drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in FreeImage
Name: |
Zwei Probleme in FreeImage |
|
ID: |
201701-68 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mo, 30. Januar 2017, 06:54 |
|
Referenzen: |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0852
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5684 |
|
Applikationen: |
FreeImage |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --huf492muhfffWrd3du7b5qV8ITpaFAh4n Content-Type: multipart/mixed; boundary="khJbrB6DMl2G6hkl20s9gHxAo7WDBktBO"; protected-headers="v1" From: Thomas Deutschmann <whissi@gentoo.org> Reply-To: Gentoo Security <security@gentoo.org> To: gentoo-announce@lists.gentoo.org Message-ID: <3a5a2e20-432b-045c-7ad7-0844baefb663@gentoo.org> Subject: [ GLSA 201701-68 ] FreeImage: Multiple vulnerabilities
--khJbrB6DMl2G6hkl20s9gHxAo7WDBktBO Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-68 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: FreeImage: Multiple vulnerabilities Date: January 29, 2017 Bugs: #559006, #596350 ID: 201701-68
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities have been found in FreeImage, the worst of which may allow execution of arbitrary code
Background ==========
FreeImage is an Open Source library project for developers who would like to support popular graphics image formats like PNG, BMP, JPEG, TIFF and others as needed by today's multimedia applications.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/freeimage < 3.15.4-r1 >= 3.15.4-r1
Description ===========
Multiple vulnerabilities have been discovered in in FreeImage. Please review the CVE identifiers referenced below for details.
Impact ======
A remote attacker, by enticing a user to process a specially crafted image file, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All FreeImage users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/freeimage-3.15.4-r1"
References ==========
[ 1 ] CVE-2015-0852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0852 [ 2 ] CVE-2016-5684 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5684
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-68
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--khJbrB6DMl2G6hkl20s9gHxAo7WDBktBO--
--huf492muhfffWrd3du7b5qV8ITpaFAh4n Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0
iQJ8BAEBCgBmBQJYjhTOXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/IZ0QP/0uC5VzUzjJ3bkhLt4wt3ENc +83OmM9aupN5njQ2RPmcPQcFi8uAsB3moyY1kai50NSdD2bDlDTm125DfY1C0mHw 6g+H6fa7zG2l3nsoWnIUJur4GozcFuvwm3CdktA/SoyVuXrEpLKj5fTSeg0gvgvL E080RS/BX1GHeTkzuVNrjIHXSJYXext7Hxc8I+cQo8+LFka0oX0XmqxM83Sxrqp0 iXHOg0CjlIAxFzX6BN8BFfdq4EvdPdsvL2CWcMYNkkdSM9Elyj6LC2atRZYZzzn7 GzoWqJcHLMlEWM+n9rNhUQk5t7xr96qzkIYO/+QWA3gmp2MS3EpMQm/CnzkVaXDR cPBHYvxS3WeOTojT5lgB5PYnn6/li7hCW7TmNgsT+b/1G/wZWpxL3DHou0uD4HEE 5i1sTWCTt5gVtD9ILdKKxYy+zwuAj42vQO8WRwLog8hLHKj+JXrJMhJ05HsrWqNe fk2nph46qADb1AEjMYJ0cYnkvQNr53EBZNyqFec+IQO0KacRDo0N/GfBcRblzy4q vm6LQNUOEZ4QV8fn099wDU2VU0K9VWgkhT0IkhhezN92pXOHHq4fpkMXh1fS4r3O 7sWKrirqy3SIKt4H2V/9qtoiFnE8/xs7GITq0TSwMksn/Xd8qATpKgxIzdmtPQau bNTzVbp+AL+ImmbtL8Tb =B1Mm -----END PGP SIGNATURE-----
--huf492muhfffWrd3du7b5qV8ITpaFAh4n--
|
|
|
|