ID CVE-2015-4491
Summary Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:gdk-pixbuf:2.31.4
    cpe:2.3:a:gnome:gdk-pixbuf:2.31.4
  • cpe:2.3:a:google:chrome
    cpe:2.3:a:google:chrome
  • Mozilla Firefox 39.0.3
    cpe:2.3:a:mozilla:firefox:39.0.3
  • Mozilla Firefox ESR 38.0
    cpe:2.3:a:mozilla:firefox_esr:38.0
  • Mozilla Firefox ESR 38.0.1
    cpe:2.3:a:mozilla:firefox_esr:38.0.1
  • Mozilla Firefox ESR 38.0.5
    cpe:2.3:a:mozilla:firefox_esr:38.0.5
  • Mozilla Firefox ESR 38.1.0
    cpe:2.3:a:mozilla:firefox_esr:38.1.0
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • Oracle Solaris 10
    cpe:2.3:o:oracle:solaris:10
  • Oracle Solaris 11.3
    cpe:2.3:o:oracle:solaris:11.3
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.04
    cpe:2.3:o:canonical:ubuntu_linux:15.04
  • Fedora 21
    cpe:2.3:o:fedoraproject:fedora:21
  • Fedora 22
    cpe:2.3:o:fedoraproject:fedora:22
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
CVSS
Base: 6.8 (as of 18-10-2016 - 10:57)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-2195-2.NASL
    description The gdk pixbuf library was updated to fix three security issues. These security issues were fixed : - CVE-2015-7673: Fix some more overflows scaling a gif (bsc#948791) - CVE-2015-4491: Check for overflow before allocating memory when scaling (bsc#942801) - CVE-2015-7673: Fix an overflow and DoS when scaling TGA files (bsc#948790). - CVE-2015-7674: Fix overflow when scaling GIF files(bsc#948791). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87646
    published 2015-12-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87646
    title SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2015:2195-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-2081-1.NASL
    description MozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple security issues. MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address hostnames can bypass same-origin policy MFSA 2015-123/CVE-2015-7189 Buffer overflow during image interactions in canvas MFSA 2015-127/CVE-2015-7193 CORS preflight is bypassed when non-standard Content-Type headers are received MFSA 2015-128/CVE-2015-7194 Memory corruption in libjar through zip files MFSA 2015-130/CVE-2015-7196 JavaScript garbage collection crash with Java applet MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 Vulnerabilities found through code inspection MFSA 2015-132/CVE-2015-7197 Mixed content WebSocket policy bypass through workers MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 NSS and NSPR memory corruption issues It also includes fixes from 38.3.0ESR : MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection It also includes fixes from the Firefox 38.2.1ESR release : MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing canvas element during restyling MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass through data URLs It also includes fixes from the Firefox 38.2.0ESR release : MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) MFSA 2015-80/CVE-2015-4475 Out-of-bounds read with malformed MP3 file MFSA 2015-82/CVE-2015-4478 Redefinition of non-configurable JavaScript object properties MFSA 2015-83/CVE-2015-4479 Overflow issues in libstagefright MFSA 2015-87/CVE-2015-4484 Crash when using shared memory in JavaScript MFSA 2015-88/CVE-2015-4491 Heap overflow in gdk-pixbuf when scaling bitmap images MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 Buffer overflows on Libvpx when decoding WebM video MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection MFSA 2015-92/CVE-2015-4492 Use-after-free in XMLHttpRequest with shared workers Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87063
    published 2015-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87063
    title SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:2081-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-2195-1.NASL
    description The gdk pixbuf library was updated to fix three security issues. These security issues were fixed : - CVE-2015-7673: Fix some more overflows scaling a gif (bsc#948791) - CVE-2015-4491: Check for overflow before allocating memory when scaling (bsc#942801) - CVE-2015-7673: Fix an overflow and DoS when scaling TGA files (bsc#948790). - CVE-2015-7674: Fix overflow when scaling GIF files(bsc#948791). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87215
    published 2015-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87215
    title SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2015:2195-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1449-1.NASL
    description Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed : - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers The following vulnerabilities were fixed in ESR31 and are also included here : - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/ CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Mozilla Firefox and mozilla-nss were updated to fix 17 security issues. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 85721
    published 2015-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85721
    title SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1449-1) (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1787-1.NASL
    description gtk2 was updated to fix two security issues. These security issues were fixed : - CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, allowed remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that were mishandled during scaling (bsc#942801). - CVE-2015-7674: Fix overflow when scaling GIF files (bsc#948791). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 86536
    published 2015-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86536
    title SUSE SLED11 / SLES11 Security Update : gtk2 (SUSE-SU-2015:1787-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201512-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201512-05 (gdk-pixbuf: Multiple Vulnerabilities) Three heap-based buffer overflow vulnerabilities have been discovered in gdk-pixbuf. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted image file with an application linked against gdk-pixbuf, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-12-22
    plugin id 87546
    published 2015-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87546
    title GLSA-201512-05 : gdk-pixbuf: Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3337.NASL
    description Gustavo Grieco discovered a heap overflow in the processing of BMP images which may result in the execution of arbitrary code if a malformed image is opened.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85517
    published 2015-08-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85517
    title Debian DSA-3337-1 : gdk-pixbuf - security update
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1694.NASL
    description Updated gdk-pixbuf2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2015-4491) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter. All gdk-pixbuf2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86499
    published 2015-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86499
    title CentOS 6 / 7 : gdk-pixbuf2 (CESA-2015:1694)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201605-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201605-06 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-04-05
    plugin id 91379
    published 2016-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91379
    title GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-434.NASL
    description Gustavo Grieco discovered different security issues in Gtk+2.0's gdk-pixbuf. CVE-2015-4491 Heap overflow when processing BMP images which may allow to execute of arbitrary code via malformed images. CVE-2015-7673 Heap overflow when processing TGA images which may allow execute arbitrary code or denial of service (process crash) via malformed images. CVE-2015-7674 Integer overflow when processing GIF images which may allow to execute arbitrary code or denial of service (process crash) via malformed image. For Debian 6 'Squeeze', these issues have been fixed in gtk+2.0 version 2.20.1-2+deb6u2. We recommend you to upgrade your gtk+2.0 packages. Learn more about the Debian Long Term Support (LTS) Project and how to apply these updates at: https://wiki.debian.org/LTS/ NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 88995
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88995
    title Debian DLA-434-1 : gtk+2.0 security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-13925.NASL
    description Security fix for CVE-2015-4491 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 85816
    published 2015-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85816
    title Fedora 22 : gdk-pixbuf2-2.31.6-1.fc22 (2015-13925)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1682.NASL
    description An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird (for example, by viewing the full remote content of an RSS feed). Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Gustavo Grieco, and Ronald Crane as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.2. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.2, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86497
    published 2015-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86497
    title CentOS 5 / 6 / 7 : thunderbird (CESA-2015:1682)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1682.NASL
    description From Red Hat Security Advisory 2015:1682 : An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird (for example, by viewing the full remote content of an RSS feed). Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Gustavo Grieco, and Ronald Crane as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.2. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.2, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 85642
    published 2015-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85642
    title Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1682)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-13926.NASL
    description Security fix for CVE-2015-4491 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 85817
    published 2015-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85817
    title Fedora 21 : gdk-pixbuf2-2.31.6-1.fc21 (2015-13926)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1694.NASL
    description Updated gdk-pixbuf2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2015-4491) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter. All gdk-pixbuf2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 85717
    published 2015-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85717
    title RHEL 6 / 7 : gdk-pixbuf2 (RHSA-2015:1694)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2015-244-01.NASL
    description New gdk-pixbuf2 packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2015-09-02
    plugin id 85725
    published 2015-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85725
    title Slackware 13.37 / 14.0 / 14.1 / current : gdk-pixbuf2 (SSA:2015-244-01)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2722-1.NASL
    description Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 85660
    published 2015-08-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85660
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : gdk-pixbuf vulnerability (USN-2722-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-570.NASL
    description gdk-pixbuf was updated to version 2.31.6 to fix a secuirty vulnerability and several bugs. - Update to version 2.31.6 (boo#942801) : + Really fix bgo#752297. This is CVE-2015-4491. + Updated translations. - Update to version 2.31.5 : + Add support for g_autoptr for all object types (bgo#750497). + Avoid a possible divide-by-zero in the pixbuf loader (bgo#750440). + Remove gettext .pot file hack (bgo#743574). + Be more careful about integer overflow (bgo#752297). + Updated translations. - Drop README from docs as it is now empty. - Add generic www.gnome.org URL to silence a few lint warnings. - Update to version 2.31.4 : + SVGZ icons in notification GNOME3 (bgo#648815). + gdk_pixbuf_apply_embedded_orientation is not working (bgo#725582). + Updated translations. - Update to version 2.31.3 : + API changes: Revert an annotation change that broke bindings. + Build fixes : - Clean up configure - Fix Visual Studio build - Define MAP_ANONYMOUS when needed - Include gi18n-lib.h where needed + Updated translations. - Update to version 2.31.2 : + API changes : - Deprecate GdkPixdata. - Add gdk_pixbuf_get_options() helper to list set options. - Annotations fixes for various functions. - Remove incorrect info about area-prepared signal. + Image format support changes : - Flag multi-page TIFF files. - Fix memory usage for GIF animations, add note about minimum frame length. - Return an error for truncated PNG files. - Add density (DPI) support for JPEG, PNG and TIFF. - Fix reading CMYK JPEG files generated by Photoshop. - Allow saving 1-bit mono TIFF files as used in faxes. - Simplify loader names. - Fix loading GIF files when the first write is short. - Add progressive loading to ICNS files. - Add support for 256x256 ICO files. - Fix reading MS AMCap2 BMP files. + Other : - Honour requested depth in Xlib. - Special-case compositing/copying with no scaling. - Add relocation support to OSX and Linux. - Prefer gdk-pixbuf's loaders to the GDI+ ones on Windows. - fix bashism in post script
    last seen 2019-02-21
    modified 2015-09-08
    plugin id 85839
    published 2015-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85839
    title openSUSE Security Update : gdk-pixbuf (openSUSE-2015-570)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1682.NASL
    description An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird (for example, by viewing the full remote content of an RSS feed). Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Gustavo Grieco, and Ronald Crane as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.2. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.2, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 85645
    published 2015-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85645
    title RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1682)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150825_THUNDERBIRD_ON_SL5_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird (for example, by viewing the full remote content of an RSS feed). After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85646
    published 2015-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85646
    title Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-547.NASL
    description - update to Firefox 40.0 (bnc#940806) - Added protection against unwanted software downloads - Suggested Tiles show sites of interest, based on categories from your recent browsing history - Hello allows adding a link to conversations to provide context on what the conversation will be about - New style for add-on manager based on the in-content preferences style - Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only) - Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked security fixes : - MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards - MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file - MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback - MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties - MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright - MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) - MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) - MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST bypasses mixed content protections - MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript - MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection - MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification - MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers - added mozilla-no-stdcxx-check.patch - removed obsolete patches - mozilla-add-glibcxx_use_cxx11_abi.patch - firefox-multilocale-chrome.patch - rebased patches - requires version 40 of the branding package - removed browser/searchplugins/ location as it's not valid anymore - includes security update to Firefox 39.0.3 (bnc#940918) - MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) Same origin violation and local file stealing via PDF reader
    last seen 2019-02-21
    modified 2015-11-30
    plugin id 85436
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85436
    title openSUSE Security Update : MozillaFirefox (openSUSE-2015-547)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-558.NASL
    description This update to Thunderbird 38.2.0 fixes the following issues (bnc#940806) : - MFSA 2015-79/CVE-2015-4473 Miscellaneous memory safety hazards - MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file - MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties - MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright - MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) - MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) - MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript - MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection - MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers
    last seen 2019-02-21
    modified 2015-08-31
    plugin id 85702
    published 2015-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85702
    title openSUSE Security Update : MozillaThunderbird (openSUSE-2015-558)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-559.NASL
    description This update to Thunderbird 38.2.0 fixes the following issues (bnc#940806) : - MFSA 2015-79/CVE-2015-4473 Miscellaneous memory safety hazards - MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file - MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties - MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright - MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) - MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) - MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript - MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection - MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers
    last seen 2019-02-21
    modified 2015-08-31
    plugin id 85703
    published 2015-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85703
    title openSUSE Security Update : MozillaThunderbird (openSUSE-2015-559)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-14011.NASL
    description Security fix for CVE-2015-4491 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 85819
    published 2015-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85819
    title Fedora 22 : mingw-gdk-pixbuf-2.31.6-1.fc22 (2015-14011)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_F5B8B670465C11E5A49DBCAEC565249C.NASL
    description Gustavo Grieco reports : We found a heap overflow and a DoS in the gdk-pixbuf implementation triggered by the scaling of a malformed bmp.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85562
    published 2015-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85562
    title FreeBSD : gdk-pixbuf2 -- heap overflow and DoS (f5b8b670-465c-11e5-a49d-bcaec565249c)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1694.NASL
    description From Red Hat Security Advisory 2015:1694 : Updated gdk-pixbuf2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2015-4491) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter. All gdk-pixbuf2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 85710
    published 2015-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85710
    title Oracle Linux 6 / 7 : gdk-pixbuf2 (ELSA-2015-1694)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2702-1.NASL
    description Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474) Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4475) A use-after-free was discovered during MediaStream playback in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4477) Andre Bargull discovered that non-configurable properties on JavaScript objects could be redefined when parsing JSON. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-4478) Multiple integer overflows were discovered in libstagefright. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493) Jukka Jylanki discovered a crash that occurs because JavaScript does not properly gate access to Atomics or SharedArrayBuffers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-4484) Abhishek Arya discovered 2 buffer overflows in libvpx when decoding malformed WebM content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4485, CVE-2015-4486) Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Christoph Kerschbaumer discovered an issue with Mozilla's implementation of Content Security Policy (CSP), which could allow for a more permissive usage in some cirucumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2015-4490) Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4491) Looben Yang discovered a use-after-free when using XMLHttpRequest with shared workers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4492). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 85344
    published 2015-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85344
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox vulnerabilities (USN-2702-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-846.NASL
    description This update for gdk-pixbuf fixes the following issues : Security issue fixed : - CVE-2015-4491: Fix integer multiplication overflow that allows for DoS or potentially RCE (bsc#1053417). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 111627
    published 2018-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111627
    title openSUSE Security Update : gdk-pixbuf (openSUSE-2018-846)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C66A5632708A47278236D65B2D5B2739.NASL
    description The Mozilla Project reports : MFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) MFSA 2015-80 Out-of-bounds read with malformed MP3 file MFSA 2015-81 Use-after-free in MediaStream playback MFSA 2015-82 Redefinition of non-configurable JavaScript object properties MFSA 2015-83 Overflow issues in libstagefright MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links MFSA 2015-85 Out-of-bounds write with Updater and malicious MAR file MFSA 2015-86 Feed protocol with POST bypasses mixed content protections MFSA 2015-87 Crash when using shared memory in JavaScript MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images MFSA 2015-90 Vulnerabilities found through code inspection MFSA 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 85338
    published 2015-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85338
    title FreeBSD : mozilla -- multiple vulnerabilities (c66a5632-708a-4727-8236-d65b2d5b2739)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1586.NASL
    description From Red Hat Security Advisory 2015:1586 : Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco, Abhishek Arya, Ronald Crane, and Looben Yang as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.2 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 85339
    published 2015-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85339
    title Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1586)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2702-3.NASL
    description USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users in the US reported that their default search engine switched to Yahoo. This update fixes the problem. We apologize for the inconvenience. Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474) Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4475) A use-after-free was discovered during MediaStream playback in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4477) Andre Bargull discovered that non-configurable properties on JavaScript objects could be redefined when parsing JSON. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-4478) Multiple integer overflows were discovered in libstagefright. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493) Jukka Jylanki discovered a crash that occurs because JavaScript does not properly gate access to Atomics or SharedArrayBuffers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-4484) Abhishek Arya discovered 2 buffer overflows in libvpx when decoding malformed WebM content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4485, CVE-2015-4486) Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Christoph Kerschbaumer discovered an issue with Mozilla's implementation of Content Security Policy (CSP), which could allow for a more permissive usage in some cirucumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2015-4490) Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4491) Looben Yang discovered a use-after-free when using XMLHttpRequest with shared workers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4492). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 85578
    published 2015-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85578
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox regression (USN-2702-3)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2702-2.NASL
    description USN-2702-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox. Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474) Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4475) A use-after-free was discovered during MediaStream playback in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4477) Andre Bargull discovered that non-configurable properties on JavaScript objects could be redefined when parsing JSON. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-4478) Multiple integer overflows were discovered in libstagefright. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493) Jukka Jylanki discovered a crash that occurs because JavaScript does not properly gate access to Atomics or SharedArrayBuffers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-4484) Abhishek Arya discovered 2 buffer overflows in libvpx when decoding malformed WebM content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4485, CVE-2015-4486) Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Christoph Kerschbaumer discovered an issue with Mozilla's implementation of Content Security Policy (CSP), which could allow for a more permissive usage in some cirucumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2015-4490) Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4491) Looben Yang discovered a use-after-free when using XMLHttpRequest with shared workers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4492). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 85345
    published 2015-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85345
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : ubufox update (USN-2702-2)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1586.NASL
    description Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco, Abhishek Arya, Ronald Crane, and Looben Yang as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.2 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85336
    published 2015-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85336
    title CentOS 5 / 6 / 7 : firefox (CESA-2015:1586)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2145-1.NASL
    description This update for gdk-pixbuf fixes the following issues: Security issue fixed : - CVE-2015-4491: Fix integer multiplication overflow that allows for DoS or potentially RCE (bsc#1053417). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111506
    published 2018-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111506
    title SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2018:2145-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150811_FIREFOX_ON_SL5_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85343
    published 2015-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85343
    title Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-548.NASL
    description - update to Firefox 40.0 (bnc#940806) - Added protection against unwanted software downloads - Suggested Tiles show sites of interest, based on categories from your recent browsing history - Hello allows adding a link to conversations to provide context on what the conversation will be about - New style for add-on manager based on the in-content preferences style - Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only) - Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked security fixes : - MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards - MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file - MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback - MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties - MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright - MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) - MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) - MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST bypasses mixed content protections - MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript - MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection - MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification - MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers - added mozilla-no-stdcxx-check.patch - removed obsolete patches - mozilla-add-glibcxx_use_cxx11_abi.patch - firefox-multilocale-chrome.patch - rebased patches - requires version 40 of the branding package - removed browser/searchplugins/ location as it's not valid anymore - includes security update to Firefox 39.0.3 (bnc#940918) - MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) Same origin violation and local file stealing via PDF reader
    last seen 2019-02-21
    modified 2015-11-30
    plugin id 85437
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85437
    title openSUSE Security Update : MozillaFirefox (openSUSE-2015-548)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2712-1.NASL
    description Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges ofthe user invoking Thunderbird. (CVE-2015-4473) Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Thunderbird. (CVE-2015-4491). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 85648
    published 2015-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85648
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : thunderbird vulnerabilities (USN-2712-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-14010.NASL
    description Security fix for CVE-2015-4491 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 85818
