lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050405184354.GA17114@box79162.elkhouse.de>
Date: Tue Apr  5 19:44:03 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-108-1] GDK vulnerability

===========================================================
Ubuntu Security Notice USN-108-1 	     April 05, 2005
gtk+2.0, gdk-pixbuf vulnerabilities
CAN-2005-0891
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libgdk-pixbuf2
libgtk2.0-0

The problem can be corrected by upgrading the affected package to
version 0.22.0-7ubuntu1.1 (libgdk-pixbuf2) and 2.4.10-1ubuntu1.1
(libgtk2.0-0). In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Matthias Clasen discovered a Denial of Service vulnerability in the
BMP image module of gdk. Processing a specially crafted BMP image with
an application using gdk-pixbuf caused an allocated memory block to be
free()'ed twice, leading to a crash of the application.  However, it
is believed that this cannot be exploited to execute arbitrary
attacker provided code.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-7ubuntu1.1.diff.gz
      Size/MD5:   371559 6eda65660063879e8fcb9c13f32acc8a
    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-7ubuntu1.1.dsc
      Size/MD5:      723 1733720ee9e346a1564ae45c4e5ab2b2
    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0.orig.tar.gz
      Size/MD5:   519266 4db0503b5a62533db68b03908b981751
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10-1ubuntu1.1.diff.gz
      Size/MD5:    46203 8a6ebac91a341bfec1a4e40e22c6e4e2
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10-1ubuntu1.1.dsc
      Size/MD5:     1936 45ca99b8b54fb1a34716380edcdc22d2
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10.orig.tar.gz
      Size/MD5: 14140860 b1876ebde3b85bceb576ee5e2ecfd60b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-common_2.4.10-1ubuntu1.1_all.deb
      Size/MD5:  2778688 7817b2b2187db31d21ee3c3d72ef6c64
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-doc_2.4.10-1ubuntu1.1_all.deb
      Size/MD5:  1877562 392cfa514cdfac3307a5c051a1d83be9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_amd64.deb
      Size/MD5:   261990 acd7487241d60424bf0901a36ea49c20
    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_amd64.deb
      Size/MD5:   155396 824fb12f5f2c808d1fe9be57d18cc24b
    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_amd64.deb
      Size/MD5:     8524 1e22ab97a0f2ea92f13f61f1dd8e7901
    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_amd64.deb
      Size/MD5:     7944 83ccb50f72b4adf65e8dd83cc3112d28
    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_amd64.deb
      Size/MD5:   183296 412c10985e923bb6f965bba344b1b584
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_amd64.deb
      Size/MD5:  2183922 2f95da8893c36ef012daacb33b64a68b
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_amd64.deb
      Size/MD5:    13934 3f15e4e19464edee9bec3e03bceb6a5a
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_amd64.deb
      Size/MD5: 10299776 69bee0e979b89a26fc2bdfb0d0936da0
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_amd64.deb
      Size/MD5:  2841746 da7656c49d7a53144fdcc0cc30e10300

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_i386.deb
      Size/MD5:   258614 b4143d9c3f9508a4d02b321a83587a13
    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_i386.deb
      Size/MD5:   147238 b753bfcecffb4694572a1fd23f365f25
    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_i386.deb
      Size/MD5:     7636 69e339f1559495af69bd1e2729a969ae
    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_i386.deb
      Size/MD5:     7188 fd233fc7c62a0ccb3353d802aa3e347e
    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_i386.deb
      Size/MD5:   167464 85d56ca9adbbf4b12d90665f14cbab9d
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_i386.deb
      Size/MD5:  2000760 a48d7ccb98352bdec84cb066fb6cad14
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_i386.deb
      Size/MD5:    13288 812f0d4bd1e6fbc7c1b0d85caa11c228
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_i386.deb
      Size/MD5: 10067810 6d984fa1f6b3abaf4a1861aaa955820f
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_i386.deb
      Size/MD5:  2484426 b283dce0ceebe5cfdff2ac86960445b5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_powerpc.deb
      Size/MD5:   260412 de11296455cd7b06eea78e6f49a7bcd2
    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_powerpc.deb
      Size/MD5:   163118 fbde558bcf35a4334b431e362ab854ac
    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_powerpc.deb
      Size/MD5:     9162 6dd4f1856a9ccd034bb09a4aa691ca0e
    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_powerpc.deb
      Size/MD5:     9494 af0e66ba1520dedf6f4edd1bddc62a17
    http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_powerpc.deb
      Size/MD5:   192186 88f579eeff03b81ce45ff03dfb260df5
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_powerpc.deb
      Size/MD5:  2118578 3be811e254b9f042267f937a3b9f8171
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_powerpc.deb
      Size/MD5:    16056 8f00fc4931970ff94ef915194d81031f
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_powerpc.deb
      Size/MD5: 10329060 9dfecd1aab94c16f2c8cf90d5e94c91d
    http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_powerpc.deb
      Size/MD5:  3084834 2e84877a938df6886104119ba59c8e2a
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050405/6e86e295/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