[SECURITY] [DLA 434-1] gtk+2.0 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 434-1] gtk+2.0 security update
From: Santiago Ruano Rincón <santiagorr@riseup.net>
Date: Sat, 27 Feb 2016 16:16:41 +0100
Message-id: <[🔎] 20160227151640.GA781@riseup.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : gtk+2.0
Version        : 2.20.1-2+deb6u2
CVE ID         : CVE-2015-4491 CVE-2015-7673 CVE-2015-7674

Gustavo Grieco discovered different security issues in Gtk+2.0's
gdk-pixbuf.

CVE-2015-4491

    Heap overflow when processing BMP images which may allow to execute
    of arbitrary code via malformed images.

CVE-2015-7673

    Heap overflow when processing TGA images which may allow execute
    arbitrary code or denial of service (process crash) via malformed
    images.

CVE-2015-7674

    Integer overflow when processing GIF images which may allow to
    execute arbitrary code or denial of service (process crash) via
    malformed image.

For Debian 6 "Squeeze", these issues have been fixed in gtk+2.0 version
2.20.1-2+deb6u2. We recommend you to upgrade your gtk+2.0 packages.

Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 433-1] xerces-c security update
Next by Date: [SECURITY] [DLA 435-1] tomcat6 security update
Previous by thread: [SECURITY] [DLA 433-1] xerces-c security update
Next by thread: [SECURITY] [DLA 435-1] tomcat6 security update
Index(es):
- Date
- Thread