Описание
Security update for gtk2
This update for gtk2 provides the following fixes:
These security issues were fixed:
- CVE-2017-6312: Prevent integer overflow that allowed context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file (bsc#1027026).
- CVE-2017-6314: The make_available_at_least function allowed context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file (bsc#1027025).
- CVE-2017-6313: Prevent integer underflow in the load_resources function that allowed context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file (bsc#1027024).
- CVE-2017-2862: Prevent heap overflow in the gdk_pixbuf__jpeg_image_load_increment function. A specially crafted jpeg file could have caused a heap overflow resulting in remote code execution (bsc#1048289)
- CVE-2017-2870: Prevent integer overflow in the tiff_image_parse functionality. A specially crafted tiff file could have caused a heap-overflow resulting in remote code execution (bsc#1048544).
This non-security issue was fixed:
- Prevent an infinite loop when a window is destroyed while traversed (bsc#1039465).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2018:2470-1
- E-Mail link for SUSE-SU-2018:2470-1
- SUSE Security Ratings
- SUSE Bug 1027024
- SUSE Bug 1027025
- SUSE Bug 1027026
- SUSE Bug 1039465
- SUSE Bug 1048289
- SUSE Bug 1048544
- SUSE CVE CVE-2017-2862 page
- SUSE CVE CVE-2017-2870 page
- SUSE CVE CVE-2017-6312 page
- SUSE CVE CVE-2017-6313 page
- SUSE CVE CVE-2017-6314 page
Описание
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2862
- SUSE Bug 1048289
Описание
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2870
- SUSE Bug 1048289
- SUSE Bug 1048544
Описание
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
Затронутые продукты
Ссылки
- CVE-2017-6312
- SUSE Bug 1027024
- SUSE Bug 1027026
Описание
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
Затронутые продукты
Ссылки
- CVE-2017-6313
- SUSE Bug 1027024
Описание
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
Затронутые продукты
Ссылки
- CVE-2017-6314
- SUSE Bug 1027024
- SUSE Bug 1027025