Lucene search

DebianDEBIAN:DSA-4084-1:4BC6B

HistoryJan 12, 2018 - 12:21 p.m.

[SECURITY] [DSA 4084-1] gifsicle security update

2018-01-1212:21:12

lists.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.003

Percentile

71.8%

JSON

Debian Security Advisory DSA-4084-1 [email protected]
https://www.debian.org/security/ Sebastien Delafond
January 12, 2018 https://www.debian.org/security/faq

Package : gifsicle
CVE ID : CVE-2017-1000421

It was discovered that gifsicle, a tool for manipulating GIF image
files, contained a flaw that could lead to arbitrary code execution.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.86-1+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 1.88-3+deb9u1.

We recommend that you upgrade your gifsicle packages.

For the detailed security status of gifsicle please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gifsicle

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7amd64gifsicle< 1.67-1.1~deb7u1gifsicle_1.67-1.1~deb7u1_amd64.deb
Debian9amd64gifsicle< 1.88-3+deb9u1gifsicle_1.88-3+deb9u1_amd64.deb
Debian8powerpcgifsicle< 1.86-1+deb8u1gifsicle_1.86-1+deb8u1_powerpc.deb
Debian9mipsgifsicle-dbgsym< 1.88-3+deb9u1gifsicle-dbgsym_1.88-3+deb9u1_mips.deb
Debian9mipselgifsicle-dbgsym< 1.88-3+deb9u1gifsicle-dbgsym_1.88-3+deb9u1_mipsel.deb
Debian8arm64gifsicle< 1.86-1+deb8u1gifsicle_1.86-1+deb8u1_arm64.deb
Debian8allgifsicle< 1.86-1+deb8u1gifsicle_1.86-1+deb8u1_all.deb
Debian9armelgifsicle< 1.88-3+deb9u1gifsicle_1.88-3+deb9u1_armel.deb
Debian9mipsgifsicle< 1.88-3+deb9u1gifsicle_1.88-3+deb9u1_mips.deb
Debian9arm64gifsicle< 1.88-3+deb9u1gifsicle_1.88-3+deb9u1_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	amd64	gifsicle	< 1.67-1.1~deb7u1	gifsicle_1.67-1.1~deb7u1_amd64.deb
Debian	9	amd64	gifsicle	< 1.88-3+deb9u1	gifsicle_1.88-3+deb9u1_amd64.deb
Debian	8	powerpc	gifsicle	< 1.86-1+deb8u1	gifsicle_1.86-1+deb8u1_powerpc.deb
Debian	9	mips	gifsicle-dbgsym	< 1.88-3+deb9u1	gifsicle-dbgsym_1.88-3+deb9u1_mips.deb
Debian	9	mipsel	gifsicle-dbgsym	< 1.88-3+deb9u1	gifsicle-dbgsym_1.88-3+deb9u1_mipsel.deb
Debian	8	arm64	gifsicle	< 1.86-1+deb8u1	gifsicle_1.86-1+deb8u1_arm64.deb
Debian	8	all	gifsicle	< 1.86-1+deb8u1	gifsicle_1.86-1+deb8u1_all.deb
Debian	9	armel	gifsicle	< 1.88-3+deb9u1	gifsicle_1.88-3+deb9u1_armel.deb
Debian	9	mips	gifsicle	< 1.88-3+deb9u1	gifsicle_1.88-3+deb9u1_mips.deb
Debian	9	arm64	gifsicle	< 1.88-3+deb9u1	gifsicle_1.88-3+deb9u1_arm64.deb