Описание
Security update for gdk-pixbuf
This update for gdk-pixbuf fixes the following issues:
- CVE-2020-29385: Fixed an infinite loop in lzw.c in the function write_indexes (bsc#1180393).
- Fixed an integer underflow in the GIF loader (bsc#1174307).
Список пакетов
Image SLES15-SP2-SAP-Azure
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP2-SAP-BYOS-Azure
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP2-SAP-BYOS-GCE
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP2-SAP-EC2-HVM
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP2-SAP-GCE
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP3-EC2-HVM
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP3-SAP-Azure
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP3-SAP-BYOS-Azure
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP3-SAP-BYOS-GCE
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP3-SAP-EC2-HVM
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP3-SAP-GCE
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP3-SAPCAL-Azure
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP3-SAPCAL-EC2-HVM
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP3-SAPCAL-GCE
gdk-pixbuf-query-loaders-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
gdk-pixbuf-devel-2.40.0-3.3.1
gdk-pixbuf-lang-2.40.0-3.3.1
gdk-pixbuf-query-loaders-2.40.0-3.3.1
gdk-pixbuf-thumbnailer-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-2.40.0-3.3.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-3.3.1
typelib-1_0-GdkPixdata-2_0-2.40.0-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
gdk-pixbuf-query-loaders-32bit-2.40.0-3.3.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-3.3.1
Ссылки
- Link for SUSE-SU-2021:0184-1
- E-Mail link for SUSE-SU-2021:0184-1
- SUSE Security Ratings
- SUSE Bug 1174307
- SUSE Bug 1180393
- SUSE CVE CVE-2020-29385 page
Описание
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:gdk-pixbuf-query-loaders-2.40.0-3.3.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:gdk-pixbuf-query-loaders-2.40.0-3.3.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libgdk_pixbuf-2_0-0-2.40.0-3.3.1
Ссылки
- CVE-2020-29385
- SUSE Bug 1180393