[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070201201627.GP2912@outflux.net>
Date: Thu, 1 Feb 2007 12:16:27 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-415-1] GTK vulnerability
===========================================================
Ubuntu Security Notice USN-415-1 February 01, 2007
gtk+2.0 vulnerability
CVE-2007-0010
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
libgtk2.0-0 2.8.6-0ubuntu2.2
Ubuntu 6.06 LTS:
libgtk2.0-0 2.8.20-0ubuntu1.1
Ubuntu 6.10:
libgtk2.0-0 2.10.6-0ubuntu3.1
After a standard system upgrade you need to restart your session to
effect the necessary changes.
Details follow:
A flaw was discovered in the error handling of GTK's image loading
library. Applications opening certain corrupted images could be made to
crash, causing a denial of service.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.8.6-0ubuntu2.2.diff.gz
Size/MD5: 53567 95c724004c1bb76494afaa5c1da242f3
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.8.6-0ubuntu2.2.dsc
Size/MD5: 2109 2b693a76afee2529de8f319d1ee965e3
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.8.6.orig.tar.gz
Size/MD5: 17454378 9787feb9a4ece62aec9cf1d7e676ba6d
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-common_2.8.6-0ubuntu2.2_all.deb
Size/MD5: 3413690 432f25a61507d20643d2ad0d6c99dcb9
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-doc_2.8.6-0ubuntu2.2_all.deb
Size/MD5: 2378196 b422bb5c644130368b3376e0d6e3899a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.6-0ubuntu2.2_amd64.deb
Size/MD5: 52580 3ab1b0fac35302ad09ad9c4a02ff2bed
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.6-0ubuntu2.2_amd64.deb
Size/MD5: 270872 df5eb1d63f2efa811390a7680bb23580
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.6-0ubuntu2.2_amd64.deb
Size/MD5: 4236666 c36e972a9c697b86e228724aa7c4a419
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.6-0ubuntu2.2_amd64.deb
Size/MD5: 2273224 f1b4178aa23273faf3cf61520904133c
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.6-0ubuntu2.2_amd64.deb
Size/MD5: 23074 517678fe1aeba00dbd282e32a5e57b40
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.6-0ubuntu2.2_amd64.deb
Size/MD5: 2609232 ba871db6a75e2a625ffde146b308848f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.6-0ubuntu2.2_i386.deb
Size/MD5: 46860 8b1894d2c838a293df689d3b72dd1588
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.6-0ubuntu2.2_i386.deb
Size/MD5: 264494 94aeef4b0bc7a73c142f9141b0b28ef6
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.6-0ubuntu2.2_i386.deb
Size/MD5: 3564270 2ef6527a62f806098d27e6ee954ae56d
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.6-0ubuntu2.2_i386.deb
Size/MD5: 2052718 3040cccf99b69bae9e470a70cc35b71a
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.6-0ubuntu2.2_i386.deb
Size/MD5: 21318 1416fc8f37d3b818287bc9248a30de2e
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.6-0ubuntu2.2_i386.deb
Size/MD5: 2215558 7fefdbb5a5326d5b08b678467aac9060
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.6-0ubuntu2.2_powerpc.deb
Size/MD5: 53444 52c89263439997ab446f9b03cff2a22e
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.6-0ubuntu2.2_powerpc.deb
Size/MD5: 269698 a59f45e4a19f1733007409ec3a981275
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.6-0ubuntu2.2_powerpc.deb
Size/MD5: 4190084 4b0fb76503bf11660193d600b2280a86
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.6-0ubuntu2.2_powerpc.deb
Size/MD5: 2250150 81eb6be71a7f0ebdcf30f3a67c8e0394
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.6-0ubuntu2.2_powerpc.deb
Size/MD5: 25734 52e3775c12a7a00c6704210a2bfaa38d
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.6-0ubuntu2.2_powerpc.deb
Size/MD5: 2709446 a6979caef7b0e7b3487467b4cd4a1641
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.6-0ubuntu2.2_sparc.deb
Size/MD5: 48278 992476b395d17a91abc83265b10029b5
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.6-0ubuntu2.2_sparc.deb
Size/MD5: 266330 462a5d68e9e04f470594679be5e57f29
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.6-0ubuntu2.2_sparc.deb
