Operating System:

[Debian]

Published:

27 April 2020

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2020.1443 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.1443
                            eog security update
                               27 April 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           eog
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Denial of Service -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-6855  

Reference:         ASB-2017.0219

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/04/msg00018.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : eog
Version        : 3.14.1-1+deb8u1
CVE ID         : CVE-2016-6855


It was discovered that eog (Eye of GNOME) incorrectly handled certain 
invalid UTF-8 strings. If a user were tricked into opening a 
specially-crafted image, a remote attacker could use this issue to cause 
Eye of GNOME to crash, resulting in a denial of service, or possibly 
execute arbitrary code.


For Debian 8 "Jessie", this problem has been fixed in version 
3.14.1-1+deb8u1.

We recommend that you upgrade your eog packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl6kpT1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdpcA//QDGpVCHhFRN9ydMbrkYgLpMtNN3atD6Y2yDSLUCk0oVJYWH1jOSLedcc
yOZKVSWkmmw8IWO0SNyKseS6i6Qo1n6RE2IaEadiewnp+8m78kMBAdjjvzfnlEKi
pjnSKMGVBqDafMwGLx7fuaM/o6AZD1LyZQ3f+yl/MvXjg+EXfweacbF/a1smV6l5
dfi9hywmnhZvdIZEdyB3Clit7sbjJpYCUSCAnGPgNIviVoaIe2PAUC0NMhPGpoS0
Fhsh2Hshe4+R1BwuEJeXWMWlIJzRJn7b5xE4Bcf3A8mZaKkytzfUoMDqBqu4wYDk
eRHNs+4ydMtr0XPDtpizCelkdwxMf42Rh6CSEuwbmL+cBDAA1JUC0ssMpzjrbcP+
nXDUiuG1zHVvRdy9/8oNt/+/ftKH3iHRFXwyB6/Pk4PKZP9IYL6oYyKyvAYwL3mz
NQ59d7rNpbZy5FOXcZkqf6cezHSuZIheu5jjCINQxwPovoCHO+kx11p2A07clJBQ
RGaVnVJpr8NqzkI72t6WMWRxhHL1x/4VffHriWWL7P3u0FsidjqGmFPK540OTGFm
Cw7PJShP06ff90GHx91cQnDU5DPo6OfYDmDbgUXyvOPXmS0YD/yPbM2CRZaQJOuC
e0fQ6Cc+euji29DVAGyGgu2ZiTpnE0kPMXRxEHnxSXlRGPkDkT0=
=/iyO
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXqZplmaOgq3Tt24GAQi6kw//cshQiEuy6G+oZPFAVW7RtOXoi1A2T9Q+
RsYuFzkra0CdPkUMZdQM4EUk+gd2F0k9kaqFPfXZmQBILYkq6KVMF7vG8Y+bcL+s
VEk8SBXxM/C8VAtmRcCKTWu6Ec1OOriHMXStRAFxUTsr1T4twv6RqT2/PbE9iFln
tmfrchLJ6M8wdIFaUTegiMcYXWKSKHTy6srOY5GUY/zoubGiSHjRtMFPKnQYNgsI
QL9RZforMYXfJn2OTvpVD4XzG7lnuXNHCE5JK2AMZgC8BoFdJia10vpx8nQpGGlb
QfMS9/05EK8EucFe6c5mnppi8j0+OHucxPP0swIYGlcPxf5Til/a/UtGeh1aveKx
LSJreYDXWizjsEdFl98TgYrhKqWFCTadiIA0vUHCExT7hhp1p47TtTBFfrec0Bp4
03LZdH/SjKLFFVeI8YzNeFtr0FENC0dkfVe+ym8HlB4/254XHJYXKzX8r5Ht0P9o
6Siqy9bRJ6nkmd31pUDgnKapGxnidBCqJAiM8YS+kSShPHFzLb9C1s+apFemNLVh
k7pU1q5J+lsfvGPIEcB+N2qCtGygIDv1bcy49APZHIZXNX9RzpYQ95ijMlRbhBNC
xkh3QdMKQI5TpX3XRYJuzUQcwtI7fF9jD+dksstD7dBiro7bMyCcn/0t/aGyfPQx
iKKdIOEFpUk=
=v2P1
-----END PGP SIGNATURE-----