lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070131220925.GA22041@galadriel.inutil.org>
Date: Wed, 31 Jan 2007 23:09:25 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 1256-1] New gtk+2.0 packages fix
	denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1256-1                    security@...ian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
January 31st, 2007                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gtk+2.0
Vulnerability  : programming error
Problem-Type   : local(remote)
Debian-specific: no
CVE ID         : CVE-2007-0010

It was discovered that the image loading code in the GTK+ graphical user
interface library performs insufficient error handling when loading
malformed images, which may lead to denial of service.

For the stable distribution (sarge) this problem has been fixed in
version 2.6.4-3.2. This update lacks builds for the Motorola 680x0
architecture, which had build problems. Packages will be released once
this problem has been resolved.

For the upcoming stable distribution (etch) this problem has been
fixed in version 2.8.20-5.

For the unstable distribution (sid) this problem has been fixed in
version 2.8.20-5.

We recommend that you upgrade your GTK packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.2.dsc
      Size/MD5 checksum:     2000 924fc66562da7adbee73a2a4108234d0
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.2.diff.gz
      Size/MD5 checksum:    50209 d4acaa3b9b173c72a8f12e4cd4d58ad3
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4.orig.tar.gz
      Size/MD5 checksum: 16354198 a3ab72c9c80384fb707b992eb8b43c13

  Architecture independent components:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.6.4-3.2_all.deb
      Size/MD5 checksum:  2983824 9f8755d13ddee3b68519efef0978ec7e
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-doc_2.6.4-3.2_all.deb
      Size/MD5 checksum:  2317902 c52db4b0b9eb0380773fa123fb1a2a27

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_alpha.deb
      Size/MD5 checksum:    62362 8329abe98a8ef77265a3b0432348a959
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_alpha.deb
      Size/MD5 checksum:   268654 460bc578a95bbff65548415a5dbd8ed5
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_alpha.deb
      Size/MD5 checksum:  2463370 bb69500b048169b06705e7a8ccddba35
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_alpha.deb
      Size/MD5 checksum: 17691526 ce653b8fc37602e34357df4700072b11
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_alpha.deb
      Size/MD5 checksum:    20892 259d0b5099956fe0d66c91272668dfb8
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_alpha.deb
      Size/MD5 checksum:  8474916 2ee3472499398fbb3f1af4c678e48ac2

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_amd64.deb
      Size/MD5 checksum:    55360 3dc0816c858b6647586ad3fb63aae82a
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_amd64.deb
      Size/MD5 checksum:   263278 c8280b595f948d9a1c4a1c7d8a5b9cfe
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_amd64.deb
      Size/MD5 checksum:  2199372 8aa43980bef83c37338ab162067d7b75
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_amd64.deb
      Size/MD5 checksum: 17653842 ac4608896615e56dccfddb0a0d355b01
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_amd64.deb
      Size/MD5 checksum:    19672 8cabd1fe124c2b6c6d3e04a71603ef8a
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_amd64.deb
      Size/MD5 checksum:  7614800 b8d4a474e7b1e2ae5edcb7ec6821a577

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_arm.deb
      Size/MD5 checksum:    53000 d510854eb1715dd2d88e9bbf9ef349bd
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_arm.deb
      Size/MD5 checksum:   255736 3a9dd5d0ecbd3527c7befb5cdcf69829
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_arm.deb
      Size/MD5 checksum:  2042846 e70a73ee37ed16d78d5a357255ee9107
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_arm.deb
      Size/MD5 checksum: 17600310 69ed671651d67bd4ae4ee991b28f24d2
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_arm.deb
      Size/MD5 checksum:    18138 0cd346721990a27af05d0e2f8b44b845
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_arm.deb
      Size/MD5 checksum:  7478086 c361a462643199bd2a0820eacb689db4

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_hppa.deb
      Size/MD5 checksum:    60146 94d96f02508f86bfd25754d389b39376
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_hppa.deb
      Size/MD5 checksum:   263780 0eae29cb6a6f759b814ee87dd6fca132
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_hppa.deb
      Size/MD5 checksum:  2464550 6e07695c5ed60aa1e78ca0092b7c0e73
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_hppa.deb
      Size/MD5 checksum: 17799816 06bef4d2269ba875858a1a3ea382842a
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_hppa.deb
      Size/MD5 checksum:    19742 62ce04f11cab334cb459865792c2d30e
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_hppa.deb
      Size/MD5 checksum:  8408492 3ba1603539d75d948433d2d75fbc4141

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_i386.deb
      Size/MD5 checksum:    51242 6abfee5cca9f6c930ad48493e344fd1e
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_i386.deb
      Size/MD5 checksum:   260274 e3a7fdc0529b0c3343df40e525a2f4a6
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_i386.deb
      Size/MD5 checksum:  2097386 e91b7d11055b80948a9bc52009115e17
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_i386.deb
      Size/MD5 checksum: 17543668 c15a4345d83d0f911df0d0d59d469f3e
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_i386.deb
      Size/MD5 checksum:    18198 1741bd4b6d0f0b9f514858feedafc9f6
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_i386.deb
      Size/MD5 checksum:  7234616 6a32a399f590404f9dc89ef615217b69

