[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040917204219.24145.qmail@updates.mandrakesoft.com>
Date: 17 Sep 2004 20:42:19 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:095-1 - Updated gdk-pixbuf and gtk+2 packages fix image loading vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: gdk-pixbuf/gtk+2
Advisory ID: MDKSA-2004:095-1
Date: September 17th, 2004
Original Advisory Date: September 15th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP
image could send the bmp loader into an infinite loop (CAN-2004-0753).
Chris Evans found a heap-based overflow and a stack-based overflow in
the xpm loader of gdk-pixbuf (CAN-2004-0782 and CAN-2004-0783).
Chris Evans also discovered an integer overflow in the ico loader of
gdk-pixbuf (CAN-2004-0788).
All four problems have been corrected in these updated packages.
Update:
The previous package had an incorrect patch applied that would cause
some problems with other programs. The updated packages have the
correct patch applied.
As well, patched gtk+2 packages, which also contain gdk-pixbuf, are
now provided.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0788
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
8e876939c906d6f9dd26df036c7034c1 10.0/RPMS/gdk-pixbuf-loaders-0.22.0-2.2.100mdk.i586.rpm
ee4ccc32d2c7d17ad602ba391c1c46ff 10.0/RPMS/libgdk-pixbuf-gnomecanvas1-0.22.0-2.2.100mdk.i586.rpm
b1e29d741dfd0b4db56085e346663d66 10.0/RPMS/libgdk-pixbuf-xlib2-0.22.0-2.2.100mdk.i586.rpm
acd358e06b571209fa07ed81d6f08c6f 10.0/RPMS/libgdk-pixbuf2-0.22.0-2.2.100mdk.i586.rpm
6f866e24c433387958ff737bcdf5e424 10.0/RPMS/libgdk-pixbuf2-devel-0.22.0-2.2.100mdk.i586.rpm
d8083e6a741ba196202b3beba6ec6533 10.0/SRPMS/gdk-pixbuf-0.22.0-2.2.100mdk.src.rpm
d49f667b621b191ef971380f46323fb3 10.0/RPMS/gtk+2.0-2.2.4-10.1.100mdk.i586.rpm
b6582a8ad1236a1d69bdbdbe5188234a 10.0/RPMS/libgdk_pixbuf2.0_0-2.2.4-10.1.100mdk.i586.rpm
3eca5e1e74c3cda7cd8e5344388c47d2 10.0/RPMS/libgdk_pixbuf2.0_0-devel-2.2.4-10.1.100mdk.i586.rpm
3803aa8ad8bf2cfa552e8dc3035d529a 10.0/RPMS/libgtk+-linuxfb-2.0_0-2.2.4-10.1.100mdk.i586.rpm
141d8446994456d82389932eeffe33cf 10.0/RPMS/libgtk+-linuxfb-2.0_0-devel-2.2.4-10.1.100mdk.i586.rpm
56f8b5bb0aeaaeccd582250868008695 10.0/RPMS/libgtk+-x11-2.0_0-2.2.4-10.1.100mdk.i586.rpm
a56a6e8aecb12b48b0f9de75d987a035 10.0/RPMS/libgtk+2.0_0-2.2.4-10.1.100mdk.i586.rpm
