Security update for gdk-pixbuf SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1500-1 Final 1 1 2015-08-28T13:26:57Z current 2015-08-28T13:26:57Z 2015-08-28T13:26:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gdk-pixbuf gdk-pixbuf was updated to version 2.31.6 to fix a secuirty vulnerability and several bugs. - Update to version 2.31.6 (boo#942801): + Really fix bgo#752297. This is CVE-2015-4491. + Updated translations. - Update to version 2.31.5: + Add support for g_autoptr for all object types (bgo#750497). + Avoid a possible divide-by-zero in the pixbuf loader (bgo#750440). + Remove gettext .pot file hack (bgo#743574). + Be more careful about integer overflow (bgo#752297). + Updated translations. - Drop README from docs as it is now empty. - Add generic www.gnome.org URL to silence a few lint warnings. - Update to version 2.31.4: + SVGZ icons in notification GNOME3 (bgo#648815). + gdk_pixbuf_apply_embedded_orientation is not working (bgo#725582). + Updated translations. - Update to version 2.31.3: + API changes: Revert an annotation change that broke bindings. + Build fixes: - Clean up configure - Fix Visual Studio build - Define MAP_ANONYMOUS when needed - Include gi18n-lib.h where needed + Updated translations. - Update to version 2.31.2: + API changes: - Deprecate GdkPixdata. - Add gdk_pixbuf_get_options() helper to list set options. - Annotations fixes for various functions. - Remove incorrect info about area-prepared signal. + Image format support changes: - Flag multi-page TIFF files. - Fix memory usage for GIF animations, add note about minimum frame length. - Return an error for truncated PNG files. - Add density (DPI) support for JPEG, PNG and TIFF. - Fix reading CMYK JPEG files generated by Photoshop. - Allow saving 1-bit mono TIFF files as used in faxes. - Simplify loader names. - Fix loading GIF files when the first write is short. - Add progressive loading to ICNS files. - Add support for 256x256 ICO files. - Fix reading MS AMCap2 BMP files. + Other: - Honour requested depth in Xlib. - Special-case compositing/copying with no scaling. - Add relocation support to OSX and Linux. - Prefer gdk-pixbuf's loaders to the GDI+ ones on Windows. - fix bashism in post script The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html E-Mail link for openSUSE-SU-2015:1500-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 gdk-pixbuf-2.31.6-3.1 gdk-pixbuf-debugsource-2.31.6-3.1 gdk-pixbuf-devel-2.31.6-3.1 gdk-pixbuf-devel-32bit-2.31.6-3.1 gdk-pixbuf-devel-debuginfo-2.31.6-3.1 gdk-pixbuf-devel-debuginfo-32bit-2.31.6-3.1 gdk-pixbuf-lang-2.31.6-3.1 gdk-pixbuf-query-loaders-2.31.6-3.1 gdk-pixbuf-query-loaders-32bit-2.31.6-3.1 gdk-pixbuf-query-loaders-debuginfo-2.31.6-3.1 gdk-pixbuf-query-loaders-debuginfo-32bit-2.31.6-3.1 libgdk_pixbuf-2_0-0-2.31.6-3.1 libgdk_pixbuf-2_0-0-32bit-2.31.6-3.1 libgdk_pixbuf-2_0-0-debuginfo-2.31.6-3.1 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.31.6-3.1 typelib-1_0-GdkPixbuf-2_0-2.31.6-3.1 gdk-pixbuf-2.31.6-3.1 as a component of openSUSE 13.2 gdk-pixbuf-debugsource-2.31.6-3.1 as a component of openSUSE 13.2 gdk-pixbuf-devel-2.31.6-3.1 as a component of openSUSE 13.2 gdk-pixbuf-devel-32bit-2.31.6-3.1 as a component of openSUSE 13.2 gdk-pixbuf-devel-debuginfo-2.31.6-3.1 as a component of openSUSE 13.2 gdk-pixbuf-devel-debuginfo-32bit-2.31.6-3.1 as a component of openSUSE 13.2 gdk-pixbuf-lang-2.31.6-3.1 as a component of openSUSE 13.2 gdk-pixbuf-query-loaders-2.31.6-3.1 as a component of openSUSE 13.2 gdk-pixbuf-query-loaders-32bit-2.31.6-3.1 as a component of openSUSE 13.2 gdk-pixbuf-query-loaders-debuginfo-2.31.6-3.1 as a component of openSUSE 13.2 gdk-pixbuf-query-loaders-debuginfo-32bit-2.31.6-3.1 as a component of openSUSE 13.2 libgdk_pixbuf-2_0-0-2.31.6-3.1 as a component of openSUSE 13.2 libgdk_pixbuf-2_0-0-32bit-2.31.6-3.1 as a component of openSUSE 13.2 libgdk_pixbuf-2_0-0-debuginfo-2.31.6-3.1 as a component of openSUSE 13.2 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.31.6-3.1 as a component of openSUSE 13.2 typelib-1_0-GdkPixbuf-2_0-2.31.6-3.1 as a component of openSUSE 13.2 Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. CVE-2015-4491 openSUSE 13.2:gdk-pixbuf-2.31.6-3.1 openSUSE 13.2:gdk-pixbuf-debugsource-2.31.6-3.1 openSUSE 13.2:gdk-pixbuf-devel-2.31.6-3.1 openSUSE 13.2:gdk-pixbuf-devel-32bit-2.31.6-3.1 openSUSE 13.2:gdk-pixbuf-devel-debuginfo-2.31.6-3.1 openSUSE 13.2:gdk-pixbuf-devel-debuginfo-32bit-2.31.6-3.1 openSUSE 13.2:gdk-pixbuf-lang-2.31.6-3.1 openSUSE 13.2:gdk-pixbuf-query-loaders-2.31.6-3.1 openSUSE 13.2:gdk-pixbuf-query-loaders-32bit-2.31.6-3.1 openSUSE 13.2:gdk-pixbuf-query-loaders-debuginfo-2.31.6-3.1 openSUSE 13.2:gdk-pixbuf-query-loaders-debuginfo-32bit-2.31.6-3.1 openSUSE 13.2:libgdk_pixbuf-2_0-0-2.31.6-3.1 openSUSE 13.2:libgdk_pixbuf-2_0-0-32bit-2.31.6-3.1 openSUSE 13.2:libgdk_pixbuf-2_0-0-debuginfo-2.31.6-3.1 openSUSE 13.2:libgdk_pixbuf-2_0-0-debuginfo-32bit-2.31.6-3.1 openSUSE 13.2:typelib-1_0-GdkPixbuf-2_0-2.31.6-3.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html https://www.suse.com/security/cve/CVE-2015-4491.html CVE-2015-4491 https://bugzilla.suse.com/940806 SUSE Bug 940806 https://bugzilla.suse.com/942801 SUSE Bug 942801 https://bugzilla.suse.com/948790 SUSE Bug 948790