openSUSE Security Update: Security update for gdk-pixbuf ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1500-1 Rating: moderate References: #942801 Cross-References: CVE-2015-4491 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: gdk-pixbuf was updated to version 2.31.6 to fix a secuirty vulnerability and several bugs. - Update to version 2.31.6 (boo#942801): + Really fix bgo#752297. This is CVE-2015-4491. + Updated translations. - Update to version 2.31.5: + Add support for g_autoptr for all object types (bgo#750497). + Avoid a possible divide-by-zero in the pixbuf loader (bgo#750440). + Remove gettext .pot file hack (bgo#743574). + Be more careful about integer overflow (bgo#752297). + Updated translations. - Drop README from docs as it is now empty. - Add generic www.gnome.org URL to silence a few lint warnings. - Update to version 2.31.4: + SVGZ icons in notification GNOME3 (bgo#648815). + gdk_pixbuf_apply_embedded_orientation is not working (bgo#725582). + Updated translations. - Update to version 2.31.3: + API changes: Revert an annotation change that broke bindings. + Build fixes: - Clean up configure - Fix Visual Studio build - Define MAP_ANONYMOUS when needed - Include gi18n-lib.h where needed + Updated translations. - Update to version 2.31.2: + API changes: - Deprecate GdkPixdata. - Add gdk_pixbuf_get_options() helper to list set options. - Annotations fixes for various functions. - Remove incorrect info about area-prepared signal. + Image format support changes: - Flag multi-page TIFF files. - Fix memory usage for GIF animations, add note about minimum frame length. - Return an error for truncated PNG files. - Add density (DPI) support for JPEG, PNG and TIFF. - Fix reading CMYK JPEG files generated by Photoshop. - Allow saving 1-bit mono TIFF files as used in faxes. - Simplify loader names. - Fix loading GIF files when the first write is short. - Add progressive loading to ICNS files. - Add support for 256x256 ICO files. - Fix reading MS AMCap2 BMP files. + Other: - Honour requested depth in Xlib. - Special-case compositing/copying with no scaling. - Add relocation support to OSX and Linux. - Prefer gdk-pixbuf's loaders to the GDI+ ones on Windows. - fix bashism in post script Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-570=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): gdk-pixbuf-debugsource-2.31.6-3.1 gdk-pixbuf-devel-2.31.6-3.1 gdk-pixbuf-devel-debuginfo-2.31.6-3.1 gdk-pixbuf-query-loaders-2.31.6-3.1 gdk-pixbuf-query-loaders-debuginfo-2.31.6-3.1 libgdk_pixbuf-2_0-0-2.31.6-3.1 libgdk_pixbuf-2_0-0-debuginfo-2.31.6-3.1 typelib-1_0-GdkPixbuf-2_0-2.31.6-3.1 - openSUSE 13.2 (x86_64): gdk-pixbuf-devel-32bit-2.31.6-3.1 gdk-pixbuf-devel-debuginfo-32bit-2.31.6-3.1 gdk-pixbuf-query-loaders-32bit-2.31.6-3.1 gdk-pixbuf-query-loaders-debuginfo-32bit-2.31.6-3.1 libgdk_pixbuf-2_0-0-32bit-2.31.6-3.1 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.31.6-3.1 - openSUSE 13.2 (noarch): gdk-pixbuf-lang-2.31.6-3.1 References: https://www.suse.com/security/cve/CVE-2015-4491.html https://bugzilla.suse.com/942801