690b201975e573c5467a6767fb349beb 10.0/RPMS/libgtk+2.0_0-devel-2.2.4-10.1.100mdk.i586.rpm
80b1d38274cffc8796e5a3ab205f3e7d 10.0/SRPMS/gtk+2.0-2.2.4-10.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
3205a9334ed0de43d3d5c26a2294e800 amd64/10.0/RPMS/gdk-pixbuf-loaders-0.22.0-2.2.100mdk.amd64.rpm
924018f6f4abe98841068c1708229e09 amd64/10.0/RPMS/lib64gdk-pixbuf-gnomecanvas1-0.22.0-2.2.100mdk.amd64.rpm
5a14fee773367fc440566e7922a09579 amd64/10.0/RPMS/lib64gdk-pixbuf-xlib2-0.22.0-2.2.100mdk.amd64.rpm
13b76036783088ade2f56b697cc8c2ac amd64/10.0/RPMS/lib64gdk-pixbuf2-0.22.0-2.2.100mdk.amd64.rpm
f8375076c5c0de45494b717fc86f7c97 amd64/10.0/RPMS/lib64gdk-pixbuf2-devel-0.22.0-2.2.100mdk.amd64.rpm
d8083e6a741ba196202b3beba6ec6533 amd64/10.0/SRPMS/gdk-pixbuf-0.22.0-2.2.100mdk.src.rpm
b5dc1e354716a812c2b1eaffb69029f9 amd64/10.0/RPMS/gtk+2.0-2.2.4-10.1.100mdk.amd64.rpm
ddcf934113e300381b3f0311cd7df849 amd64/10.0/RPMS/lib64gdk_pixbuf2.0_0-2.2.4-10.1.100mdk.amd64.rpm
b003aa7e7f825327a6e2b18d0be53fb1 amd64/10.0/RPMS/lib64gdk_pixbuf2.0_0-devel-2.2.4-10.1.100mdk.amd64.rpm
1f6b5579bf13a04eefa01686feec455f amd64/10.0/RPMS/lib64gtk+-linuxfb-2.0_0-2.2.4-10.1.100mdk.amd64.rpm
ce660c9b9e0111a0fef8178732d4f614 amd64/10.0/RPMS/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-10.1.100mdk.amd64.rpm
cb3e62c954221b745bb0dc0288674f3f amd64/10.0/RPMS/lib64gtk+-x11-2.0_0-2.2.4-10.1.100mdk.amd64.rpm
546d7b306fb21cd6cc15eb9fc383a2d0 amd64/10.0/RPMS/lib64gtk+2.0_0-2.2.4-10.1.100mdk.amd64.rpm
3c3c00ceb1235d58e6f6b9e6bbe9044a amd64/10.0/RPMS/lib64gtk+2.0_0-devel-2.2.4-10.1.100mdk.amd64.rpm
80b1d38274cffc8796e5a3ab205f3e7d amd64/10.0/SRPMS/gtk+2.0-2.2.4-10.1.100mdk.src.rpm
Mandrakelinux 9.2:
bf8f3710f9792ea4a3129410afbf1cda 9.2/RPMS/gdk-pixbuf-loaders-0.22.0-2.2.92mdk.i586.rpm
2ab77930f412c6f3a0373134b24b1165 9.2/RPMS/libgdk-pixbuf-gnomecanvas1-0.22.0-2.2.92mdk.i586.rpm
0a4c0705ff1c118424b1570a9b2acc2f 9.2/RPMS/libgdk-pixbuf-xlib2-0.22.0-2.2.92mdk.i586.rpm
95d4691c391b146db6ff14619dd53227 9.2/RPMS/libgdk-pixbuf2-0.22.0-2.2.92mdk.i586.rpm
020d320f39d69ce1e3b340938eac0256 9.2/RPMS/libgdk-pixbuf2-devel-0.22.0-2.2.92mdk.i586.rpm
a7f6afac10617f2171f8a796987ba0fb 9.2/SRPMS/gdk-pixbuf-0.22.0-2.2.92mdk.src.rpm
328642197df7603b7ff700d3b5ca12cf 9.2/RPMS/gtk+2.0-2.2.4-2.1.92mdk.i586.rpm
