openSUSE-SU-2016:2374-1

Опубликовано: 24 сент. 2016

Источник: suse-cvrf

Описание

Security update for gtk2

This gtk2 update to version 2.24.31 fixes the following issues:

Security issues fixed:

CVE-2013-7447: Fixed integer overflow in image handling (boo#966682).

Bugs fixed:

Changes from version 2.24.31:
- Backport many file chooser entry fixes and cleanups.
- Don't crash if invisible files are deleted.
- Bugs fixed: bgo#555087, bgo#586367, bgo#635287, bgo#640698, bgo#648419, bgo#672271, bgo#679333, bgo#687196, bgo#703220 (CVE-2013-7447), bgo#720330, bgo#729927, bgo#737777, bgo#752707, bgo#756450, bgo#765120, bgo#765193, bgo#768163, bgo#764996, bgo#769126.

GTK2 Engine and branding packages were rebuilt to match the updated gtk2 package (boo#999375).

Список пакетов

openSUSE Leap 42.1

gtk2-2.24.31-11.2

gtk2-branding-SLED-42.1-13.1

gtk2-branding-openSUSE-42.1-13.1

gtk2-branding-upstream-2.24.31-11.2

gtk2-data-2.24.31-11.2

gtk2-devel-2.24.31-11.2

gtk2-devel-32bit-2.24.31-11.2

gtk2-engine-clearlooks-2.20.2-29.3

gtk2-engine-clearlooks-32bit-2.20.2-29.3

gtk2-engine-crux-2.20.2-29.3

gtk2-engine-crux-32bit-2.20.2-29.3

gtk2-engine-glide-2.20.2-29.3

gtk2-engine-glide-32bit-2.20.2-29.3

gtk2-engine-hcengine-2.20.2-29.3

gtk2-engine-industrial-2.20.2-29.3

gtk2-engine-industrial-32bit-2.20.2-29.3

gtk2-engine-mist-2.20.2-29.3

gtk2-engine-mist-32bit-2.20.2-29.3

gtk2-engine-redmond95-2.20.2-29.3

gtk2-engine-redmond95-32bit-2.20.2-29.3

gtk2-engine-thinice-2.20.2-29.3

gtk2-engine-thinice-32bit-2.20.2-29.3

gtk2-engines-2.20.2-29.3

gtk2-engines-devel-2.20.2-29.3

gtk2-immodule-amharic-2.24.31-11.2

gtk2-immodule-amharic-32bit-2.24.31-11.2

gtk2-immodule-inuktitut-2.24.31-11.2

gtk2-immodule-inuktitut-32bit-2.24.31-11.2

gtk2-immodule-multipress-2.24.31-11.2

gtk2-immodule-multipress-32bit-2.24.31-11.2

gtk2-immodule-thai-2.24.31-11.2

gtk2-immodule-thai-32bit-2.24.31-11.2

gtk2-immodule-vietnamese-2.24.31-11.2

gtk2-immodule-vietnamese-32bit-2.24.31-11.2

gtk2-immodule-xim-2.24.31-11.2

gtk2-immodule-xim-32bit-2.24.31-11.2

gtk2-immodules-tigrigna-2.24.31-11.2

gtk2-immodules-tigrigna-32bit-2.24.31-11.2

gtk2-lang-2.24.31-11.2

gtk2-theme-clearlooks-2.20.2-29.3

gtk2-theme-crux-2.20.2-29.3

gtk2-theme-industrial-2.20.2-29.3

gtk2-theme-mist-2.20.2-29.3

gtk2-theme-redmond95-2.20.2-29.3

gtk2-theme-thinice-2.20.2-29.3

gtk2-tools-2.24.31-11.2

gtk2-tools-32bit-2.24.31-11.2

libgtk-2_0-0-2.24.31-11.2

libgtk-2_0-0-32bit-2.24.31-11.2

typelib-1_0-Gtk-2_0-2.24.31-11.2

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-09/msg00089.html
E-Mail link for openSUSE-SU-2016:2374-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.

Затронутые продукты

openSUSE Leap 42.1:gtk2-2.24.31-11.2

openSUSE Leap 42.1:gtk2-branding-SLED-42.1-13.1

openSUSE Leap 42.1:gtk2-branding-openSUSE-42.1-13.1

openSUSE Leap 42.1:gtk2-branding-upstream-2.24.31-11.2

Ссылки

https://www.suse.com/security/cve/CVE-2013-7447.html
CVE-2013-7447
https://bugzilla.suse.com/966682
SUSE Bug 966682

openSUSE-SU-2016:2374-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2013-7447

Описание

Затронутые продукты

Ссылки