Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201706-06 ] ImageWorsener: Multiple vulnerabilities
Date: Tue, 06 Jun 2017 08:59:13
Message-Id: ac42da09-1e69-df33-7d69-7db9539eedac@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201706-06
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: ImageWorsener: Multiple vulnerabilities
9 Date: June 06, 2017
10 Bugs: #618014
11 ID: 201706-06
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in ImageWorsener, the worst of
19 which allows remote attackers to cause a Denial of Service condition or
20 have other unspecified impact.
21
22 Background
23 ==========
24
25 ImageWorsener is a cross-platform command-line utility and library for
26 image scaling and other image processing.
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 media-gfx/imageworsener < 1.3.1 >= 1.3.1
35
36 Description
37 ===========
38
39 Multiple vulnerabilities have been discovered in ImageWorsener. Please
40 review the CVE identifiers referenced below for details.
41
42 Impact
43 ======
44
45 A remote attacker could entice a user to process a specially crafted
46 image file using ImageWorsener, possibly resulting in a Denial of
47 Service condition or have other unspecified impacts.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All ImageWorsener users should upgrade to the latest version:
58
59 # emerge --sync
60 # emerge --ask --oneshot --verbose ">=media-gfx/imageworsener-1.3.1"
61
62 References
63 ==========
64
65 [ 1 ] CVE-2017-7452
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7452
67 [ 2 ] CVE-2017-7453
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7453
69 [ 3 ] CVE-2017-7454
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7454
71 [ 4 ] CVE-2017-7939
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7939
73 [ 5 ] CVE-2017-7940
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7940
75 [ 6 ] CVE-2017-7962
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7962
77 [ 7 ] CVE-2017-8325
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8325
79 [ 8 ] CVE-2017-8326
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8326
81 [ 9 ] CVE-2017-8327
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8327
83
84 Availability
85 ============
86
87 This GLSA and any updates to it are available for viewing at
88 the Gentoo Security Website:
89
90 https://security.gentoo.org/glsa/201706-06
91
92 Concerns?
93 =========
94
95 Security is a primary focus of Gentoo Linux and ensuring the
96 confidentiality and security of our users' machines is of utmost
97 importance to us. Any security concerns should be addressed to
98 security@g.o or alternatively, you may file a bug at
99 https://bugs.gentoo.org.
100
101 License
102 =======
103
104 Copyright 2017 Gentoo Foundation, Inc; referenced text
105 belongs to its owner(s).
106
107 The contents of this document are licensed under the
108 Creative Commons - Attribution / Share Alike license.
109
110 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups