Test ID:	1.3.6.1.4.1.25623.1.0.882268
Category:	CentOS Local Security Checks
Title:	CentOS Update for gdk-pixbuf2 CESA-2015:1694 centos6
Summary:	Check the version of gdk-pixbuf2
Description:	Summary: Check the version of gdk-pixbuf2 Vulnerability Insight: gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2015-4491) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter. All gdk-pixbuf2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: gdk-pixbuf2 on CentOS 6 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4491 Debian Security Information: DSA-3337 (Google Search) http://www.debian.org/security/2015/dsa-3337 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html https://security.gentoo.org/glsa/201512-05 https://security.gentoo.org/glsa/201605-06 RedHat Security Advisories: RHSA-2015:1586 http://rhn.redhat.com/errata/RHSA-2015-1586.html RedHat Security Advisories: RHSA-2015:1682 http://rhn.redhat.com/errata/RHSA-2015-1682.html RedHat Security Advisories: RHSA-2015:1694 http://rhn.redhat.com/errata/RHSA-2015-1694.html http://www.securitytracker.com/id/1033247 http://www.securitytracker.com/id/1033372 SuSE Security Announcement: SUSE-SU-2015:1449 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html SuSE Security Announcement: SUSE-SU-2015:1528 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html SuSE Security Announcement: SUSE-SU-2015:2081 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html SuSE Security Announcement: openSUSE-SU-2015:1389 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:1390 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html SuSE Security Announcement: openSUSE-SU-2015:1453 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html SuSE Security Announcement: openSUSE-SU-2015:1454 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html SuSE Security Announcement: openSUSE-SU-2015:1500 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html http://www.ubuntu.com/usn/USN-2702-1 http://www.ubuntu.com/usn/USN-2702-2 http://www.ubuntu.com/usn/USN-2702-3 http://www.ubuntu.com/usn/USN-2712-1 http://www.ubuntu.com/usn/USN-2722-1
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.