    published 2015-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85818
    title Fedora 21 : mingw-gdk-pixbuf-2.31.6-1.fc21 (2015-14010)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1586.NASL
    description Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco, Abhishek Arya, Ronald Crane, and Looben Yang as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.2 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 85342
    published 2015-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85342
    title RHEL 5 / 6 / 7 : firefox (RHSA-2015:1586)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1528-1.NASL
    description Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed : - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 85906
    published 2015-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85906
    title SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1528-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1476-1.NASL
    description Mozilla Firefox was updated to version 38.2.1 ESR to fix several critical and non critical security vulnerabilities. - Firefox was updated to 38.2.1 ESR (bsc#943608) - MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing canvas element during restyling - MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass through data URLs - Firefox was updated to 38.2.0 ESR (bsc#940806) - MFSA 2015-78/CVE-2015-4495 (bmo#1178058, bmo#1179262) Same origin violation and local file stealing via PDF reader - MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 (bmo#1143130, bmo#1161719, bmo#1177501, bmo#1181204, bmo#1184068, bmo#1188590, bmo#1146213, bmo#1178890, bmo#1182711) Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file - MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties - MFSA 2015-83/CVE-2015-4479 (bmo#1185115, bmo#1144107, bmo#1170344, bmo#1186718) Overflow issues in libstagefright - MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript - MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 (bmo#1176270, bmo#1182723, bmo#1171603) Vulnerabilities found through code inspection - MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers Mozilla NSS switched the CKBI ABI from 1.98 to 2.4, which is what Firefox 38ESR uses. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 85763
    published 2015-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85763
    title SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1476-1)
redhat via4
advisories
  • bugzilla
    id 1252293
    title CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • comment thunderbird is earlier than 0:38.2.0-4.el5_11
        oval oval:com.redhat.rhsa:tst:20151682002
      • comment thunderbird is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070108003
    • AND
      • comment thunderbird is earlier than 0:38.2.0-4.el6_7
        oval oval:com.redhat.rhsa:tst:20151682008
      • comment thunderbird is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100896006
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
    • AND
      • comment thunderbird is earlier than 0:38.2.0-1.el7_1
        oval oval:com.redhat.rhsa:tst:20151682014
      • comment thunderbird is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100896006
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhsa:tst:20140675001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhsa:tst:20140675002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20140675003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20140675004
    rhsa
    id RHSA-2015:1682
    released 2015-08-25
    severity Important
    title RHSA-2015:1682: thunderbird security update (Important)
  • bugzilla
    id 1252290
    title CVE-2015-4491 Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88)
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment gdk-pixbuf2 is earlier than 0:2.24.1-6.el6_7
            oval oval:com.redhat.rhsa:tst:20151694005
          • comment gdk-pixbuf2 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151694006
        • AND
          • comment gdk-pixbuf2-devel is earlier than 0:2.24.1-6.el6_7
            oval oval:com.redhat.rhsa:tst:20151694007
          • comment gdk-pixbuf2-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151694008
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhsa:tst:20140675001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhsa:tst:20140675002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20140675003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20140675004
      • OR
        • AND
          • comment gdk-pixbuf2 is earlier than 0:2.28.2-5.el7_1
            oval oval:com.redhat.rhsa:tst:20151694014
          • comment gdk-pixbuf2 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151694006
        • AND
          • comment gdk-pixbuf2-devel is earlier than 0:2.28.2-5.el7_1
            oval oval:com.redhat.rhsa:tst:20151694013
          • comment gdk-pixbuf2-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151694008
    rhsa
    id RHSA-2015:1694
    released 2015-08-31
    severity Moderate
    title RHSA-2015:1694: gdk-pixbuf2 security update (Moderate)
  • rhsa
    id RHSA-2015:1586
rpms
  • firefox-0:38.2.0-4.el5_11
  • firefox-0:38.2.0-4.el6_7
  • firefox-0:38.2.0-4.el7_1
  • thunderbird-0:38.2.0-4.el5_11
  • thunderbird-0:38.2.0-4.el6_7
  • thunderbird-0:38.2.0-1.el7_1
  • gdk-pixbuf2-0:2.24.1-6.el6_7
  • gdk-pixbuf2-devel-0:2.24.1-6.el6_7
  • gdk-pixbuf2-0:2.28.2-5.el7_1
  • gdk-pixbuf2-devel-0:2.28.2-5.el7_1
refmap via4
confirm
debian DSA-3337
fedora
  • FEDORA-2015-13925
  • FEDORA-2015-13926
  • FEDORA-2015-14010
  • FEDORA-2015-14011
gentoo
  • GLSA-201512-05
  • GLSA-201605-06
sectrack
  • 1033247
  • 1033372
suse
  • SUSE-SU-2015:1449
  • SUSE-SU-2015:1528
  • SUSE-SU-2015:2081
  • openSUSE-SU-2015:1389
  • openSUSE-SU-2015:1390
  • openSUSE-SU-2015:1453
  • openSUSE-SU-2015:1454
  • openSUSE-SU-2015:1500
ubuntu
  • USN-2702-1
  • USN-2702-2
  • USN-2702-3
  • USN-2712-1
  • USN-2722-1
Last major update 23-12-2016 - 21:59
Published 15-08-2015 - 21:59
Last modified 30-10-2018 - 12:27
Back to Top