

possibly execute arbitrary code. (CVE-2017-2870)



Ariel Zelivansky discovered that the GDK-PixBuf library did not

properly handle printing certain error messages. If an user or

automated system were tricked into opening a specially crafted image

file, a remote attacker could use this flaw to cause GDK-PixBuf to

crash, resulting in a denial of service. (CVE-2017-6311)



Update instructions:



The problem can be corrected by updating your system to the following

package versions:



Ubuntu 17.04:

Â libgdk-pixbuf2.0-0Â Â Â Â Â Â Â Â Â Â Â Â Â Â 2.36.5-3ubuntu0.2



Ubuntu 16.04 LTS:

Â libgdk-pixbuf2.0-0Â Â Â Â Â Â Â Â Â Â Â Â Â Â 2.32.2-1ubuntu1.3



Ubuntu 14.04 LTS:

Â libgdk-pixbuf2.0-0Â Â Â Â Â Â Â Â Â Â Â Â Â Â 2.30.7-0ubuntu1.7



After a standard system update you need to restart your session to make

all the necessary changes.



References:

Â https://www.ubuntu.com/usn/usn-3418-1

Â CVE-2017-2862, CVE-2017-2870, CVE-2017-6311



Package Information:

Â https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.36.5-3ubuntu0.2

Â https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.32.2-1ubuntu1.3

Â https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.30.7-0ubuntu1.7



