[Buildroot] [PATCH] gdk-pixbuf: security bump to version 2.36.10

Peter Korsgaard peter at korsgaard.com
Fri Sep 22 07:48:25 UTC 2017


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > CVE-2017-2862 - An exploitable heap overflow vulnerability exists in the
 > gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6.  A
 > specially crafted jpeg file can cause a heap overflow resulting in remote
 > code execution.  An attacker can send a file or url to trigger this
 > vulnerability.

 > CVE-2017-2870 - An exploitable integer overflow vulnerability exists in the
 > tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with
 > Clang.  A specially crafted tiff file can cause a heap-overflow resulting in
 > remote code execution.  An attacker can send a file or a URL to trigger this
 > vulnerability.

 > CVE-2017-6311 - gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows
 > context-dependent attackers to cause a denial of service (NULL pointer
 > dereference and application crash) via vectors related to printing an error
 > message.

 > The host version now needs the same workaround as we do for the target to
 > not pull in shared-mime-info.

 > Also add a hash for the license file while we're at it.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2017.02.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list