Security update for gdk-pixbuf SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2287-1 Final 1 1 2018-08-09T20:46:08Z current 2018-08-09T20:46:08Z 2018-08-09T20:46:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gdk-pixbuf This update for gdk-pixbuf fixes the following issues: Security issue fixed: - CVE-2015-4491: Fix integer multiplication overflow that allows for DoS or potentially RCE (bsc#1053417). This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00033.html E-Mail link for openSUSE-SU-2018:2287-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 gdk-pixbuf-2.34.0-19.1 gdk-pixbuf-devel-2.34.0-19.1 gdk-pixbuf-devel-32bit-2.34.0-19.1 gdk-pixbuf-lang-2.34.0-19.1 gdk-pixbuf-query-loaders-2.34.0-19.1 gdk-pixbuf-query-loaders-32bit-2.34.0-19.1 libgdk_pixbuf-2_0-0-2.34.0-19.1 libgdk_pixbuf-2_0-0-32bit-2.34.0-19.1 typelib-1_0-GdkPixbuf-2_0-2.34.0-19.1 gdk-pixbuf-2.34.0-19.1 as a component of openSUSE Leap 42.3 gdk-pixbuf-devel-2.34.0-19.1 as a component of openSUSE Leap 42.3 gdk-pixbuf-devel-32bit-2.34.0-19.1 as a component of openSUSE Leap 42.3 gdk-pixbuf-lang-2.34.0-19.1 as a component of openSUSE Leap 42.3 gdk-pixbuf-query-loaders-2.34.0-19.1 as a component of openSUSE Leap 42.3 gdk-pixbuf-query-loaders-32bit-2.34.0-19.1 as a component of openSUSE Leap 42.3 libgdk_pixbuf-2_0-0-2.34.0-19.1 as a component of openSUSE Leap 42.3 libgdk_pixbuf-2_0-0-32bit-2.34.0-19.1 as a component of openSUSE Leap 42.3 typelib-1_0-GdkPixbuf-2_0-2.34.0-19.1 as a component of openSUSE Leap 42.3 Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. CVE-2015-4491 openSUSE Leap 42.3:gdk-pixbuf-2.34.0-19.1 openSUSE Leap 42.3:gdk-pixbuf-devel-2.34.0-19.1 openSUSE Leap 42.3:gdk-pixbuf-devel-32bit-2.34.0-19.1 openSUSE Leap 42.3:gdk-pixbuf-lang-2.34.0-19.1 openSUSE Leap 42.3:gdk-pixbuf-query-loaders-2.34.0-19.1 openSUSE Leap 42.3:gdk-pixbuf-query-loaders-32bit-2.34.0-19.1 openSUSE Leap 42.3:libgdk_pixbuf-2_0-0-2.34.0-19.1 openSUSE Leap 42.3:libgdk_pixbuf-2_0-0-32bit-2.34.0-19.1 openSUSE Leap 42.3:typelib-1_0-GdkPixbuf-2_0-2.34.0-19.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00033.html https://www.suse.com/security/cve/CVE-2015-4491.html CVE-2015-4491 https://bugzilla.suse.com/940806 SUSE Bug 940806 https://bugzilla.suse.com/942801 SUSE Bug 942801 https://bugzilla.suse.com/948790 SUSE Bug 948790