openSUSE Security Update: Security update for imlib2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1330-1 Rating: moderate References: #963796 #963797 #963800 #973759 #973761 #974202 #974854 #975703 Cross-References: CVE-2011-5326 CVE-2014-9762 CVE-2014-9763 CVE-2014-9764 CVE-2014-9771 CVE-2016-3993 CVE-2016-3994 CVE-2016-4024 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This imlib2 update to version 1.4.9 fixes the following issues: Security issues fixed: - CVE-2011-5326: divide by 0 when drawing an ellipse of height 1 (boo#974202) - CVE-2014-9762: segmentation fault on images without colormap (boo#963796) - CVE-2014-9764: segmentation fault when opening specifically crafted input (boo#963797) - CVE-2014-9763: division-by-zero crashes when opening images (boo#963800) - CVE-2014-9771: exploitable integer overflow in _imlib_SaveImage (boo#974854) - CVE-2016-3994: imlib2/evas Potential DOS in giflib loader (boo#973759) - CVE-2016-3993: off by 1 Potential DOS (boo#973761) - CVE-2016-4024: integer overflow resulting in insufficient heap allocation (boo#975703) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-600=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): imlib2-1.4.9-17.4.1 imlib2-debuginfo-1.4.9-17.4.1 imlib2-debugsource-1.4.9-17.4.1 imlib2-devel-1.4.9-17.4.1 imlib2-filters-1.4.9-17.4.1 imlib2-filters-debuginfo-1.4.9-17.4.1 imlib2-loaders-1.4.9-17.4.1 imlib2-loaders-debuginfo-1.4.9-17.4.1 libImlib2-1-1.4.9-17.4.1 libImlib2-1-debuginfo-1.4.9-17.4.1 References: https://www.suse.com/security/cve/CVE-2011-5326.html https://www.suse.com/security/cve/CVE-2014-9762.html https://www.suse.com/security/cve/CVE-2014-9763.html https://www.suse.com/security/cve/CVE-2014-9764.html https://www.suse.com/security/cve/CVE-2014-9771.html https://www.suse.com/security/cve/CVE-2016-3993.html https://www.suse.com/security/cve/CVE-2016-3994.html https://www.suse.com/security/cve/CVE-2016-4024.html https://bugzilla.suse.com/963796 https://bugzilla.suse.com/963797 https://bugzilla.suse.com/963800 https://bugzilla.suse.com/973759 https://bugzilla.suse.com/973761 https://bugzilla.suse.com/974202 https://bugzilla.suse.com/974854 https://bugzilla.suse.com/975703