[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050405184354.GA17114@box79162.elkhouse.de>
Date: Tue Apr 5 19:44:03 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-108-1] GDK vulnerability
===========================================================
Ubuntu Security Notice USN-108-1 April 05, 2005
gtk+2.0, gdk-pixbuf vulnerabilities
CAN-2005-0891
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libgdk-pixbuf2
libgtk2.0-0
The problem can be corrected by upgrading the affected package to
version 0.22.0-7ubuntu1.1 (libgdk-pixbuf2) and 2.4.10-1ubuntu1.1
(libgtk2.0-0). In general, a standard system upgrade is sufficient to
effect the necessary changes.
Details follow:
Matthias Clasen discovered a Denial of Service vulnerability in the
BMP image module of gdk. Processing a specially crafted BMP image with
an application using gdk-pixbuf caused an allocated memory block to be
free()'ed twice, leading to a crash of the application. However, it
is believed that this cannot be exploited to execute arbitrary
attacker provided code.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-7ubuntu1.1.diff.gz
Size/MD5: 371559 6eda65660063879e8fcb9c13f32acc8a
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-7ubuntu1.1.dsc
Size/MD5: 723 1733720ee9e346a1564ae45c4e5ab2b2
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0.orig.tar.gz
Size/MD5: 519266 4db0503b5a62533db68b03908b981751
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10-1ubuntu1.1.diff.gz
Size/MD5: 46203 8a6ebac91a341bfec1a4e40e22c6e4e2
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10-1ubuntu1.1.dsc
Size/MD5: 1936 45ca99b8b54fb1a34716380edcdc22d2
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10.orig.tar.gz
Size/MD5: 14140860 b1876ebde3b85bceb576ee5e2ecfd60b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-common_2.4.10-1ubuntu1.1_all.deb
Size/MD5: 2778688 7817b2b2187db31d21ee3c3d72ef6c64
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-doc_2.4.10-1ubuntu1.1_all.deb
Size/MD5: 1877562 392cfa514cdfac3307a5c051a1d83be9
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 261990 acd7487241d60424bf0901a36ea49c20
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_amd64.deb
Size/MD5: 155396 824fb12f5f2c808d1fe9be57d18cc24b
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_amd64.deb
Size/MD5: 8524 1e22ab97a0f2ea92f13f61f1dd8e7901
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_amd64.deb
Size/MD5: 7944 83ccb50f72b4adf65e8dd83cc3112d28
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_amd64.deb
Size/MD5: 183296 412c10985e923bb6f965bba344b1b584
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 2183922 2f95da8893c36ef012daacb33b64a68b
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 13934 3f15e4e19464edee9bec3e03bceb6a5a
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 10299776 69bee0e979b89a26fc2bdfb0d0936da0
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 2841746 da7656c49d7a53144fdcc0cc30e10300
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 258614 b4143d9c3f9508a4d02b321a83587a13
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_i386.deb
Size/MD5: 147238 b753bfcecffb4694572a1fd23f365f25
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_i386.deb
Size/MD5: 7636 69e339f1559495af69bd1e2729a969ae
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_i386.deb
Size/MD5: 7188 fd233fc7c62a0ccb3353d802aa3e347e
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_i386.deb
Size/MD5: 167464 85d56ca9adbbf4b12d90665f14cbab9d
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 2000760 a48d7ccb98352bdec84cb066fb6cad14
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 13288 812f0d4bd1e6fbc7c1b0d85caa11c228
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 10067810 6d984fa1f6b3abaf4a1861aaa955820f
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 2484426 b283dce0ceebe5cfdff2ac86960445b5
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 260412 de11296455cd7b06eea78e6f49a7bcd2
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_powerpc.deb
Size/MD5: 163118 fbde558bcf35a4334b431e362ab854ac
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_powerpc.deb
Size/MD5: 9162 6dd4f1856a9ccd034bb09a4aa691ca0e
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_powerpc.deb
Size/MD5: 9494 af0e66ba1520dedf6f4edd1bddc62a17
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_powerpc.deb
Size/MD5: 192186 88f579eeff03b81ce45ff03dfb260df5
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 2118578 3be811e254b9f042267f937a3b9f8171
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 16056 8f00fc4931970ff94ef915194d81031f
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 10329060 9dfecd1aab94c16f2c8cf90d5e94c91d
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 3084834 2e84877a938df6886104119ba59c8e2a
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050405/6e86e295/attachment.bin
Powered by blists - more mailing lists