Ubuntu alert USN-2898-1 (gtk+2.0, gtk+3.0)
| From: | Marc Deslauriers <marc.deslauriers@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-2898-1] GTK+ vulnerability | |
| Date: | Mon, 15 Feb 2016 14:27:54 -0500 | |
| Message-ID: | <56C226BA.9050708@canonical.com> |
========================================================================== Ubuntu Security Notice USN-2898-1 February 15, 2016 gtk+2.0, gtk+3.0 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: GTK+ could be made to crash or run programs as your login if it processed a specially crafted image. Software Description: - gtk+2.0: GTK+ graphical user interface library - gtk+3.0: GTK+ graphical user interface library Details: It was discovered that GTK+ incorrectly handled certain large images. A remote attacker could use this issue to cause GTK+ applications to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libgtk2.0-0 2.24.28-1ubuntu1.1 Ubuntu 14.04 LTS: libgtk2.0-0 2.24.23-0ubuntu1.4 Ubuntu 12.04 LTS: libgtk-3-0 3.4.2-0ubuntu0.9 libgtk2.0-0 2.24.10-0ubuntu6.3 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2898-1 CVE-2013-7447 Package Information: https://launchpad.net/ubuntu/+source/gtk+2.0/2.24.28-1ubu... https://launchpad.net/ubuntu/+source/gtk+2.0/2.24.23-0ubu... https://launchpad.net/ubuntu/+source/gtk+2.0/2.24.10-0ubu... https://launchpad.net/ubuntu/+source/gtk+3.0/3.4.2-0ubunt... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...