openSUSE Security Update : imlib2 (openSUSE-2016-600)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This imlib2 update to version 1.4.9 fixes the following issues :

Security issues fixed :

- CVE-2011-5326: divide by 0 when drawing an ellipse of
height 1 (boo#974202)

- CVE-2014-9762: segmentation fault on images without
colormap (boo#963796)

- CVE-2014-9764: segmentation fault when opening
specifically crafted input (boo#963797)

- CVE-2014-9763: division-by-zero crashes when opening
images (boo#963800)

- CVE-2014-9771: exploitable integer overflow in
_imlib_SaveImage (boo#974854)

- CVE-2016-3994: imlib2/evas Potential DOS in giflib
loader (boo#973759)

- CVE-2016-3993: off by 1 Potential DOS (boo#973761)

- CVE-2016-4024: integer overflow resulting in
insufficient heap allocation (boo#975703)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=963796
https://bugzilla.opensuse.org/show_bug.cgi?id=963797
https://bugzilla.opensuse.org/show_bug.cgi?id=963800
https://bugzilla.opensuse.org/show_bug.cgi?id=973759
https://bugzilla.opensuse.org/show_bug.cgi?id=973761
https://bugzilla.opensuse.org/show_bug.cgi?id=974202
https://bugzilla.opensuse.org/show_bug.cgi?id=974854
https://bugzilla.opensuse.org/show_bug.cgi?id=975703

Solution :

Update the affected imlib2 packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 91270 ()

Bugtraq ID:

CVE ID: CVE-2011-5326
CVE-2014-9762
CVE-2014-9763
CVE-2014-9764
CVE-2014-9771
CVE-2016-3993
CVE-2016-3994
CVE-2016-4024

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now