Size/MD5: 3579788 ad56264068853a9a44ae2f34e0abf4db
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.6-0ubuntu2.2_sparc.deb
Size/MD5: 2168996 4ed31dd46d0422da88a3bb9a13bca0eb
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.6-0ubuntu2.2_sparc.deb
Size/MD5: 21312 a766555cc9cddcb2bc33450ff5acce80
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.6-0ubuntu2.2_sparc.deb
Size/MD5: 2469436 3797581c342f564b0c155d6a09aeb0cd
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.8.20-0ubuntu1.1.diff.gz
Size/MD5: 58252 d88469fa8fc499f671771520be9ebb02
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.8.20-0ubuntu1.1.dsc
Size/MD5: 2103 22a61291e41ac5027225a99901f14618
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.8.20.orig.tar.gz
Size/MD5: 18183644 3dae3292a8651f1e176cdfe21907add5
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-common_2.8.20-0ubuntu1.1_all.deb
Size/MD5: 3709368 0e964c279739a12e118dc6ad0b312000
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-doc_2.8.20-0ubuntu1.1_all.deb
Size/MD5: 2489678 ebec0df568ca72d728a6d995c599e225
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.20-0ubuntu1.1_amd64.deb
Size/MD5: 77170 2417ad4ebfa4a39d23214f90e28c3177
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.20-0ubuntu1.1_amd64.deb
Size/MD5: 294850 105e63733dfde5df76e732dffac6df98
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.20-0ubuntu1.1_amd64.deb
Size/MD5: 4234430 d489cfae906150b37f091c749540b799
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.20-0ubuntu1.1_amd64.deb
Size/MD5: 2309008 9c75fb993fcef69234496f30aec179a2
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.20-0ubuntu1.1_amd64.deb
Size/MD5: 23044 15a8e02e6f67cd0a016930d9deb9619c
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.20-0ubuntu1.1_amd64.deb
Size/MD5: 2614154 aa0b05a9affbb0fdd6643ecf12f2ffe6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.20-0ubuntu1.1_i386.deb
Size/MD5: 71446 675a693cde0d70f869957c8a700c8cf8
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.20-0ubuntu1.1_i386.deb
Size/MD5: 288556 0fa8de41e8641df9e6b2c114561176b9
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.20-0ubuntu1.1_i386.deb
Size/MD5: 3565166 4a036551f810f2f2ec2639275237ca76
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.20-0ubuntu1.1_i386.deb
Size/MD5: 2086866 0a350ca4886387f665e7ed6e47f21e22
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.20-0ubuntu1.1_i386.deb
Size/MD5: 21190 807336102e043f6660e49699fb46ca2a
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.20-0ubuntu1.1_i386.deb
Size/MD5: 2220058 74745ebaaf25afd6770d903790931c49
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.20-0ubuntu1.1_powerpc.deb
Size/MD5: 77798 c02cbed6afbd0ef2c31bf5343978b49b
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.20-0ubuntu1.1_powerpc.deb
Size/MD5: 293918 64bf576dc1728dbc5a8f4fb1180faa57
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.20-0ubuntu1.1_powerpc.deb
Size/MD5: 4187682 914f9017cb9c9ef6025040b735f2f79a
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.20-0ubuntu1.1_powerpc.deb
Size/MD5: 2283174 70279a914f074f58649b4eb379569a1f
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.20-0ubuntu1.1_powerpc.deb
Size/MD5: 25654 acaf81d57e4030e94aed468bfd2a48b3
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.20-0ubuntu1.1_powerpc.deb
Size/MD5: 2715360 cbd6dd4e922c49378262a735ea87e358
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.8.20-0ubuntu1.1_sparc.deb
Size/MD5: 72330 4e18d93fe87135846459c7396b1037cf
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.8.20-0ubuntu1.1_sparc.deb
Size/MD5: 290492 061b443c712aa8c1daee21279c48d8d8
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.8.20-0ubuntu1.1_sparc.deb
Size/MD5: 3574884 dc6f928b9a9b5a33be0a0b793e168782
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.8.20-0ubuntu1.1_sparc.deb
Size/MD5: 2198290 1b78c9d5cf5e955072aacd80a886c2d8
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.8.20-0ubuntu1.1_sparc.deb
Size/MD5: 21194 cfcb0172331ec5fd7e5430087a82023e
