Security update for imlib2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1330-1 Final 1 1 2016-05-18T09:06:40Z current 2016-05-18T09:06:40Z 2016-05-18T09:06:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for imlib2 This imlib2 update to version 1.4.9 fixes the following issues: Security issues fixed: - CVE-2011-5326: divide by 0 when drawing an ellipse of height 1 (boo#974202) - CVE-2014-9762: segmentation fault on images without colormap (boo#963796) - CVE-2014-9764: segmentation fault when opening specifically crafted input (boo#963797) - CVE-2014-9763: division-by-zero crashes when opening images (boo#963800) - CVE-2014-9771: exploitable integer overflow in _imlib_SaveImage (boo#974854) - CVE-2016-3994: imlib2/evas Potential DOS in giflib loader (boo#973759) - CVE-2016-3993: off by 1 Potential DOS (boo#973761) - CVE-2016-4024: integer overflow resulting in insufficient heap allocation (boo#975703) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html E-Mail link for openSUSE-SU-2016:1330-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 imlib2-1.4.9-17.4.1 imlib2-debuginfo-1.4.9-17.4.1 imlib2-debugsource-1.4.9-17.4.1 imlib2-devel-1.4.9-17.4.1 imlib2-filters-1.4.9-17.4.1 imlib2-filters-debuginfo-1.4.9-17.4.1 imlib2-loaders-1.4.9-17.4.1 imlib2-loaders-debuginfo-1.4.9-17.4.1 libImlib2-1-1.4.9-17.4.1 libImlib2-1-debuginfo-1.4.9-17.4.1 imlib2-1.4.9-17.4.1 as a component of openSUSE 13.2 imlib2-debuginfo-1.4.9-17.4.1 as a component of openSUSE 13.2 imlib2-debugsource-1.4.9-17.4.1 as a component of openSUSE 13.2 imlib2-devel-1.4.9-17.4.1 as a component of openSUSE 13.2 imlib2-filters-1.4.9-17.4.1 as a component of openSUSE 13.2 imlib2-filters-debuginfo-1.4.9-17.4.1 as a component of openSUSE 13.2 imlib2-loaders-1.4.9-17.4.1 as a component of openSUSE 13.2 imlib2-loaders-debuginfo-1.4.9-17.4.1 as a component of openSUSE 13.2 libImlib2-1-1.4.9-17.4.1 as a component of openSUSE 13.2 libImlib2-1-debuginfo-1.4.9-17.4.1 as a component of openSUSE 13.2 imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse. CVE-2011-5326 openSUSE 13.2:imlib2-1.4.9-17.4.1 openSUSE 13.2:imlib2-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-debugsource-1.4.9-17.4.1 openSUSE 13.2:imlib2-devel-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-debuginfo-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-debuginfo-1.4.9-17.4.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html https://www.suse.com/security/cve/CVE-2011-5326.html CVE-2011-5326 https://bugzilla.suse.com/974202 SUSE Bug 974202 imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap. CVE-2014-9762 openSUSE 13.2:imlib2-1.4.9-17.4.1 openSUSE 13.2:imlib2-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-debugsource-1.4.9-17.4.1 openSUSE 13.2:imlib2-devel-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-debuginfo-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-debuginfo-1.4.9-17.4.1 low Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html https://www.suse.com/security/cve/CVE-2014-9762.html CVE-2014-9762 https://bugzilla.suse.com/963796 SUSE Bug 963796 https://bugzilla.suse.com/963797 SUSE Bug 963797 https://bugzilla.suse.com/963800 SUSE Bug 963800 imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file. CVE-2014-9763 openSUSE 13.2:imlib2-1.4.9-17.4.1 openSUSE 13.2:imlib2-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-debugsource-1.4.9-17.4.1 openSUSE 13.2:imlib2-devel-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-debuginfo-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-debuginfo-1.4.9-17.4.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html https://www.suse.com/security/cve/CVE-2014-9763.html CVE-2014-9763 https://bugzilla.suse.com/963796 SUSE Bug 963796 https://bugzilla.suse.com/963797 SUSE Bug 963797 https://bugzilla.suse.com/963800 SUSE Bug 963800 imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file. CVE-2014-9764 openSUSE 13.2:imlib2-1.4.9-17.4.1 openSUSE 13.2:imlib2-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-debugsource-1.4.9-17.4.1 openSUSE 13.2:imlib2-devel-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-debuginfo-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-debuginfo-1.4.9-17.4.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html https://www.suse.com/security/cve/CVE-2014-9764.html CVE-2014-9764 https://bugzilla.suse.com/963796 SUSE Bug 963796 https://bugzilla.suse.com/963797 SUSE Bug 963797 https://bugzilla.suse.com/963800 SUSE Bug 963800 Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation. CVE-2014-9771 openSUSE 13.2:imlib2-1.4.9-17.4.1 openSUSE 13.2:imlib2-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-debugsource-1.4.9-17.4.1 openSUSE 13.2:imlib2-devel-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-debuginfo-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-debuginfo-1.4.9-17.4.1 moderate 4.9 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html https://www.suse.com/security/cve/CVE-2014-9771.html CVE-2014-9771 https://bugzilla.suse.com/974854 SUSE Bug 974854 Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates. CVE-2016-3993 openSUSE 13.2:imlib2-1.4.9-17.4.1 openSUSE 13.2:imlib2-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-debugsource-1.4.9-17.4.1 openSUSE 13.2:imlib2-devel-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-debuginfo-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-debuginfo-1.4.9-17.4.1 moderate 4.9 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html https://www.suse.com/security/cve/CVE-2016-3993.html CVE-2016-3993 https://bugzilla.suse.com/973761 SUSE Bug 973761 The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read. CVE-2016-3994 openSUSE 13.2:imlib2-1.4.9-17.4.1 openSUSE 13.2:imlib2-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-debugsource-1.4.9-17.4.1 openSUSE 13.2:imlib2-devel-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-debuginfo-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-debuginfo-1.4.9-17.4.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html https://www.suse.com/security/cve/CVE-2016-3994.html CVE-2016-3994 https://bugzilla.suse.com/973759 SUSE Bug 973759 https://bugzilla.suse.com/974879 SUSE Bug 974879 Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation. CVE-2016-4024 openSUSE 13.2:imlib2-1.4.9-17.4.1 openSUSE 13.2:imlib2-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-debugsource-1.4.9-17.4.1 openSUSE 13.2:imlib2-devel-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-1.4.9-17.4.1 openSUSE 13.2:imlib2-filters-debuginfo-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-1.4.9-17.4.1 openSUSE 13.2:imlib2-loaders-debuginfo-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-1.4.9-17.4.1 openSUSE 13.2:libImlib2-1-debuginfo-1.4.9-17.4.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html https://www.suse.com/security/cve/CVE-2016-4024.html CVE-2016-4024 https://bugzilla.suse.com/975703 SUSE Bug 975703