This update for gtk2 provides the following fixes:
These security issues were fixed:
CVE-2017-6312: Prevent integer overflow that allowed context-dependent
attackers to cause a denial of service (segmentation fault and application
crash) via a crafted image entry offset in an ICO file (bsc#1027026).
CVE-2017-6314: The makeavailableat_least function allowed context-dependent
attackers to cause a denial of service (infinite loop) via a large TIFF file
(bsc#1027025).
CVE-2017-6313: Prevent integer underflow in the load_resources function that
allowed context-dependent attackers to cause a denial of service (out-of-bounds
read and program crash) via a crafted image entry size in an ICO file
(bsc#1027024).
CVE-2017-2862: Prevent heap overflow in the
gdkpixbufjpegimageloadincrement function. A specially crafted jpeg file
could have caused a heap overflow resulting in remote code execution
(bsc#1048289)
CVE-2017-2870: Prevent integer overflow in the tiffimageparse
functionality. A specially crafted tiff file could have caused a heap-overflow
resulting in remote code execution (bsc#1048544).
This non-security issue was fixed:
Prevent an infinite loop when a window is destroyed while traversed (bsc#1039465).