1650e731804b10685bb1b0ccf101b389 9.2/RPMS/libgdk_pixbuf2.0_0-2.2.4-2.1.92mdk.i586.rpm
5722237cd995567e4ed3be4139d9d96d 9.2/RPMS/libgdk_pixbuf2.0_0-devel-2.2.4-2.1.92mdk.i586.rpm
f26d81eed60057e456fffe42a9a01437 9.2/RPMS/libgtk+-linuxfb-2.0_0-2.2.4-2.1.92mdk.i586.rpm
daa0ca425129e332476c4fc8f9709ff1 9.2/RPMS/libgtk+-linuxfb-2.0_0-devel-2.2.4-2.1.92mdk.i586.rpm
da70d8bdacb5c1d2e9d301a389ddb82e 9.2/RPMS/libgtk+-x11-2.0_0-2.2.4-2.1.92mdk.i586.rpm
8a66354ff887f9d280681759734509c0 9.2/RPMS/libgtk+2.0_0-2.2.4-2.1.92mdk.i586.rpm
d0c7f1573d1e3368814ec9c35ea6dd5a 9.2/RPMS/libgtk+2.0_0-devel-2.2.4-2.1.92mdk.i586.rpm
5dc4e93ced7632259aaf1278c38dd347 9.2/SRPMS/gtk+2.0-2.2.4-2.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
e6fa6dcf9860cbcde2d2dda9414e22a8 amd64/9.2/RPMS/gdk-pixbuf-loaders-0.22.0-2.2.92mdk.amd64.rpm
182bd59ea26eb0ea4b93bf880bb97be4 amd64/9.2/RPMS/lib64gdk-pixbuf-gnomecanvas1-0.22.0-2.2.92mdk.amd64.rpm
d10c1f03a8f14a6604ec6d5f2df9d5f1 amd64/9.2/RPMS/lib64gdk-pixbuf-xlib2-0.22.0-2.2.92mdk.amd64.rpm
b424932876f00a98b9c4b2722b97473e amd64/9.2/RPMS/lib64gdk-pixbuf2-0.22.0-2.2.92mdk.amd64.rpm
81dfec9c414854253d54bbac2565dfb1 amd64/9.2/RPMS/lib64gdk-pixbuf2-devel-0.22.0-2.2.92mdk.amd64.rpm
a7f6afac10617f2171f8a796987ba0fb amd64/9.2/SRPMS/gdk-pixbuf-0.22.0-2.2.92mdk.src.rpm
a090868933ecbda11441f81abea5f39b amd64/9.2/RPMS/gtk+2.0-2.2.4-2.1.92mdk.amd64.rpm
e0c151dc3a22cb61f39a3686e0389432 amd64/9.2/RPMS/lib64gdk_pixbuf2.0_0-2.2.4-2.1.92mdk.amd64.rpm
1e427925b97e0200fe0908fee1516ad7 amd64/9.2/RPMS/lib64gdk_pixbuf2.0_0-devel-2.2.4-2.1.92mdk.amd64.rpm
74574e4676ce7322f1dcca7c602f56e6 amd64/9.2/RPMS/lib64gtk+-linuxfb-2.0_0-2.2.4-2.1.92mdk.amd64.rpm
59907a6229374428927b54d2fedeb78c amd64/9.2/RPMS/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-2.1.92mdk.amd64.rpm
d161e7dab4e9dc17ecc4fa6cbdc24ecb amd64/9.2/RPMS/lib64gtk+-x11-2.0_0-2.2.4-2.1.92mdk.amd64.rpm
03eb76253ed818631a08fd8474c8a351 amd64/9.2/RPMS/lib64gtk+2.0_0-2.2.4-2.1.92mdk.amd64.rpm
8990247a796b55339d5b1b1237b06c97 amd64/9.2/RPMS/lib64gtk+2.0_0-devel-2.2.4-2.1.92mdk.amd64.rpm
5dc4e93ced7632259aaf1278c38dd347 amd64/9.2/SRPMS/gtk+2.0-2.2.4-2.1.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBS0wrmqjQ0CJFipgRAuWYAJ4gJYDFZKu+OqVi2VKMeMRdYHHiWQCgqu42
IY4viuVUlVroGe8G305OEnc=
=fwSj
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists