Mageia alert MGASA-2018-0280 (gifsicle)


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2018-0280: Updated gifsicle package fixes security vulnerability 
Date:
    	       Thu, 14 Jun 2018 20:15:35 +0200
Message-ID:
    	       <20180614181535.6320BA00FF@duvel.mageia.org>
MGASA-2018-0280 - Updated gifsicle package fixes security vulnerability

Publication date: 14 Jun 2018
URL: https://advisories.mageia.org/MGASA-2018-0280.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2017-18120

Description:
Updated gifsicle package fixes security vulnerability:

A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows
a remote attacker to cause a denial-of-service attack or unspecified other
impact via a maliciously crafted file, because last_name is mishandled
(CVE-2017-18120).

References:
- https://bugs.mageia.org/show_bug.cgi?id=23134
-
https://lists.fedoraproject.org/archives/list/package-ann...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1...

SRPMS:
- 6/core/gifsicle-1.88-1.2.mga6

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2018-0280: Updated gifsicle package fixes security vulnerability
Date:		Thu, 14 Jun 2018 20:15:35 +0200
Message-ID:		<20180614181535.6320BA00FF@duvel.mageia.org>