openSUSE Security Update : gdk-pixbuf (openSUSE-2015-570)

medium Nessus Plugin ID 85839
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

gdk-pixbuf was updated to version 2.31.6 to fix a secuirty vulnerability and several bugs.

- Update to version 2.31.6 (boo#942801) :

+ Really fix bgo#752297. This is CVE-2015-4491.

+ Updated translations.

- Update to version 2.31.5 :

+ Add support for g_autoptr for all object types (bgo#750497).

+ Avoid a possible divide-by-zero in the pixbuf loader (bgo#750440).

+ Remove gettext .pot file hack (bgo#743574).

+ Be more careful about integer overflow (bgo#752297).

+ Updated translations.

- Drop README from docs as it is now empty.

- Add generic www.gnome.org URL to silence a few lint warnings.

- Update to version 2.31.4 :

+ SVGZ icons in notification GNOME3 (bgo#648815).

+ gdk_pixbuf_apply_embedded_orientation is not working (bgo#725582).

+ Updated translations.

- Update to version 2.31.3 :

+ API changes: Revert an annotation change that broke bindings.

+ Build fixes :

- Clean up configure

- Fix Visual Studio build

- Define MAP_ANONYMOUS when needed

- Include gi18n-lib.h where needed

+ Updated translations.

- Update to version 2.31.2 :

+ API changes :

- Deprecate GdkPixdata.

- Add gdk_pixbuf_get_options() helper to list set options.

- Annotations fixes for various functions.

- Remove incorrect info about area-prepared signal.

+ Image format support changes :

- Flag multi-page TIFF files.

- Fix memory usage for GIF animations, add note about minimum frame length.

- Return an error for truncated PNG files.

- Add density (DPI) support for JPEG, PNG and TIFF.

- Fix reading CMYK JPEG files generated by Photoshop.

- Allow saving 1-bit mono TIFF files as used in faxes.

- Simplify loader names.

- Fix loading GIF files when the first write is short.

- Add progressive loading to ICNS files.

- Add support for 256x256 ICO files.

- Fix reading MS AMCap2 BMP files.

+ Other :

- Honour requested depth in Xlib.

- Special-case compositing/copying with no scaling.

- Add relocation support to OSX and Linux.

- Prefer gdk-pixbuf's loaders to the GDI+ ones on Windows.

- fix bashism in post script

Solution

Update the affected gdk-pixbuf packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=942801

Plugin Details

Severity: Medium

ID: 85839

File Name: openSUSE-2015-570.nasl

Version: 2.3

Type: local

Agent: unix

Published: 9/8/2015

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:gdk-pixbuf-debugsource, p-cpe:/a:novell:opensuse:gdk-pixbuf-devel, p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-32bit, p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-debuginfo, p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-debuginfo-32bit, p-cpe:/a:novell:opensuse:gdk-pixbuf-lang, p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders, p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-32bit, p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-debuginfo, p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-debuginfo-32bit, p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0, p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-32bit, p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-debuginfo-32bit, p-cpe:/a:novell:opensuse:typelib-1_0-GdkPixbuf-2_0, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 8/28/2015

Reference Information

CVE: CVE-2015-4491