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.8.20-0ubuntu1.1_sparc.deb
Size/MD5: 2470704 cae8ea5731c9a3009fb29fd0911a711a
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.10.6-0ubuntu3.1.diff.gz
Size/MD5: 64053 fc5ad4f058e697dd5c0e62950d255bf9
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.10.6-0ubuntu3.1.dsc
Size/MD5: 1872 77ab92bcb1c1ae0120cdeee322fa317a
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.10.6.orig.tar.gz
Size/MD5: 21303067 6a5e27f9a70a9791bd71208ad9e91a40
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-common_2.10.6-0ubuntu3.1_all.deb
Size/MD5: 4453594 cc2557afc7d150965bc6e61708208cd2
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-doc_2.10.6-0ubuntu3.1_all.deb
Size/MD5: 2629228 2d5d6f3967744f460146c05930ca05ed
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2-engines-pixbuf_2.10.6-0ubuntu3.1_amd64.deb
Size/MD5: 153102 b44ae277a41a72ac3485cae69e853d34
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.10.6-0ubuntu3.1_amd64.deb
Size/MD5: 374760 1b730e89cc725808b15fc5c98d93155a
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.10.6-0ubuntu3.1_amd64.deb
Size/MD5: 4624338 6bc8e98525e5b0ea2c1b9a951f1c1724
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.10.6-0ubuntu3.1_amd64.deb
Size/MD5: 2648908 1baa91c4b199f5bd16f0c84cca3b1b27
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.10.6-0ubuntu3.1_amd64.deb
Size/MD5: 23872 d79cea942090cfcca5553104b802d59b
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.10.6-0ubuntu3.1_amd64.deb
Size/MD5: 2933722 33f833d0f7afd67b9ed6de45647e58d7
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2-engines-pixbuf_2.10.6-0ubuntu3.1_i386.deb
Size/MD5: 148538 59ce2e12e7525233d6968a16f01b20f0
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.10.6-0ubuntu3.1_i386.deb
Size/MD5: 372116 77a7e3f16e281072fe059d99e5ec06ab
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.10.6-0ubuntu3.1_i386.deb
Size/MD5: 4359740 4dd1213be97dc76e2078fb308e68968b
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.10.6-0ubuntu3.1_i386.deb
Size/MD5: 2478760 6f9b2dd4f49652a491843ce3c416df48
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.10.6-0ubuntu3.1_i386.deb
Size/MD5: 22414 b0f7603cbfbe6fd1823d475795239da8
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.10.6-0ubuntu3.1_i386.deb
Size/MD5: 2572082 596ad0522027452db14a9d3cbee2c79c
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2-engines-pixbuf_2.10.6-0ubuntu3.1_powerpc.deb
Size/MD5: 153580 4ca14cf2fa8e14ebf5c45ebfba3f0bb7
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.10.6-0ubuntu3.1_powerpc.deb
Size/MD5: 374938 04fbf250cdeb9c5560a9fa9bc4c1d75b
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.10.6-0ubuntu3.1_powerpc.deb
Size/MD5: 4648720 cfa4c3a4c35d10fa896157f9246de702
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.10.6-0ubuntu3.1_powerpc.deb
Size/MD5: 2634786 5e5a8b0444b2cdcb36278bacae29ddc7
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.10.6-0ubuntu3.1_powerpc.deb
Size/MD5: 26410 cea38564398a2718a3f193eb70404d37
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.10.6-0ubuntu3.1_powerpc.deb
Size/MD5: 3065080 12d36eb7f1deb6fad832c9afc26eddc5
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2-engines-pixbuf_2.10.6-0ubuntu3.1_sparc.deb
Size/MD5: 148546 a539e163ca04a8a8bda52433cbf775bb
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.10.6-0ubuntu3.1_sparc.deb
Size/MD5: 372490 fc1ff17bb515d024110f5bc98ad47196
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.10.6-0ubuntu3.1_sparc.deb
Size/MD5: 4197868 62a1b237740cf2fc7d93bd5ebe947149
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.10.6-0ubuntu3.1_sparc.deb
Size/MD5: 2529100 c5bb01ef0683ff65028a0cd0e3c95df8
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.10.6-0ubuntu3.1_sparc.deb
Size/MD5: 21940 bf16e7ec4d29924ff59fa6eda3796302
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.10.6-0ubuntu3.1_sparc.deb
Size/MD5: 2775314 030a096adef73c1f9b26591f9d65f519
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists