Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:2532-1

Опубликовано: 13 окт. 2016
Источник: suse-cvrf

Описание

Security update for gtk2

This update for gtk2 fixes the following security issues:

  • CVE-2016-6352: Some crashes were fixed, including a out of bounds write in the OneLine32() function that could be used by attackers to crash GTK/GDK programs.
  • CVE-2013-7447: Avoid overflow when allocating a cairo pixbuf (bsc#966682).

Список пакетов

SUSE Linux Enterprise Server 11 SP4
gtk2-2.18.9-0.44.1
gtk2-32bit-2.18.9-0.44.1
gtk2-doc-2.18.9-0.44.1
gtk2-lang-2.18.9-0.44.1
gtk2-x86-2.18.9-0.44.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
gtk2-2.18.9-0.44.1
gtk2-32bit-2.18.9-0.44.1
gtk2-doc-2.18.9-0.44.1
gtk2-lang-2.18.9-0.44.1
gtk2-x86-2.18.9-0.44.1
SUSE Linux Enterprise Software Development Kit 11 SP4
gtk2-devel-2.18.9-0.44.1
gtk2-devel-32bit-2.18.9-0.44.1

Ссылки

Описание

Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:gtk2-2.18.9-0.44.1
SUSE Linux Enterprise Server 11 SP4:gtk2-32bit-2.18.9-0.44.1
SUSE Linux Enterprise Server 11 SP4:gtk2-doc-2.18.9-0.44.1
SUSE Linux Enterprise Server 11 SP4:gtk2-lang-2.18.9-0.44.1
Ссылки

Описание

The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:gtk2-2.18.9-0.44.1
SUSE Linux Enterprise Server 11 SP4:gtk2-32bit-2.18.9-0.44.1
SUSE Linux Enterprise Server 11 SP4:gtk2-doc-2.18.9-0.44.1
SUSE Linux Enterprise Server 11 SP4:gtk2-lang-2.18.9-0.44.1
Ссылки
Уязвимость SUSE-SU-2016:2532-1