[SECURITY] [DSA 3855-1] jbig2dec security update

ID DEBIAN:DSA-3855-1:63B87
Type debian
Reporter Debian
Modified 2017-05-18T19:21:57


Debian Security Advisory DSA-3855-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 18, 2017 https://www.debian.org/security/faq

Package : jbig2dec CVE ID : CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 Debian Bug : 860460 860787 860788

Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened.

For the stable distribution (jessie), these problems have been fixed in version 0.13-4~deb8u2.

For the unstable distribution (sid), these problems have been fixed in version 0.13-4.1.

We recommend that you upgrade your jbig2dec packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org