USN-2918-1 Pixman vulnerabilities

Medium

Vendor

Ubuntu, Pixman

Versions Affected

• Ubuntu 14.04 LTS

Description

Pixman could be made to crash or run programs as your login if it processed specially crafted data.

Vincent LE GARREC discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, a remote attacker could cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.

Affected Products and Versions

Severity is medium unless otherwise noted.

• All versions of Cloud Foundry rootfs prior to 1.41.0

Mitigation

Users of affected versions should apply the following mitigation:

• The Cloud Foundry project recommends that Cloud Foundry deployments run with rootfs version 1.41.0 and higher.

Credit

Vincent LE GARREC

References

• <http://www.ubuntu.com/usn/usn-2918-1/&gt;
• <http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9766.html&gt;