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_ia64.deb
      Size/MD5 checksum:    68604 8a2ef1af240960f37b3db020268f7d61
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_ia64.deb
      Size/MD5 checksum:   277030 536d97b01743ec867daaa3d476e2049b
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_ia64.deb
      Size/MD5 checksum:  2894772 4f315bc6c70d81eba08bd6bb0501357b
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_ia64.deb
      Size/MD5 checksum: 17740612 4db7b4bd7de9db2abfa261e495aba932
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_ia64.deb
      Size/MD5 checksum:    22398 bbbe5290b52e2eb4c1aa7c0437a73033
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_ia64.deb
      Size/MD5 checksum:  8622502 4c4739493cb3684fcb2f1a0f2c0e8810

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_mips.deb
      Size/MD5 checksum:    55786 01929f626d18789cb9884c54029f789f
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_mips.deb
      Size/MD5 checksum:   260016 7fd9a2f1e3f92a0b63269e39d31e1584
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_mips.deb
      Size/MD5 checksum:  2122748 dcfd0e6f9888ff2cb07c5008d5c22619
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_mips.deb
      Size/MD5 checksum: 17886428 73169d84d449f63802d7b432179b5536
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_mips.deb
      Size/MD5 checksum:    22852 709c36059d01add78dc19264e6ee0781
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_mips.deb
      Size/MD5 checksum:  8298850 d5f8cec256ec2dc7d3d397f5b971aee2

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_mipsel.deb
      Size/MD5 checksum:    55718 7edfce371461c4b66f98d10ee8b6f6df
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_mipsel.deb
      Size/MD5 checksum:   259914 7d221db5e02fc9429875ad569a540c66
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_mipsel.deb
      Size/MD5 checksum:  2123176 5e0270b0e509d278a30b4148e8a08812
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_mipsel.deb
      Size/MD5 checksum: 17655176 8edfc3ef071c3c56a8d617793cfb4a0e
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_mipsel.deb
      Size/MD5 checksum:    22922 2abaf513ddc723b9025aedf739b4ea83
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_mipsel.deb
      Size/MD5 checksum:  7745332 8a2e0f5550ac277092d5e6cdf9aa970f

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_powerpc.deb
      Size/MD5 checksum:    57000 3671e0e658dd7166faf9d79e518235f7
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_powerpc.deb
      Size/MD5 checksum:   260260 e69a7b4198b91c990e5f72a78084a85d
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_powerpc.deb
      Size/MD5 checksum:  2188036 14a7b08719149d6a1b8e281a62dad948
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_powerpc.deb
      Size/MD5 checksum: 28599066 a5eb56399191742e2ddc583493d3d3d1
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_powerpc.deb
      Size/MD5 checksum:    22186 278f93c9b7e12e45aae1d056578d71b2
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_powerpc.deb
      Size/MD5 checksum:  8260218 9089ba673c623f7173d08f9737c49d62

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_s390.deb
      Size/MD5 checksum:    55380 d74e201e96cdd6517225f743b70812e2
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_s390.deb
      Size/MD5 checksum:   262600 8b8a638168ddab2d581f1b0e0258d41c
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_s390.deb
      Size/MD5 checksum:  2294780 ec24c79be145e2a4a658cbec5fd4a457
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_s390.deb
      Size/MD5 checksum: 18179444 9e164ffb449afbb48aee5c5dbca06077
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_s390.deb
      Size/MD5 checksum:    19570 1619385d8151f92e61bb00eae2a65e71
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_s390.deb
      Size/MD5 checksum:  8354034 02cfaeccd47acd70e204235f610f05b6

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_sparc.deb
      Size/MD5 checksum:    51056 78f0c84fdc078e5e077b4b51a2a261f7
    http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_sparc.deb
      Size/MD5 checksum:   256648 cfcba8eaf83b5e337fca19ba6a55ecae
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_sparc.deb
      Size/MD5 checksum:  2138170 42c3fdc3035380580ffc2a7af02ad024
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_sparc.deb
      Size/MD5 checksum: 17712686 2fe26171dddc6bbde157ef6bcf9532fc
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_sparc.deb
      Size/MD5 checksum:    17894 ccb283bc384929708635dc6665502da0
    http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_sparc.deb
      Size/MD5 checksum:  7951170 764770b52e0e84b9dc192a4bc2ec75f8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFwRNGXm3vHE4uyloRAtaiAJ9htVuyZTZZ/dOrbxOYefJDNThcngCgshC0
oLw2HdXvpvXhsucQ9HoAhGY=
=JA2k
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