Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1787-1

Опубликовано: 07 окт. 2015
Источник: suse-cvrf

Описание

Security update for gtk2

gtk2 was updated to fix two security issues.

These security issues were fixed:

  • CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, allowed remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that were mishandled during scaling (bsc#942801).
  • CVE-2015-7674: Fix overflow when scaling GIF files (bsc#948791).

This non-security issue was fixed:

  • Add the script which generates gdk-pixbuf64.loaders to the spec file (bsc#922741).

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3
gtk2-2.18.9-0.35.1
gtk2-32bit-2.18.9-0.35.1
gtk2-lang-2.18.9-0.35.1
SUSE Linux Enterprise Desktop 11 SP4
gtk2-2.18.9-0.35.1
gtk2-32bit-2.18.9-0.35.1
gtk2-lang-2.18.9-0.35.1
SUSE Linux Enterprise Server 11 SP3
gtk2-2.18.9-0.35.1
gtk2-32bit-2.18.9-0.35.1
gtk2-doc-2.18.9-0.35.1
gtk2-lang-2.18.9-0.35.1
gtk2-x86-2.18.9-0.35.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
gtk2-2.18.9-0.35.1
gtk2-32bit-2.18.9-0.35.1
gtk2-doc-2.18.9-0.35.1
gtk2-lang-2.18.9-0.35.1
gtk2-x86-2.18.9-0.35.1
SUSE Linux Enterprise Server 11 SP4
gtk2-2.18.9-0.35.1
gtk2-32bit-2.18.9-0.35.1
gtk2-doc-2.18.9-0.35.1
gtk2-lang-2.18.9-0.35.1
gtk2-x86-2.18.9-0.35.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
gtk2-2.18.9-0.35.1
gtk2-32bit-2.18.9-0.35.1
gtk2-doc-2.18.9-0.35.1
gtk2-lang-2.18.9-0.35.1
gtk2-x86-2.18.9-0.35.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
gtk2-2.18.9-0.35.1
gtk2-32bit-2.18.9-0.35.1
gtk2-doc-2.18.9-0.35.1
gtk2-lang-2.18.9-0.35.1
gtk2-x86-2.18.9-0.35.1
SUSE Linux Enterprise Software Development Kit 11 SP3
gtk2-devel-2.18.9-0.35.1
gtk2-devel-32bit-2.18.9-0.35.1
SUSE Linux Enterprise Software Development Kit 11 SP4
gtk2-devel-2.18.9-0.35.1
gtk2-devel-32bit-2.18.9-0.35.1

Ссылки

Описание

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:gtk2-2.18.9-0.35.1
SUSE Linux Enterprise Desktop 11 SP3:gtk2-32bit-2.18.9-0.35.1
SUSE Linux Enterprise Desktop 11 SP3:gtk2-lang-2.18.9-0.35.1
SUSE Linux Enterprise Desktop 11 SP4:gtk2-2.18.9-0.35.1
Ссылки

Описание

Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:gtk2-2.18.9-0.35.1
SUSE Linux Enterprise Desktop 11 SP3:gtk2-32bit-2.18.9-0.35.1
SUSE Linux Enterprise Desktop 11 SP3:gtk2-lang-2.18.9-0.35.1
SUSE Linux Enterprise Desktop 11 SP4:gtk2-2.18.9-0.35.1
Ссылки
Уязвимость SUSE-SU-2015:1787-1