lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1HEsWb-00069K-6t@artemis.annvix.ca>
Date: Wed, 07 Feb 2007 12:32:13 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:039 ] - Updated gtk+2.0 packages address DoS, LSB issues, several bugs


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:039
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gtk+2.0
 Date    : February 7, 2007
 Affected: 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2)
 allows context-dependent attackers to cause a denial of service (crash)
 via a malformed image file. (CVE-2007-0010)

 The version of libgtk+2.0 shipped with Mandriva Linux 2007 fails
 various portions of the lsb-test-desktop test suite, part of LSB 3.1
 certification testing.

 The updated packages also address the following issues:

 The Home and Desktop entries in the GTK File Chooser are not always
 visible (#26644).

 GTK+-based applications (which includes all the Mandriva Linux
 configuration tools, for example) crash (instead of falling back to the
 default theme) when an invalid icon theme is selected. (#27013)

 Additional patches from GNOME CVS have been included to address the
 following issues from the GNOME bugzilla:

 * 357132 				- fix RGBA colormap issue

 * 359537,357280,359052 		- fix various printer bugs

 * 357566,353736,357050,363437,379503   - fix various crashes

 * 372527				- fix fileselector bug +

 potential deadlock
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0010
 http://qa.mandriva.com/show_bug.cgi?id=26644
 http://qa.mandriva.com/show_bug.cgi?id=27013
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 6b0b76ba984d8432cca4e8d938c51844  2007.0/i586/gtk+2.0-2.10.3-5.3mdv2007.0.i586.rpm
 015aa62677f20cf6b9f89301014ccf4d  2007.0/i586/libgdk_pixbuf2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
 8f6bc5e09ee08263633e3601d1d21069  2007.0/i586/libgdk_pixbuf2.0_0-devel-2.10.3-5.3mdv2007.0.i586.rpm
 ef1f5a96362f5fafb982520897283919  2007.0/i586/libgtk+-x11-2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
 b96eeb174cba468e8064890668b43a56  2007.0/i586/libgtk+2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
 65f2ea83177a38b1682f4d4e5e633aea  2007.0/i586/libgtk+2.0_0-devel-2.10.3-5.3mdv2007.0.i586.rpm 
 4f15cba4c1c1b6e37dfe9f0b5b73401c  2007.0/SRPMS/gtk+2.0-2.10.3-5.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 b2470dc8cd884cf15dc47e29dbdb36de  2007.0/x86_64/gtk+2.0-2.10.3-5.3mdv2007.0.x86_64.rpm
 11d3f44a7f55f4899984e33a07c8f722  2007.0/x86_64/lib64gdk_pixbuf2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
 33c26bea1a14b147f41e45467d6894e3  2007.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.10.3-5.3mdv2007.0.x86_64.rpm
 2e3855166383646465a01bd56e1529b7  2007.0/x86_64/lib64gtk+-x11-2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
 4fea83682012ad4c5571e205b04dc7d1  2007.0/x86_64/lib64gtk+2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
 04f7f152d4e99d6c71043554e2adfa3a  2007.0/x86_64/lib64gtk+2.0_0-devel-2.10.3-5.3mdv2007.0.x86_64.rpm 
 4f15cba4c1c1b6e37dfe9f0b5b73401c  2007.0/SRPMS/gtk+2.0-2.10.3-5.3mdv2007.0.src.rpm

