USN-6806-1: GDK-PixBuf vulnerability

VMware Tanzu Application Service for VMs

1 more products

24750

22 August 2024

22 August 2024

CLOSED

MEDIUM

CVE-2022-48622

Severity

medium

Vendor

VMware Tanzu

Versions Affected

  • Cflinuxfs3
  • Cflinuxfs4

Description

Pedro Ribeiro and Vitor Pedreira discovered that the GDK-PixBuf library did not properly handle certain ANI files. An attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or to possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6806-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-gdkpixbuf-2.0 - 2.32.2-1ubuntu1.6+esm1 libgdk-pixbuf2.0-0 - 2.32.2-1ubuntu1.6+esm1 libgdk-pixbuf2.0-common - 2.32.2-1ubuntu1.6+esm1 libgdk-pixbuf2.0-dev - 2.32.2-1ubuntu1.6+esm1 libgdk-pixbuf2.0-doc - 2.32.2-1ubuntu1.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro.

Fixed VMware Products and Versions

  • Cflinuxfs3
    • 0.389.0 or greater
  • Cflinuxfs4
    • 1.99.0 or greater
  • Tanzu Greenlum for Kubernetes
    • 2.0.0 or greater
  • CF Deployment           
    • 41.0.0 or greater

References

https://ubuntu.com/security/notices/USN-6806-1

https://www.cloudfoundry.org/blog/usn-6806-1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6806-1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24750

History

2024-06-05: Initial vulnerability report published.