Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.announce.security > #4772

[SECURITY] [DSA 6206-1] gdk-pixbuf security update

Path csiph.com!news.samoylyk.net!gothmog.csi.it!bofh.it!news.nic.it!robomod
From Salvatore Bonaccorso <carnil@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6206-1] gdk-pixbuf security update
Date Sat, 11 Apr 2026 21:10:02 +0200
Message-ID <MILSq-eoYe-7@gated-at.bofh.it> (permalink)
X-Mailbox-Line From debian-security-announce-request@lists.debian.org Sat Apr 11 19:00:57 2026
Old-Return-Path <carnil@seger.debian.org>
X-Amavis-Spam-Status No, score=-113.43 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIMWL_WL_HIGH=-0.54, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02, LDO_WHITELIST=-5, MONEY=0.5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_MED=-2.3, STOCKLIKE=1, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no
Old-Dkim-Signature v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=jUXb6PG0A8uO4fcJrVfDgPl0HNH6YE+BRGm8+JGGWj0=; b=EQ Y8Grrh2aV8h8wj5SnnRs/I0IjSAKIEnRxlcLqOqogXqUI0mJuO21IHsorqVoZbghVceKQjH4rqPEl 5jFmrTnn6Qe+y0r8YFXb4GRgqxeNhD3aWWlGWVMkwadEKaU9DxA2/E68SZVrGpJK4WIVcf8r5ypO5 UVati/rMm91hy7FUMKvjE3czFYOlzV4tC9xFUheTRKByBUZlSzzaAp9ERujqiqbsTskDI6vLC100w V18P+w3KkGmscp4gpregsIMkN9wN3/ldAQ390wliMXHMwf73y+yMXiIzbcEsZsqjqUqGcgmWjUQNB 5l8w98b6g1Hr1Gi0zilGMT0JlR56zSFA==;
X-Debian PGP check passed for security officers
Priority urgent
Reply-To debian-security-announce-request@lists.debian.org
X-Mailing-List <debian-security-announce@lists.debian.org> archive/latest/5130
List-ID <debian-security-announce.lists.debian.org>
List-URL <http://lists.debian.org/debian-security-announce/>
List-Archive https://lists.debian.org/msgid-search/E1wBdYu-0000000Eu3m-3V1E@seger.debian.org
Approved robomod@news.nic.it
Lines 53
Organization linux.* mail to news gateway
Sender robomod@news.nic.it
X-Original-Date Sat, 11 Apr 2026 19:00:08 +0000
X-Original-Message-ID <E1wBdYu-0000000Eu3m-3V1E@seger.debian.org>
Xref csiph.com linux.debian.announce.security:4772

Show key headers only | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6206-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 11, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gdk-pixbuf
CVE ID         : CVE-2026-5201
Debian Bug     : 1132501

It was discovered that gdk-pixbuf, the GDK Pixbuf library, does not
properly validate color component counts in the JPEG image loader, which
may result in the execution of arbitrary code or denial of service if
specially crafted JPEG images are processed.

For the oldstable distribution (bookworm), this problem has been fixed
in version 2.42.10+dfsg-1+deb12u4.

For the stable distribution (trixie), this problem has been fixed in
version 2.42.12+dfsg-4+deb13u1.

We recommend that you upgrade your gdk-pixbuf packages.

For the detailed security status of gdk-pixbuf please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/gdk-pixbuf

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmnamhFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RsgA//XfkyRiBkvW/XYOD5qFXWwNWcfABQILkp/N0ED8m+xKFk/BYuXSrSUABJ
wCJYBF3WZtddlv+6pk1bemEMC+fjRWQuffob1vSq9nk6jBJdhdOvADc5CHEuO19h
9O0YMBDA+NpyvUTYqJrEiBai/fcnoGKgR7goPnUNwRDkxzC/h04RloDwF0cLwI0A
9OCnTJhcNS+/7w3mJOkddac8OLLzqJwIPjVMuu8kYCGe6p3azyVJvLwkQGHecaaH
sb6jIqe1NbzPCqbtTJHS8eChAeoZkR2VHlQunCoKB0NN7pkMPv71Dl386/4Do26W
o+IJYA/gfuTK1mXNoat8pvKR4q5DJ9yeqxOLhVvxLYW5XC64VzhvdQeMH6GWAFxc
9M42INAI6n6SDB3RhUsgrak7q2ilbsWYhRFjucXfXw9TJ9EICwoAsBKT2g99n8Jw
bn4CGIKS7NvtrDLANXADUz8gLzxCXTP376WCyAzESc/gFcEakNXaOCqJXK+C9Wsn
eAcl9k185whC6z/prn67JprMZ9T+vLDPEqS2W63o3LOATI3yPZt1IA/DJyOAqPhx
Zf63hMtq+50FoUap1GPfAv5NeWqkXtt9GEtxHcSohwXJaAkLWPlxIReSuQqd7Xi8
6NNcmouXSYA+R6/1kXmH6W5RBKWVUyFMcu0Ujst0IAVJ3FLXYCM=
=vPoB
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6206-1] gdk-pixbuf security update Salvatore Bonaccorso <carnil@debian.org> - 2026-04-11 21:10 +0200

csiph-web