SUSE-SU-2024:2076-1

Опубликовано: 19 июн. 2024

Источник: suse-cvrf

Описание

Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues:

gdk-pixbuf was updated to version 2.42.12:

Security issues fixed:
- CVE-2022-48622: Fixed vulnerability where a crafted .ani file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack to a denial of service or code execution attack (bsc#1219276)
Changes in version 2.42.12:
- ani: Reject files with multiple INA or IART chunks,
- ani: validate chunk size,
- Updated translations.
Enable other image loaders such as xpm and xbm (bsc#1223903)
Changes in version 2.42.11:
- Disable fringe loaders by default.
- Introspection fixes.
- Updated translations.
Changes in version 2.42.10:
- Search for rst2man.py.
- Update the memory size limit for JPEG images.
- Updated translations.
Fixed loading of larger images
Avoid Bash specific syntax in baselibs postscript (bsc#1195391)

Список пакетов

Image SLES15-SP6-Hardened-BYOS

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-Hardened-BYOS-Azure

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-Hardened-BYOS-EC2

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-Hardened-BYOS-GCE

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-Azure

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-BYOS

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-BYOS-Azure

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-BYOS-EC2

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-BYOS-GCE

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-EC2

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-GCE

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-Hardened

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-Hardened-Azure

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-Hardened-BYOS

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-Hardened-EC2

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAP-Hardened-GCE

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAPCAL

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAPCAL-Azure

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAPCAL-EC2

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-SAPCAL-GCE

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

gdk-pixbuf-devel-2.42.12-150600.3.3.1

gdk-pixbuf-lang-2.42.12-150600.3.3.1

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.3.1

gdk-pixbuf-thumbnailer-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.3.1

typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.3.1

typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.3.1

openSUSE Leap 15.6

gdk-pixbuf-devel-2.42.12-150600.3.3.1

gdk-pixbuf-devel-32bit-2.42.12-150600.3.3.1

gdk-pixbuf-lang-2.42.12-150600.3.3.1

gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.3.1

gdk-pixbuf-thumbnailer-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.3.1

typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.3.1

typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242076-1/
Link for SUSE-SU-2024:2076-1
https://lists.suse.com/pipermail/sle-updates/2024-June/035644.html
E-Mail link for SUSE-SU-2024:2076-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1195391
SUSE Bug 1195391
https://bugzilla.suse.com/1219276
SUSE Bug 1219276
https://bugzilla.suse.com/1223903
SUSE Bug 1223903
https://www.suse.com/security/cve/CVE-2022-48622/
SUSE CVE CVE-2022-48622 page

Описание

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

Затронутые продукты

Image SLES15-SP6-Hardened-BYOS-Azure:gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

Image SLES15-SP6-Hardened-BYOS-Azure:libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Image SLES15-SP6-Hardened-BYOS-EC2:gdk-pixbuf-query-loaders-2.42.12-150600.3.3.1

Image SLES15-SP6-Hardened-BYOS-EC2:libgdk_pixbuf-2_0-0-2.42.12-150600.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-48622.html
CVE-2022-48622
https://bugzilla.suse.com/1219276
SUSE Bug 1219276
https://bugzilla.suse.com/1220293
SUSE Bug 1220293

SUSE-SU-2024:2076-1

Описание

Список пакетов

Image SLES15-SP6-Hardened-BYOS

Image SLES15-SP6-Hardened-BYOS-Azure

Image SLES15-SP6-Hardened-BYOS-EC2

Image SLES15-SP6-Hardened-BYOS-GCE

Image SLES15-SP6-SAP

Image SLES15-SP6-SAP-Azure

Image SLES15-SP6-SAP-Azure-LI-BYOS

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

Image SLES15-SP6-SAP-Azure-VLI-BYOS

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP6-SAP-BYOS

Image SLES15-SP6-SAP-BYOS-Azure

Image SLES15-SP6-SAP-BYOS-EC2

Image SLES15-SP6-SAP-BYOS-GCE

Image SLES15-SP6-SAP-EC2

Image SLES15-SP6-SAP-GCE

Image SLES15-SP6-SAP-Hardened

Image SLES15-SP6-SAP-Hardened-Azure

Image SLES15-SP6-SAP-Hardened-BYOS

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

Image SLES15-SP6-SAP-Hardened-EC2

Image SLES15-SP6-SAP-Hardened-GCE

Image SLES15-SP6-SAPCAL

Image SLES15-SP6-SAPCAL-Azure

Image SLES15-SP6-SAPCAL-EC2

Image SLES15-SP6-SAPCAL-GCE

SUSE Linux Enterprise Module for Basesystem 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2022-48622

Описание

Затронутые продукты

Ссылки