Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:2195-1

Опубликовано: 23 дек. 2015
Источник: suse-cvrf

Описание

Security update for gdk-pixbuf

The gdk pixbuf library was updated to fix three security issues.

These security issues were fixed:

  • CVE-2015-7673: Fix some more overflows scaling a gif (bsc#948791)
  • CVE-2015-4491: Check for overflow before allocating memory when scaling (bsc#942801)
  • CVE-2015-7673: Fix an overflow and DoS when scaling TGA files (bsc#948790).
  • CVE-2015-7674: Fix overflow when scaling GIF files(bsc#948791).

Список пакетов

SUSE Linux Enterprise Desktop 12
gdk-pixbuf-lang-2.30.6-7.2
gdk-pixbuf-query-loaders-2.30.6-7.2
gdk-pixbuf-query-loaders-32bit-2.30.6-7.2
libgdk_pixbuf-2_0-0-2.30.6-7.2
libgdk_pixbuf-2_0-0-32bit-2.30.6-7.2
typelib-1_0-GdkPixbuf-2_0-2.30.6-7.2
SUSE Linux Enterprise Server 12
gdk-pixbuf-lang-2.30.6-7.2
gdk-pixbuf-query-loaders-2.30.6-7.2
gdk-pixbuf-query-loaders-32bit-2.30.6-7.2
libgdk_pixbuf-2_0-0-2.30.6-7.2
libgdk_pixbuf-2_0-0-32bit-2.30.6-7.2
typelib-1_0-GdkPixbuf-2_0-2.30.6-7.2
SUSE Linux Enterprise Server for SAP Applications 12
gdk-pixbuf-lang-2.30.6-7.2
gdk-pixbuf-query-loaders-2.30.6-7.2
gdk-pixbuf-query-loaders-32bit-2.30.6-7.2
libgdk_pixbuf-2_0-0-2.30.6-7.2
libgdk_pixbuf-2_0-0-32bit-2.30.6-7.2
typelib-1_0-GdkPixbuf-2_0-2.30.6-7.2
SUSE Linux Enterprise Software Development Kit 12
gdk-pixbuf-devel-2.30.6-7.2

Ссылки

Описание

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:gdk-pixbuf-lang-2.30.6-7.2
SUSE Linux Enterprise Desktop 12:gdk-pixbuf-query-loaders-2.30.6-7.2
SUSE Linux Enterprise Desktop 12:gdk-pixbuf-query-loaders-32bit-2.30.6-7.2
SUSE Linux Enterprise Desktop 12:libgdk_pixbuf-2_0-0-2.30.6-7.2
Ссылки

Описание

io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:gdk-pixbuf-lang-2.30.6-7.2
SUSE Linux Enterprise Desktop 12:gdk-pixbuf-query-loaders-2.30.6-7.2
SUSE Linux Enterprise Desktop 12:gdk-pixbuf-query-loaders-32bit-2.30.6-7.2
SUSE Linux Enterprise Desktop 12:libgdk_pixbuf-2_0-0-2.30.6-7.2
Ссылки

Описание

Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:gdk-pixbuf-lang-2.30.6-7.2
SUSE Linux Enterprise Desktop 12:gdk-pixbuf-query-loaders-2.30.6-7.2
SUSE Linux Enterprise Desktop 12:gdk-pixbuf-query-loaders-32bit-2.30.6-7.2
SUSE Linux Enterprise Desktop 12:libgdk_pixbuf-2_0-0-2.30.6-7.2
Ссылки