MDKSA-2005:214 - Updated gdk-pixbuf/gtk+2.0 packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2005:214
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gdk-pixbuf
Date : November 18, 2005
Affected: 10.2, 2006.0, Corporate 2.1, Corporate 3.0
_______________________________________________________________________
Problem Description:
A heap overflow vulnerability in the GTK+ gdk-pixbuf XPM image
rendering library could allow for arbitrary code execution. This allows
an attacker to provide a carefully crafted XPM image which could
possibly allow for arbitrary code execution in the context of the user
viewing the image. (CVE-2005-3186)
Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf
processes XPM images. An attacker could create a carefully crafted XPM
file in such a way that it could cause an application linked with
gdk-pixbuf to execute arbitrary code or crash when the file was opened
by a victim. (CVE-2005-2976)
Ludwig Nussel also discovered an infinite-loop denial of service bug
in the way gdk-pixbuf processes XPM images. An attacker could create a
carefully crafted XPM file in such a way that it could cause an
application linked with gdk-pixbuf to stop responding when the file was
opened by a victim. (CVE-2005-2975)
The gtk+2.0 library also contains the same gdk-pixbuf code with the
same vulnerability.
The Corporate Server 2.1 packages have additional patches to address
CAN-2004-0782,0783,0788 (additional XPM/ICO image issues),
CAN-2004-0753 (BMP image issues) and CAN-2005-0891 (additional BMP
issues). These were overlooked on this platform with earlier updates.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0891
_______________________________________________________________________
Updated Packages:
Mandriva Linux 10.2:
35a6ddec557dd5aa4e92adbf7bb87fb0
10.2/RPMS/gdk-pixbuf-loaders-0.22.0-8.2.102mdk.i586.rpm
7eb7bdd86ed24c78bd98002bec1f09c5 10.2/RPMS/gtk+2.0-2.6.4-2.2.102mdk.i586.rpm
b458e6e17be27fe37f3431a5811c4f4a
10.2/RPMS/libgdk_pixbuf2.0_0-2.6.4-2.2.102mdk.i586.rpm
8163bcf88fffcfb6c60bdc7859d61668
10.2/RPMS/libgdk_pixbuf2.0_0-devel-2.6.4-2.2.102mdk.i586.rpm
626388ea3348c8f636faba350dae3e1f
10.2/RPMS/libgdk-pixbuf2-0.22.0-8.2.102mdk.i586.rpm
c84174a9da4885e9258c9e8e8c30a2cf
10.2/RPMS/libgdk-pixbuf2-devel-0.22.0-8.2.102mdk.i586.rpm
8be5808a34211ccbc5fa8800ea5c6704
10.2/RPMS/libgdk-pixbuf-gnomecanvas1-0.22.0-8.2.102mdk.i586.rpm
b4f9403db413ba0e9be2d344f969a7b3
10.2/RPMS/libgdk-pixbuf-xlib2-0.22.0-8.2.102mdk.i586.rpm
49be259e05e3ee1f28c4998fb8a802a1
10.2/RPMS/libgtk+2.0_0-2.6.4-2.2.102mdk.i586.rpm
0e552b9db6b79ede9353266e49df6b79
10.2/RPMS/libgtk+2.0_0-devel-2.6.4-2.2.102mdk.i586.rpm
c35542864bd265aa20ec4a02b15a7d02
10.2/RPMS/libgtk+-x11-2.0_0-2.6.4-2.2.102mdk.i586.rpm
12372f097bb4fe44d6a2e8ca49eca044
10.2/SRPMS/gdk-pixbuf-0.22.0-8.2.102mdk.src.rpm
20b3573192370e17bb3412c0bf6bf4bb 10.2/SRPMS/gtk+2.0-2.6.4-2.2.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
03d62e4d17df48d30441f0ac23132aca
x86_64/10.2/RPMS/gdk-pixbuf-loaders-0.22.0-8.2.102mdk.x86_64.rpm
d016e3f9541b1c357fdb6b5c5e82c3a8
x86_64/10.2/RPMS/gtk+2.0-2.6.4-2.2.102mdk.x86_64.rpm
f32e03ce28f88f6ce7e7441c71ce4544
x86_64/10.2/RPMS/lib64gdk_pixbuf2.0_0-2.6.4-2.2.102mdk.x86_64.rpm
b76c5415637970eea7d11fed98856dfb
x86_64/10.2/RPMS/lib64gdk_pixbuf2.0_0-devel-2.6.4-2.2.102mdk.x86_64.rpm
9a6b58e3a653f7df35c893f87fdbe962
x86_64/10.2/RPMS/lib64gdk-pixbuf2-0.22.0-8.2.102mdk.x86_64.rpm
615ce62271ee01aa3d6b7b06c56887e6
x86_64/10.2/RPMS/lib64gdk-pixbuf2-devel-0.22.0-8.2.102mdk.x86_64.rpm
6eab0ae1c4b22ec6d7248cb20caff223
x86_64/10.2/RPMS/lib64gdk-pixbuf-gnomecanvas1-0.22.0-8.2.102mdk.x86_64.rpm
93bd3152d9f2e66a8b4670ca4b530114
x86_64/10.2/RPMS/lib64gdk-pixbuf-xlib2-0.22.0-8.2.102mdk.x86_64.rpm
fc34af6805471d36e50e8f2b0474c9ab
x86_64/10.2/RPMS/lib64gtk+2.0_0-2.6.4-2.2.102mdk.x86_64.rpm
af379d377d8570a4d8f4b2d37a8c63de
x86_64/10.2/RPMS/lib64gtk+2.0_0-devel-2.6.4-2.2.102mdk.x86_64.rpm
04bef7f1423c2c92c097c2a1f27bf385
x86_64/10.2/RPMS/lib64gtk+-x11-2.0_0-2.6.4-2.2.102mdk.x86_64.rpm
12372f097bb4fe44d6a2e8ca49eca044
x86_64/10.2/SRPMS/gdk-pixbuf-0.22.0-8.2.102mdk.src.rpm
20b3573192370e17bb3412c0bf6bf4bb
x86_64/10.2/SRPMS/gtk+2.0-2.6.4-2.2.102mdk.src.rpm
Mandriva Linux 2006.0:
d9d0be9e0592ba8d76c0c26e5d386a6b
2006.0/RPMS/gdk-pixbuf-loaders-0.22.0-8.2.20060mdk.i586.rpm
6ccbf44dd9ee47a6955808b410a2d9f0
2006.0/RPMS/gtk+2.0-2.8.3-4.2.20060mdk.i586.rpm
901d47bb921b11cd44aba20d4e16fed5
2006.0/RPMS/libgdk_pixbuf2.0_0-2.8.3-4.2.20060mdk.i586.rpm
ed29f729ede5797e86b991c819fb4cfc
2006.0/RPMS/libgdk_pixbuf2.0_0-devel-2.8.3-4.2.20060mdk.i586.rpm
5fd4a4e798edbd0b2946a726f5be61c0
2006.0/RPMS/libgdk-pixbuf2-0.22.0-8.2.20060mdk.i586.rpm
7aaff9eeeb8837319966742deb2221c8
2006.0/RPMS/libgdk-pixbuf2-devel-0.22.0-8.2.20060mdk.i586.rpm
3581c3dc40fd94c3c230e944c5dc233d
2006.0/RPMS/libgdk-pixbuf-gnomecanvas1-0.22.0-8.2.20060mdk.i586.rpm
abfec1845b2331b6fa8e8c8ae7fd6ea8
2006.0/RPMS/libgdk-pixbuf-xlib2-0.22.0-8.2.20060mdk.i586.rpm
820ea1b736330c4b1bea152f936afa3e
2006.0/RPMS/libgtk+2.0_0-2.8.3-4.2.20060mdk.i586.rpm
308876775580855e3fd995eaa9a88f67
2006.0/RPMS/libgtk+2.0_0-devel-2.8.3-4.2.20060mdk.i586.rpm
e719da9bd860af935298763e4c68e943
2006.0/RPMS/libgtk+-x11-2.0_0-2.8.3-4.2.20060mdk.i586.rpm
1172eb0c384f302a6be7b29d1ac06ad0
2006.0/SRPMS/gdk-pixbuf-0.22.0-8.2.20060mdk.src.rpm
c60412628b14382bd94651ba3b0510ec
2006.0/SRPMS/gtk+2.0-2.8.3-4.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
0b0387a3898f25a2141630142a3b8644
x86_64/2006.0/RPMS/gdk-pixbuf-loaders-0.22.0-8.2.20060mdk.x86_64.rpm
551f6613f020971c9d2d04b29a9ae8b1
x86_64/2006.0/RPMS/gtk+2.0-2.8.3-4.2.20060mdk.x86_64.rpm
37eda74125532be96bd1bf3bf8888801
x86_64/2006.0/RPMS/lib64gdk_pixbuf2.0_0-2.8.3-4.2.20060mdk.x86_64.rpm
63e9f0270f024ea3c556d64f10d3a95e
x86_64/2006.0/RPMS/lib64gdk_pixbuf2.0_0-devel-2.8.3-4.2.20060mdk.x86_64.rpm
5a9331585e79b29c73db5f78815c7acf
x86_64/2006.0/RPMS/lib64gdk-pixbuf2-0.22.0-8.2.20060mdk.x86_64.rpm
5d56a02664af053e3c378b181b58872f
x86_64/2006.0/RPMS/lib64gdk-pixbuf2-devel-0.22.0-8.2.20060mdk.x86_64.rpm
83e0b64b4c37f4bd0fb80222e8cbccef
x86_64/2006.0/RPMS/lib64gdk-pixbuf-gnomecanvas1-0.22.0-8.2.20060mdk.x86_64.rpm
7ae8fef556571aaebb15800196a78fd8
x86_64/2006.0/RPMS/lib64gdk-pixbuf-xlib2-0.22.0-8.2.20060mdk.x86_64.rpm
8501607d5cec37b9ca9360a65b93016e
x86_64/2006.0/RPMS/lib64gtk+2.0_0-2.8.3-4.2.20060mdk.x86_64.rpm
e1decb7355fee5b81bcf352853b3a581
x86_64/2006.0/RPMS/lib64gtk+2.0_0-devel-2.8.3-4.2.20060mdk.x86_64.rpm
56678f5b7f25b32b3e91bf0eb75125d8
x86_64/2006.0/RPMS/lib64gtk+-x11-2.0_0-2.8.3-4.2.20060mdk.x86_64.rpm
1172eb0c384f302a6be7b29d1ac06ad0
x86_64/2006.0/SRPMS/gdk-pixbuf-0.22.0-8.2.20060mdk.src.rpm
c60412628b14382bd94651ba3b0510ec
x86_64/2006.0/SRPMS/gtk+2.0-2.8.3-4.2.20060mdk.src.rpm
Corporate Server 2.1:
eb77d6aea246fd1fce30cf70983eef97
corporate/2.1/RPMS/gdk-pixbuf-loaders-0.18.0-3.3.C21mdk.i586.rpm
503674f8eedc566ced07ed37c7b36af1
corporate/2.1/RPMS/gtk+2.0-2.0.6-8.3.C21mdk.i586.rpm
e20d204c0af2e94664dcf19461a7078b
corporate/2.1/RPMS/libgdk_pixbuf2.0_0-2.0.6-8.3.C21mdk.i586.rpm
6cb3a7006878c1ec8058036a97e4dc5f
corporate/2.1/RPMS/libgdk_pixbuf2.0_0-devel-2.0.6-8.3.C21mdk.i586.rpm
be5904d7656771b395fdd62a55007860
corporate/2.1/RPMS/libgdk-pixbuf2-0.18.0-3.3.C21mdk.i586.rpm
8b972da767957bbab46a014dcdf81af6
corporate/2.1/RPMS/libgdk-pixbuf2-devel-0.18.0-3.3.C21mdk.i586.rpm
ca9b5e51db5fc47eb34239a532b5dcc4
corporate/2.1/RPMS/libgdk-pixbuf-gnomecanvas1-0.18.0-3.3.C21mdk.i586.rpm
c6c3304b330263ca6fce717ff53607e2
corporate/2.1/RPMS/libgdk-pixbuf-xlib2-0.18.0-3.3.C21mdk.i586.rpm
daa31d833094db844bdeb42583d0057f
corporate/2.1/RPMS/libgtk+2.0_0-2.0.6-8.3.C21mdk.i586.rpm
e48e36493f66af8c70088f363f8f28c7
corporate/2.1/RPMS/libgtk+2.0_0-devel-2.0.6-8.3.C21mdk.i586.rpm
cfff01a1e83140d221a5103bcb4f4859
corporate/2.1/RPMS/libgtk+-linuxfb-2.0_0-2.0.6-8.3.C21mdk.i586.rpm
abd28ee54616e3e0aac2cb99a47a64cf
corporate/2.1/RPMS/libgtk+-linuxfb-2.0_0-devel-2.0.6-8.3.C21mdk.i586.rpm
2a4ac85ef70c4727452f0d0b2a2887df
