Debian 9844 Published by

The following security updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 LTS:
DLA 1244-1: ca-certificates update
DLA 1245-1: graphicsmagick security update

Debian GNU/Linux 8 and 9:
DSA 4088-1: gdk-pixbuf security update



DLA 1244-1: ca-certificates update




Package : ca-certificates
Version : 20130119+deb7u2
Debian Bug : 858064 858539


This release does a complete update of the CA list. This includes
removing the StartCom and WoSign certificates to as they are now
untrusted by the major browser vendors.

This includes 1024-bit root certificates (#858064) and untrusted StartCom and
WoSign certificates (#858539) which have been removed, as they are deemed to
untrustworthy.

For Debian 7 "Wheezy", these problems have been fixed in version
20130119+deb7u2.

We recommend that you upgrade your ca-certificates packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1245-1: graphicsmagick security update

Package : graphicsmagick
Version : 1.3.16-1.1+deb7u17
CVE ID : CVE-2018-5685
Debian Bug : 887158


A vulnerability has been discovered in GraphicsMagick, a collection of
image processing tools, which may result in a denial of service.

CVE-2018-5685:
An infinite loop and application hang has been discovered in the
ReadBMPImage function (coders/bmp.c). Remote attackers could
leverage this vulnerability to cause a denial of service via an
image file with a crafted bit-field mask value.

For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u17.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DSA 4088-1: gdk-pixbuf security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4088-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 15, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : gdk-pixbuf
CVE ID : CVE-2017-1000422

It was discovered that multiple integer overflows in the GIF image loader
in the GDK Pixbuf library may result in denial of service and potentially
the execution of arbitrary code if a malformed image file is opened.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.31.1-2+deb8u7.

For the stable distribution (stretch), this problem has been fixed in
version 2.36.5-2+deb9u2. In addition this update provides fixes for
CVE-2017-6312, CVE-2017-6313 and CVE-2017-6314.

We recommend that you upgrade your gdk-pixbuf packages.

For the detailed security status of gdk-pixbuf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gdk-pixbuf

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/