[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1934-1] cimg security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : cimg
Version        : 1.5.9+dfsg-1+deb8u1
CVE ID         : CVE-2018-7588 CVE-2018-7589 CVE-2018-7637 CVE-2018-7638
                 CVE-2018-7639 CVE-2018-7640 CVE-2018-7641
                 CVE-2019-1010174


Several issues have been found in cimg, a powerful image processing library.

CVE-2019-1010174 is related to a missing string sanitization on URLs, which might result in a command injection when loading a special crafted image.

The other CVEs are about heap-based buffer over-reads or double frees when loading an image.


For Debian 8 "Jessie", these problems have been fixed in version
1.5.9+dfsg-1+deb8u1.

We recommend that you upgrade your cimg packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl2PKvRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcnrQ//YQL5TNSxL+6nbMyhUV1dfWOWEilkh5CB6ktzlPCqPH5Z9Y1ADn98gHzF
tqF7xZCGOzVoUq/h4/9epgQrrKAFmbeiRI8I3gf5LVPg4As+2gKUs/clwTAglVx2
kZT5fFfUhULZPGj/i+esIOgnX4FBFoAE42DGZPwrz+mtSoq5zPIEIBpJWHjwDSiZ
fAr8EoPdGzcXsyAMU0vtjQn8K29ge6hUjJR93QjHewf1v0fVaRf+3IjtuTN9/XJS
85qXxH8cphc1sMHlRKR6LvZ0tw5v3jNAttkvMiVE0BJ0FAQbEulHySt8+rwANlDN
Z+962ijvtA8M4SzIL0aoRCZYymWc4WOefwetwraZo9W7Lx7ndm4KbCUaGLd1OXVw
oZhzJBmCAXqXb5bnXY1RuMbWC+pwWk+eu5T0/D3WkIIgYT8tw5itKe1MxZ/2kFR9
REpQjNs5K1+kpzDip164Rof6hcjKJq98EoXB6rDTvi2T9UUynF/clQf38Xf2H1y3
vzmY5piey8HkGkV8blF+TUSsUmcY9S/UsP7gDFw6jHxyjZD6xB1LraWMuOuzt3lY
4splTIGurttNqA5Jw3q+MZOnKcc/L3V8dBPsIBYHHCR3mnyQWc1dB2n4jgxlNiD+
LYRaWe+wvibODKI9xvySo/0+Ztf2hHusiGDHVC75+I8TTEW3JnY=
=VpSq
-----END PGP SIGNATURE-----


Reply to: