<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2004:095-1 - Updated gdk-pixbuf and gtk+2 packages fix image loading vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           gdk-pixbuf/gtk+2
 Advisory ID:            MDKSA-2004:095-1
 Date:                   September 17th, 2004
 Original Advisory Date: September 15th, 2004
 Affected versions:      10.0, 9.2
 ______________________________________________________________________

 Problem Description:

 A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP
 image could send the bmp loader into an infinite loop (CAN-2004-0753).
 
 Chris Evans found a heap-based overflow and a stack-based overflow in
 the xpm loader of gdk-pixbuf (CAN-2004-0782 and CAN-2004-0783).
 
 Chris Evans also discovered an integer overflow in the ico loader of
 gdk-pixbuf (CAN-2004-0788).
 
 All four problems have been corrected in these updated packages.
  
Update:

 The previous package had an incorrect patch applied that would cause
 some problems with other programs.  The updated packages have the
 correct patch applied.
 
 As well, patched gtk+2 packages, which also contain gdk-pixbuf, are
 now provided.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0782
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0783
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0788
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 8e876939c906d6f9dd26df036c7034c1  
10.0/RPMS/gdk-pixbuf-loaders-0.22.0-2.2.100mdk.i586.rpm
 ee4ccc32d2c7d17ad602ba391c1c46ff  
10.0/RPMS/libgdk-pixbuf-gnomecanvas1-0.22.0-2.2.100mdk.i586.rpm
 b1e29d741dfd0b4db56085e346663d66  
10.0/RPMS/libgdk-pixbuf-xlib2-0.22.0-2.2.100mdk.i586.rpm
 acd358e06b571209fa07ed81d6f08c6f  
10.0/RPMS/libgdk-pixbuf2-0.22.0-2.2.100mdk.i586.rpm
 6f866e24c433387958ff737bcdf5e424  
10.0/RPMS/libgdk-pixbuf2-devel-0.22.0-2.2.100mdk.i586.rpm
 d8083e6a741ba196202b3beba6ec6533  
10.0/SRPMS/gdk-pixbuf-0.22.0-2.2.100mdk.src.rpm
 d49f667b621b191ef971380f46323fb3  10.0/RPMS/gtk+2.0-2.2.4-10.1.100mdk.i586.rpm
 b6582a8ad1236a1d69bdbdbe5188234a  
10.0/RPMS/libgdk_pixbuf2.0_0-2.2.4-10.1.100mdk.i586.rpm
 3eca5e1e74c3cda7cd8e5344388c47d2  
10.0/RPMS/libgdk_pixbuf2.0_0-devel-2.2.4-10.1.100mdk.i586.rpm
 3803aa8ad8bf2cfa552e8dc3035d529a  
10.0/RPMS/libgtk+-linuxfb-2.0_0-2.2.4-10.1.100mdk.i586.rpm
 141d8446994456d82389932eeffe33cf  
10.0/RPMS/libgtk+-linuxfb-2.0_0-devel-2.2.4-10.1.100mdk.i586.rpm
 56f8b5bb0aeaaeccd582250868008695  
10.0/RPMS/libgtk+-x11-2.0_0-2.2.4-10.1.100mdk.i586.rpm
 a56a6e8aecb12b48b0f9de75d987a035  
10.0/RPMS/libgtk+2.0_0-2.2.4-10.1.100mdk.i586.rpm
 690b201975e573c5467a6767fb349beb  
10.0/RPMS/libgtk+2.0_0-devel-2.2.4-10.1.100mdk.i586.rpm
 80b1d38274cffc8796e5a3ab205f3e7d  10.0/SRPMS/gtk+2.0-2.2.4-10.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 3205a9334ed0de43d3d5c26a2294e800  
amd64/10.0/RPMS/gdk-pixbuf-loaders-0.22.0-2.2.100mdk.amd64.rpm
 924018f6f4abe98841068c1708229e09  
amd64/10.0/RPMS/lib64gdk-pixbuf-gnomecanvas1-0.22.0-2.2.100mdk.amd64.rpm
 5a14fee773367fc440566e7922a09579  
amd64/10.0/RPMS/lib64gdk-pixbuf-xlib2-0.22.0-2.2.100mdk.amd64.rpm
 13b76036783088ade2f56b697cc8c2ac  
amd64/10.0/RPMS/lib64gdk-pixbuf2-0.22.0-2.2.100mdk.amd64.rpm
 f8375076c5c0de45494b717fc86f7c97  
amd64/10.0/RPMS/lib64gdk-pixbuf2-devel-0.22.0-2.2.100mdk.amd64.rpm
 d8083e6a741ba196202b3beba6ec6533  
amd64/10.0/SRPMS/gdk-pixbuf-0.22.0-2.2.100mdk.src.rpm
 b5dc1e354716a812c2b1eaffb69029f9  
amd64/10.0/RPMS/gtk+2.0-2.2.4-10.1.100mdk.amd64.rpm
 ddcf934113e300381b3f0311cd7df849  
amd64/10.0/RPMS/lib64gdk_pixbuf2.0_0-2.2.4-10.1.100mdk.amd64.rpm
 b003aa7e7f825327a6e2b18d0be53fb1  
amd64/10.0/RPMS/lib64gdk_pixbuf2.0_0-devel-2.2.4-10.1.100mdk.amd64.rpm
 1f6b5579bf13a04eefa01686feec455f  
amd64/10.0/RPMS/lib64gtk+-linuxfb-2.0_0-2.2.4-10.1.100mdk.amd64.rpm
 ce660c9b9e0111a0fef8178732d4f614  
amd64/10.0/RPMS/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-10.1.100mdk.amd64.rpm
 cb3e62c954221b745bb0dc0288674f3f  
amd64/10.0/RPMS/lib64gtk+-x11-2.0_0-2.2.4-10.1.100mdk.amd64.rpm
 546d7b306fb21cd6cc15eb9fc383a2d0  
amd64/10.0/RPMS/lib64gtk+2.0_0-2.2.4-10.1.100mdk.amd64.rpm
 3c3c00ceb1235d58e6f6b9e6bbe9044a  
amd64/10.0/RPMS/lib64gtk+2.0_0-devel-2.2.4-10.1.100mdk.amd64.rpm
 80b1d38274cffc8796e5a3ab205f3e7d  
amd64/10.0/SRPMS/gtk+2.0-2.2.4-10.1.100mdk.src.rpm

 Mandrakelinux 9.2:
 bf8f3710f9792ea4a3129410afbf1cda  
9.2/RPMS/gdk-pixbuf-loaders-0.22.0-2.2.92mdk.i586.rpm
 2ab77930f412c6f3a0373134b24b1165  
9.2/RPMS/libgdk-pixbuf-gnomecanvas1-0.22.0-2.2.92mdk.i586.rpm
 0a4c0705ff1c118424b1570a9b2acc2f  
9.2/RPMS/libgdk-pixbuf-xlib2-0.22.0-2.2.92mdk.i586.rpm
 95d4691c391b146db6ff14619dd53227  
9.2/RPMS/libgdk-pixbuf2-0.22.0-2.2.92mdk.i586.rpm
 020d320f39d69ce1e3b340938eac0256  
9.2/RPMS/libgdk-pixbuf2-devel-0.22.0-2.2.92mdk.i586.rpm
 a7f6afac10617f2171f8a796987ba0fb  9.2/SRPMS/gdk-pixbuf-0.22.0-2.2.92mdk.src.rpm
 328642197df7603b7ff700d3b5ca12cf  9.2/RPMS/gtk+2.0-2.2.4-2.1.92mdk.i586.rpm
 1650e731804b10685bb1b0ccf101b389  
9.2/RPMS/libgdk_pixbuf2.0_0-2.2.4-2.1.92mdk.i586.rpm
 5722237cd995567e4ed3be4139d9d96d  
9.2/RPMS/libgdk_pixbuf2.0_0-devel-2.2.4-2.1.92mdk.i586.rpm
 f26d81eed60057e456fffe42a9a01437  
9.2/RPMS/libgtk+-linuxfb-2.0_0-2.2.4-2.1.92mdk.i586.rpm
 daa0ca425129e332476c4fc8f9709ff1  
9.2/RPMS/libgtk+-linuxfb-2.0_0-devel-2.2.4-2.1.92mdk.i586.rpm
 da70d8bdacb5c1d2e9d301a389ddb82e  
9.2/RPMS/libgtk+-x11-2.0_0-2.2.4-2.1.92mdk.i586.rpm
 8a66354ff887f9d280681759734509c0  
9.2/RPMS/libgtk+2.0_0-2.2.4-2.1.92mdk.i586.rpm
 d0c7f1573d1e3368814ec9c35ea6dd5a  
9.2/RPMS/libgtk+2.0_0-devel-2.2.4-2.1.92mdk.i586.rpm
 5dc4e93ced7632259aaf1278c38dd347  9.2/SRPMS/gtk+2.0-2.2.4-2.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 e6fa6dcf9860cbcde2d2dda9414e22a8  
amd64/9.2/RPMS/gdk-pixbuf-loaders-0.22.0-2.2.92mdk.amd64.rpm
 182bd59ea26eb0ea4b93bf880bb97be4  
amd64/9.2/RPMS/lib64gdk-pixbuf-gnomecanvas1-0.22.0-2.2.92mdk.amd64.rpm
 d10c1f03a8f14a6604ec6d5f2df9d5f1  
amd64/9.2/RPMS/lib64gdk-pixbuf-xlib2-0.22.0-2.2.92mdk.amd64.rpm
 b424932876f00a98b9c4b2722b97473e  
amd64/9.2/RPMS/lib64gdk-pixbuf2-0.22.0-2.2.92mdk.amd64.rpm
 81dfec9c414854253d54bbac2565dfb1  
amd64/9.2/RPMS/lib64gdk-pixbuf2-devel-0.22.0-2.2.92mdk.amd64.rpm
 a7f6afac10617f2171f8a796987ba0fb  
amd64/9.2/SRPMS/gdk-pixbuf-0.22.0-2.2.92mdk.src.rpm
 a090868933ecbda11441f81abea5f39b  
amd64/9.2/RPMS/gtk+2.0-2.2.4-2.1.92mdk.amd64.rpm
 e0c151dc3a22cb61f39a3686e0389432  
amd64/9.2/RPMS/lib64gdk_pixbuf2.0_0-2.2.4-2.1.92mdk.amd64.rpm
 1e427925b97e0200fe0908fee1516ad7  
amd64/9.2/RPMS/lib64gdk_pixbuf2.0_0-devel-2.2.4-2.1.92mdk.amd64.rpm
 74574e4676ce7322f1dcca7c602f56e6  
amd64/9.2/RPMS/lib64gtk+-linuxfb-2.0_0-2.2.4-2.1.92mdk.amd64.rpm
 59907a6229374428927b54d2fedeb78c  
amd64/9.2/RPMS/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-2.1.92mdk.amd64.rpm
 d161e7dab4e9dc17ecc4fa6cbdc24ecb  
amd64/9.2/RPMS/lib64gtk+-x11-2.0_0-2.2.4-2.1.92mdk.amd64.rpm
 03eb76253ed818631a08fd8474c8a351  
amd64/9.2/RPMS/lib64gtk+2.0_0-2.2.4-2.1.92mdk.amd64.rpm
 8990247a796b55339d5b1b1237b06c97  
amd64/9.2/RPMS/lib64gtk+2.0_0-devel-2.2.4-2.1.92mdk.amd64.rpm
 5dc4e93ced7632259aaf1278c38dd347  
amd64/9.2/SRPMS/gtk+2.0-2.2.4-2.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBS0wrmqjQ0CJFipgRAuWYAJ4gJYDFZKu+OqVi2VKMeMRdYHHiWQCgqu42
IY4viuVUlVroGe8G305OEnc=
=fwSj
-----END PGP SIGNATURE-----