corporate/2.1/RPMS/libgtk+-x11-2.0_0-2.0.6-8.3.C21mdk.i586.rpm
8f2c41c1a3d7c29680d9dece02259268
corporate/2.1/RPMS/libgtk+-x11-2.0_0-devel-2.0.6-8.3.C21mdk.i586.rpm
56d389005198b6d590e677c65ddf3fa8
corporate/2.1/SRPMS/gdk-pixbuf-0.18.0-3.3.C21mdk.src.rpm
c0d4bb29fe970d14be372829fa8bf2f2
corporate/2.1/SRPMS/gtk+2.0-2.0.6-8.3.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
0ddfe5a3fde25c5d7c2ba3b03783098a
x86_64/corporate/2.1/RPMS/gdk-pixbuf-loaders-0.18.0-3.3.C21mdk.x86_64.rpm
4ea13c8f5452e16d15d21d82212b985c
x86_64/corporate/2.1/RPMS/gtk+2.0-2.0.6-8.3.C21mdk.x86_64.rpm
4bc150dce20f085232af78f7f3fb00e7
x86_64/corporate/2.1/RPMS/libgdk_pixbuf2.0_0-2.0.6-8.3.C21mdk.x86_64.rpm
7d3a41da3d8fe8716278db40b87220ce
x86_64/corporate/2.1/RPMS/libgdk_pixbuf2.0_0-devel-2.0.6-8.3.C21mdk.x86_64.rpm
3a07246c63730d57377d4fac05fc7e6a
x86_64/corporate/2.1/RPMS/libgdk-pixbuf2-0.18.0-3.3.C21mdk.x86_64.rpm
316a0ca17422ca3258edebf6224a9799
x86_64/corporate/2.1/RPMS/libgdk-pixbuf2-devel-0.18.0-3.3.C21mdk.x86_64.rpm
ee3c011a6dcf6c611190d5f303bc8383
x86_64/corporate/2.1/RPMS/libgdk-pixbuf-gnomecanvas1-0.18.0-3.3.C21mdk.x86_64.rpm
67c47c94032b71f70a5614fb5e8f13cf
x86_64/corporate/2.1/RPMS/libgdk-pixbuf-xlib2-0.18.0-3.3.C21mdk.x86_64.rpm
dfa50729815f5fd71d0c4bace65ff883
x86_64/corporate/2.1/RPMS/libgtk+2.0_0-2.0.6-8.3.C21mdk.x86_64.rpm
05899374ee9599ea2c3060c710baaaae
x86_64/corporate/2.1/RPMS/libgtk+2.0_0-devel-2.0.6-8.3.C21mdk.x86_64.rpm
84ea25e7270e21e6bf034ee99f607a6e
x86_64/corporate/2.1/RPMS/libgtk+-linuxfb-2.0_0-2.0.6-8.3.C21mdk.x86_64.rpm
0a5501fcb376ae58a91f93603d43c854
x86_64/corporate/2.1/RPMS/libgtk+-linuxfb-2.0_0-devel-2.0.6-8.3.C21mdk.x86_64.rpm
8bfff43656ce1b877d6badd647e4228c
x86_64/corporate/2.1/RPMS/libgtk+-x11-2.0_0-2.0.6-8.3.C21mdk.x86_64.rpm
02c5afddb719fb1bd96069da728dee51
x86_64/corporate/2.1/RPMS/libgtk+-x11-2.0_0-devel-2.0.6-8.3.C21mdk.x86_64.rpm
56d389005198b6d590e677c65ddf3fa8
x86_64/corporate/2.1/SRPMS/gdk-pixbuf-0.18.0-3.3.C21mdk.src.rpm
c0d4bb29fe970d14be372829fa8bf2f2
x86_64/corporate/2.1/SRPMS/gtk+2.0-2.0.6-8.3.C21mdk.src.rpm
Corporate 3.0:
cab845d33e298257d8d28eae7832d052
corporate/3.0/RPMS/gdk-pixbuf-loaders-0.22.0-2.5.C30mdk.i586.rpm
1fc6c73c26ec00dc3098d6453bd0ef19
corporate/3.0/RPMS/gtk+2.0-2.2.4-10.5.C30mdk.i586.rpm
4e79270734dfdfe712842181bb94c669
corporate/3.0/RPMS/libgdk_pixbuf2.0_0-2.2.4-10.5.C30mdk.i586.rpm
86de0add553195511d92aff267edeec6
corporate/3.0/RPMS/libgdk_pixbuf2.0_0-devel-2.2.4-10.5.C30mdk.i586.rpm
7055f2c41b4517335c2c4d466feef43b
corporate/3.0/RPMS/libgdk-pixbuf2-0.22.0-2.5.C30mdk.i586.rpm
f34e1a41a107ca6baaef8b215b861b04
corporate/3.0/RPMS/libgdk-pixbuf2-devel-0.22.0-2.5.C30mdk.i586.rpm
54ca34e11e6ec1ca18fda155d64b77ca
corporate/3.0/RPMS/libgdk-pixbuf-gnomecanvas1-0.22.0-2.5.C30mdk.i586.rpm
aa6f1f400222f145d8a2478e27bffc61
corporate/3.0/RPMS/libgdk-pixbuf-xlib2-0.22.0-2.5.C30mdk.i586.rpm
eb8625a04376a66b8e915eb1cff0bfe6
corporate/3.0/RPMS/libgtk+2.0_0-2.2.4-10.5.C30mdk.i586.rpm
77a87c1fa116f932bed11f0359945c02
corporate/3.0/RPMS/libgtk+2.0_0-devel-2.2.4-10.5.C30mdk.i586.rpm
fe25229ee99115542419081eef7c781a
corporate/3.0/RPMS/libgtk+-linuxfb-2.0_0-2.2.4-10.5.C30mdk.i586.rpm
441034ec5acb5457ab9a0ea7056b5bad
corporate/3.0/RPMS/libgtk+-linuxfb-2.0_0-devel-2.2.4-10.5.C30mdk.i586.rpm
3e401b38c5f473cf141c5fc644061d17
corporate/3.0/RPMS/libgtk+-x11-2.0_0-2.2.4-10.5.C30mdk.i586.rpm
7c8aa1e0b50c0b4c810c009b55ae7199
corporate/3.0/SRPMS/gdk-pixbuf-0.22.0-2.5.C30mdk.src.rpm
edec45f53f6c3ffee49e46734c4ef5a9
corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
429118fdbb30b794e29afa5c464828cb
x86_64/corporate/3.0/RPMS/gdk-pixbuf-loaders-0.22.0-2.5.C30mdk.x86_64.rpm
46893bdd78f1f384f3e8ef77b03adcfd
x86_64/corporate/3.0/RPMS/gtk+2.0-2.2.4-10.5.C30mdk.x86_64.rpm
4f937b2cff87eca1a2f0ee6d40fcdef5
x86_64/corporate/3.0/RPMS/lib64gdk_pixbuf2.0_0-2.2.4-10.5.C30mdk.x86_64.rpm
7185bee3b5b248fd1fd5cf25498b01e6
x86_64/corporate/3.0/RPMS/lib64gdk_pixbuf2.0_0-devel-2.2.4-10.5.C30mdk.x86_64.rpm
7f60d761a707c3b6a6bedf09818a4912
x86_64/corporate/3.0/RPMS/lib64gdk-pixbuf2-0.22.0-2.5.C30mdk.x86_64.rpm
dedc5df1fc294bda996217a031d3f486
x86_64/corporate/3.0/RPMS/lib64gdk-pixbuf2-devel-0.22.0-2.5.C30mdk.x86_64.rpm
f64a9f5316847db31649b860c1840f05
x86_64/corporate/3.0/RPMS/lib64gdk-pixbuf-gnomecanvas1-0.22.0-2.5.C30mdk.x86_64.rpm
01d40f81c3fcc91c82b6e19f4f7271d5
x86_64/corporate/3.0/RPMS/lib64gdk-pixbuf-xlib2-0.22.0-2.5.C30mdk.x86_64.rpm
9315a737c3b94b8564fbb03ef49a0e3e
x86_64/corporate/3.0/RPMS/lib64gtk+2.0_0-2.2.4-10.5.C30mdk.x86_64.rpm
b7e6e3abf4687f0aed310c573e37fa24
x86_64/corporate/3.0/RPMS/lib64gtk+2.0_0-devel-2.2.4-10.5.C30mdk.x86_64.rpm
b6a0af06cb21b4f18d1e4045646d5399
x86_64/corporate/3.0/RPMS/lib64gtk+-linuxfb-2.0_0-2.2.4-10.5.C30mdk.x86_64.rpm
81ccb39f993742d2d97d00cdd74ba7c6
x86_64/corporate/3.0/RPMS/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-10.5.C30mdk.x86_64.rpm
3f4881400ba088628c2380037a88f463
x86_64/corporate/3.0/RPMS/lib64gtk+-x11-2.0_0-2.2.4-10.5.C30mdk.x86_64.rpm
7c8aa1e0b50c0b4c810c009b55ae7199
x86_64/corporate/3.0/SRPMS/gdk-pixbuf-0.22.0-2.5.C30mdk.src.rpm
edec45f53f6c3ffee49e46734c4ef5a9
x86_64/corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.5.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDfjx6mqjQ0CJFipgRAlWhAJ0VYyEAp1ZBQ7JDE7ot4YX6kN6lXwCgoDSB
W0S3AQOeUXu4MQWM8CCQvgw=
=H3jJ
-----END PGP SIGNATURE-----