Oval Definition:oval:com.redhat.rhsa:def:20151694
Revision Date:2015-08-31Version:636
Title:RHSA-2015:1694: gdk-pixbuf2 security update (Moderate)
Description:gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter.

  • An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2015-4491)

    Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter.

    All gdk-pixbuf2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2015-4491
    RHSA-2015:1694
    RHSA-2015:1694-00
    RHSA-2015:1694-01
    Platform(s):Red Hat Enterprise Linux 6
    Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • gdk-pixbuf2 is earlier than 0:2.24.1-6.el6_7
  • AND gdk-pixbuf2 is signed with Red Hat redhatrelease2 key
  • gdk-pixbuf2-devel is earlier than 0:2.24.1-6.el6_7
  • AND gdk-pixbuf2-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • gdk-pixbuf2 is earlier than 0:2.28.2-5.el7_1
  • AND gdk-pixbuf2 is signed with Red Hat redhatrelease2 key
  • gdk-pixbuf2-devel is earlier than 0:2.28.2-5.el7_1
  • AND gdk-pixbuf2-devel is signed with Red Hat redhatrelease2 key
    • BACK