Security update for gdk-pixbuf SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1467-1 Final 1 1 2016-06-01T09:36:55Z current 2016-06-01T09:36:55Z 2016-06-01T09:36:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gdk-pixbuf This update for gdk-pixbuf fixes the following issues: - CVE-2015-7552: Fixed various overflows in image handling (boo#958963). - CVE-2015-7673: Fixed an overflow and DoS with a TGA file (boo#948790). - CVE-2015-7674: Fixed overflow when scaling a gif (boo#948791). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html E-Mail link for openSUSE-SU-2016:1467-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 gdk-pixbuf-2.31.6-4.1 gdk-pixbuf-devel-2.31.6-4.1 gdk-pixbuf-devel-32bit-2.31.6-4.1 gdk-pixbuf-lang-2.31.6-4.1 gdk-pixbuf-query-loaders-2.31.6-4.1 gdk-pixbuf-query-loaders-32bit-2.31.6-4.1 libgdk_pixbuf-2_0-0-2.31.6-4.1 libgdk_pixbuf-2_0-0-32bit-2.31.6-4.1 typelib-1_0-GdkPixbuf-2_0-2.31.6-4.1 gdk-pixbuf-2.31.6-4.1 as a component of openSUSE Leap 42.1 gdk-pixbuf-devel-2.31.6-4.1 as a component of openSUSE Leap 42.1 gdk-pixbuf-devel-32bit-2.31.6-4.1 as a component of openSUSE Leap 42.1 gdk-pixbuf-lang-2.31.6-4.1 as a component of openSUSE Leap 42.1 gdk-pixbuf-query-loaders-2.31.6-4.1 as a component of openSUSE Leap 42.1 gdk-pixbuf-query-loaders-32bit-2.31.6-4.1 as a component of openSUSE Leap 42.1 libgdk_pixbuf-2_0-0-2.31.6-4.1 as a component of openSUSE Leap 42.1 libgdk_pixbuf-2_0-0-32bit-2.31.6-4.1 as a component of openSUSE Leap 42.1 typelib-1_0-GdkPixbuf-2_0-2.31.6-4.1 as a component of openSUSE Leap 42.1 Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file. CVE-2015-7552 openSUSE Leap 42.1:gdk-pixbuf-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-devel-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-devel-32bit-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-lang-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-query-loaders-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-query-loaders-32bit-2.31.6-4.1 openSUSE Leap 42.1:libgdk_pixbuf-2_0-0-2.31.6-4.1 openSUSE Leap 42.1:libgdk_pixbuf-2_0-0-32bit-2.31.6-4.1 openSUSE Leap 42.1:typelib-1_0-GdkPixbuf-2_0-2.31.6-4.1 moderate 6 AV:N/AC:M/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html https://www.suse.com/security/cve/CVE-2015-7552.html CVE-2015-7552 https://bugzilla.suse.com/958963 SUSE Bug 958963 io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. CVE-2015-7673 openSUSE Leap 42.1:gdk-pixbuf-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-devel-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-devel-32bit-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-lang-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-query-loaders-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-query-loaders-32bit-2.31.6-4.1 openSUSE Leap 42.1:libgdk_pixbuf-2_0-0-2.31.6-4.1 openSUSE Leap 42.1:libgdk_pixbuf-2_0-0-32bit-2.31.6-4.1 openSUSE Leap 42.1:typelib-1_0-GdkPixbuf-2_0-2.31.6-4.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html https://www.suse.com/security/cve/CVE-2015-7673.html CVE-2015-7673 https://bugzilla.suse.com/948790 SUSE Bug 948790 Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. CVE-2015-7674 openSUSE Leap 42.1:gdk-pixbuf-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-devel-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-devel-32bit-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-lang-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-query-loaders-2.31.6-4.1 openSUSE Leap 42.1:gdk-pixbuf-query-loaders-32bit-2.31.6-4.1 openSUSE Leap 42.1:libgdk_pixbuf-2_0-0-2.31.6-4.1 openSUSE Leap 42.1:libgdk_pixbuf-2_0-0-32bit-2.31.6-4.1 openSUSE Leap 42.1:typelib-1_0-GdkPixbuf-2_0-2.31.6-4.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html https://www.suse.com/security/cve/CVE-2015-7674.html CVE-2015-7674 https://bugzilla.suse.com/948791 SUSE Bug 948791