Описание
Security update for gdk-pixbuf
gdk-pixbuf was updated to 2.32.3 to fix the following issues:
Update to version 2.32.3:
- Fix two crashes in the bmp loader (bgo#747605, bgo#758991)
- ico: integer overflow fixes
- Avoid some integer overflow possibilities in scaling code
- Make relocations optional
- Fix a crash due to overflow when scaling
- Drop loaders for some rare image formats: wbmp, ras, pcx
- Prevent testsuite failures due to lack of memory
- Fix animation loading (bgo#755269)
- More overflow fixes in the scaling code (bgo#754387)
- Fix a crash in the tga loader
- Fix several integer overflows (bgo#753908, bgo#753569)
- Port animations to GTask
- Translation updates
- Add fixes for some crashes, taken from upstream git (boo#988745 boo#991450 CVE-2016-6352):
Список пакетов
openSUSE Leap 42.1
gdk-pixbuf-2.32.3-8.1
gdk-pixbuf-devel-2.32.3-8.1
gdk-pixbuf-devel-32bit-2.32.3-8.1
gdk-pixbuf-lang-2.32.3-8.1
gdk-pixbuf-query-loaders-2.32.3-8.1
gdk-pixbuf-query-loaders-32bit-2.32.3-8.1
libgdk_pixbuf-2_0-0-2.32.3-8.1
libgdk_pixbuf-2_0-0-32bit-2.32.3-8.1
typelib-1_0-GdkPixbuf-2_0-2.32.3-8.1
Ссылки
- E-Mail link for openSUSE-SU-2016:2276-1
- SUSE Security Ratings
Описание
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
Затронутые продукты
openSUSE Leap 42.1:gdk-pixbuf-2.32.3-8.1
openSUSE Leap 42.1:gdk-pixbuf-devel-2.32.3-8.1
openSUSE Leap 42.1:gdk-pixbuf-devel-32bit-2.32.3-8.1
openSUSE Leap 42.1:gdk-pixbuf-lang-2.32.3-8.1
Ссылки
- CVE-2016-6352
- SUSE Bug 1027024
- SUSE Bug 991450