 Corporate 3.0:
 7d4501132efb62d24276152ccc23a2e0  corporate/3.0/i586/gtk+2.0-2.2.4-10.6.C30mdk.i586.rpm
 f8828f652ae310e3de135f181e3c6f19  corporate/3.0/i586/libgdk_pixbuf2.0_0-2.2.4-10.6.C30mdk.i586.rpm
 d99f6327006f96e8b170c20500d64985  corporate/3.0/i586/libgdk_pixbuf2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
 f2a98b2036167b780e87e2cd0d105983  corporate/3.0/i586/libgtk+-linuxfb-2.0_0-2.2.4-10.6.C30mdk.i586.rpm
 e28fbfc9664db29c37517ca8957647c0  corporate/3.0/i586/libgtk+-linuxfb-2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
 8b80464f88674e0bf5f7ed06efafcb72  corporate/3.0/i586/libgtk+-x11-2.0_0-2.2.4-10.6.C30mdk.i586.rpm
 b154589c077c790b1f71379194ed84a6  corporate/3.0/i586/libgtk+2.0_0-2.2.4-10.6.C30mdk.i586.rpm
 819ee9fa563420c37d7cae612c3a6bec  corporate/3.0/i586/libgtk+2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm 
 dbe156cf5e976fc744b635eab3e88884  corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 bed655ae3c4d6635e87488eefebe7e12  corporate/3.0/x86_64/gtk+2.0-2.2.4-10.6.C30mdk.x86_64.rpm
 369daff90b35687abae6ad34cf513af3  corporate/3.0/x86_64/lib64gdk_pixbuf2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
 3675f57dd8e738cd1674db6518cd7c0d  corporate/3.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
 28dfaebd73dacca8fc2497caeac619a5  corporate/3.0/x86_64/lib64gtk+-linuxfb-2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
 22b487085911cce6fa8a5f2d6557009b  corporate/3.0/x86_64/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
 e0cf2152fc480ab73e4236de7a186d23  corporate/3.0/x86_64/lib64gtk+-x11-2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
 512547fd9c3efca43b7c000fdbaedec3  corporate/3.0/x86_64/lib64gtk+2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
 4aac840549a80fa69f5f527ce6b09421  corporate/3.0/x86_64/lib64gtk+2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm 
 dbe156cf5e976fc744b635eab3e88884  corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.6.C30mdk.src.rpm

 Corporate 4.0:
 ab946717fc68226a2fbb8964fa4a9cb4  corporate/4.0/i586/gtk+2.0-2.8.3-4.3.20060mlcs4.i586.rpm
 28f5073f9effbb65613c2f7b6ceae180  corporate/4.0/i586/libgdk_pixbuf2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
 0b32eb04192333a7ae6c297befca476f  corporate/4.0/i586/libgdk_pixbuf2.0_0-devel-2.8.3-4.3.20060mlcs4.i586.rpm
 d2054c43e2fcc262c35ae3bd18736b69  corporate/4.0/i586/libgtk+-x11-2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
 28f6ac38124b6a46a22e83f870c93693  corporate/4.0/i586/libgtk+2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
 f9cd95997500fe783119dd1fe797bf85  corporate/4.0/i586/libgtk+2.0_0-devel-2.8.3-4.3.20060mlcs4.i586.rpm 
 fd9738d1b171f76decea52a1abd344a2  corporate/4.0/SRPMS/gtk+2.0-2.8.3-4.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 0e705604eb73b7c181d3b7663e39e664  corporate/4.0/x86_64/gtk+2.0-2.8.3-4.3.20060mlcs4.x86_64.rpm
 808a4be8218c00b62057de06edae248c  corporate/4.0/x86_64/lib64gdk_pixbuf2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
 379c2977cf755ab760d5693dcaa28be0  corporate/4.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.8.3-4.3.20060mlcs4.x86_64.rpm
 193c57c8073552decc25d755536db21d  corporate/4.0/x86_64/lib64gtk+-x11-2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
 1c2e7713425fc786bd7a60b4fe106d28  corporate/4.0/x86_64/lib64gtk+2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
 b8436740a32a0fce48bdb9df3234b1f6  corporate/4.0/x86_64/lib64gtk+2.0_0-devel-2.8.3-4.3.20060mlcs4.x86_64.rpm 
 fd9738d1b171f76decea52a1abd344a2  corporate/4.0/SRPMS/gtk+2.0-2.8.3-4.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFyf3/mqjQ0CJFipgRAtYmAJ9uAEfC6fiUknh970LL+YOl0FZYmACfZ7o/
3HjHNMoqq7j5xfaqomAcy34=
=M9jU
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