2015-07-21
ALT-BU-2015-2553-1
Branch sisyphus update bulletin.
Package kde4-ktorrent updated to version 4.3.1-alt3 for branch sisyphus in task 146510.
Closed bugs
Для работы требуется пересборка пакета
Package libgdk-pixbuf updated to version 2.31.5-alt1 for branch sisyphus in task 146513.
Closed vulnerabilities
Published: 2015-10-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-7673
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
Severity: MEDIUM (6.8)
References:
- http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.0.news
- http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.0.news
- openSUSE-SU-2016:0897
- openSUSE-SU-2016:0897
- openSUSE-SU-2016:1467
- openSUSE-SU-2016:1467
- DSA-3378
- DSA-3378
- [oss-security] 20151001 CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1
- [oss-security] 20151001 CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1
- [oss-security] 20151002 Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1
- [oss-security] 20151002 Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1
- 76953
- 76953
- USN-2767-1
- USN-2767-1
- https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
- https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
- https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e
- https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e
- https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
- https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
- GLSA-201512-05
- GLSA-201512-05