USN-2722-1 GDK-PixBuf Vulnerabilities


Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected
  • libgdk-pixbuf2.0-0 2.30.7-0ubuntu1.1
Description

It was discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • Cloud Foundry Runtime: all versions of cf-release prior to 214 are vulnerable to the aforementioned CVEs.
  • Products in the PCF Suite containing cf-release 214 or earlier are vulnerable to the aforementioned CVE:
    • Elastic Runtime v1.5.5 or earlier
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry Deployments using cf-release 214 or lower upgrade to 215 or higher to resolve the aforementioned CVEs.
  • Pivotal recommends customers upgrade to the following releases in the PCF Suite:
Credit

Gustavo Grieco

References