USN-2918-1 Pixman vulnerabilities


Severity

Medium

Vendor

Ubuntu, Pixman

Versions Affected
  • Ubuntu 14.04 LTS
Description

Pixman could be made to crash or run programs as your login if it processed specially crafted data.

Vincent LE GARREC discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, a remote attacker could cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • All versions of Cloud Foundry rootfs prior to 1.41.0
  • All versions of Pivotal Elastic Runtime
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with rootfs version 1.41.0 and higher.
  • Upgrade Pivotal Elastic Runtime 1.5.x versions to 1.5.18 or later OR 1.6.x versions to 1.6.19 or later
Credit

Vincent LE GARREC

References