Bug 18476 - gdk-pixbuf2.0 new security issue CVE-2015-8875
Summary: gdk-pixbuf2.0 new security issue CVE-2015-8875
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/688210/
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK a...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2016-05-17 21:03 CEST by David Walser
Modified: 2016-05-20 18:07 CEST (History)
3 users (show)

See Also:
Source RPM: gdk-pixbuf2.0-2.32.1-1.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2016-05-17 21:03:30 CEST
A CVE has been assigned for a security issue fixed last October in gdk-pixbuf2.0:
http://openwall.com/lists/oss-security/2016/05/17/7

Patch added in Mageia 5 SVN.  The Cauldron version already contains the fix.
Comment 1 David Walser 2016-05-19 00:49:34 CEST
Patched package uploaded for Mageia 5.

To test, make sure Firefox can load images OK.

Advisory:
========================

Updated gdk-pixbuf packages fix security vulnerability:

The gdk-pixbuf2.0 library is vulnerable to overflows in the
pixops_composite_nearest(), pixops_composite_color_nearest() and
pixops_process() functions in pixops/pixops.c (CVE-2015-8875).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8875
http://openwall.com/lists/oss-security/2016/05/17/7
========================

Updated packages in core/updates_testing:
========================
gdk-pixbuf2.0-2.32.1-1.1.mga5
libgdk_pixbuf2.0_0-2.32.1-1.1.mga5
libgdk_pixbuf2.0-devel-2.32.1-1.1.mga5
libgdk_pixbuf-gir2.0-2.32.1-1.1.mga5

from gdk-pixbuf2.0-2.32.1-1.1.mga5.src.rpm

Assignee: bugsquad => qa-bugs
Whiteboard: (none) => has_procedure

Comment 2 David Walser 2016-05-19 04:57:27 CEST
Searched for bunnies in Google Image Search in Firefox on Mageia 5 i586.  Still cute.

Whiteboard: has_procedure => has_procedure MGA5-32-OK

Comment 3 David Walser 2016-05-19 15:53:40 CEST
Bunnies are still cute on Mageia 5 x86_64 also.

Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK MGA5-64-OK

Comment 4 Lewis Smith 2016-05-19 20:47:49 CEST
In the light of David's OKs (but not understanding what bunnies are about), thanks for same. Validating, Advisory to follow.

Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Dave Hodgins 2016-05-20 11:30:50 CEST

CC: (none) => davidwhodgins
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK advisory

Comment 5 Mageia Robot 2016-05-20 13:39:32 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0192.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2016-05-20 18:07:34 CEST

URL: (none) => http://lwn.net/Vulnerabilities/688210/


Note You need to log in before you can comment on or make changes to this bug.