[ MDKSA-2007:039 ] - Updated gtk+2.0 packages address DoS, LSB issues, several bugs
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:039
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gtk+2.0
Date : February 7, 2007
Affected: 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2)
allows context-dependent attackers to cause a denial of service (crash)
via a malformed image file. (CVE-2007-0010)
The version of libgtk+2.0 shipped with Mandriva Linux 2007 fails
various portions of the lsb-test-desktop test suite, part of LSB 3.1
certification testing.
The updated packages also address the following issues:
The Home and Desktop entries in the GTK File Chooser are not always
visible (#26644).
GTK+-based applications (which includes all the Mandriva Linux
configuration tools, for example) crash (instead of falling back to the
default theme) when an invalid icon theme is selected. (#27013)
Additional patches from GNOME CVS have been included to address the
following issues from the GNOME bugzilla:
* 357132 - fix RGBA colormap issue
* 359537,357280,359052 - fix various printer bugs
* 357566,353736,357050,363437,379503 - fix various crashes
* 372527 - fix fileselector bug +
potential deadlock
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0010
http://qa.mandriva.com/show_bug.cgi?id=26644
http://qa.mandriva.com/show_bug.cgi?id=27013
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
6b0b76ba984d8432cca4e8d938c51844
2007.0/i586/gtk+2.0-2.10.3-5.3mdv2007.0.i586.rpm
015aa62677f20cf6b9f89301014ccf4d
2007.0/i586/libgdk_pixbuf2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
8f6bc5e09ee08263633e3601d1d21069
2007.0/i586/libgdk_pixbuf2.0_0-devel-2.10.3-5.3mdv2007.0.i586.rpm
ef1f5a96362f5fafb982520897283919
2007.0/i586/libgtk+-x11-2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
b96eeb174cba468e8064890668b43a56
2007.0/i586/libgtk+2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
65f2ea83177a38b1682f4d4e5e633aea
2007.0/i586/libgtk+2.0_0-devel-2.10.3-5.3mdv2007.0.i586.rpm
4f15cba4c1c1b6e37dfe9f0b5b73401c
2007.0/SRPMS/gtk+2.0-2.10.3-5.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
b2470dc8cd884cf15dc47e29dbdb36de
2007.0/x86_64/gtk+2.0-2.10.3-5.3mdv2007.0.x86_64.rpm
11d3f44a7f55f4899984e33a07c8f722
2007.0/x86_64/lib64gdk_pixbuf2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
33c26bea1a14b147f41e45467d6894e3
2007.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.10.3-5.3mdv2007.0.x86_64.rpm
2e3855166383646465a01bd56e1529b7
2007.0/x86_64/lib64gtk+-x11-2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
4fea83682012ad4c5571e205b04dc7d1
2007.0/x86_64/lib64gtk+2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
04f7f152d4e99d6c71043554e2adfa3a
2007.0/x86_64/lib64gtk+2.0_0-devel-2.10.3-5.3mdv2007.0.x86_64.rpm
4f15cba4c1c1b6e37dfe9f0b5b73401c
2007.0/SRPMS/gtk+2.0-2.10.3-5.3mdv2007.0.src.rpm
Corporate 3.0:
7d4501132efb62d24276152ccc23a2e0
corporate/3.0/i586/gtk+2.0-2.2.4-10.6.C30mdk.i586.rpm
f8828f652ae310e3de135f181e3c6f19
corporate/3.0/i586/libgdk_pixbuf2.0_0-2.2.4-10.6.C30mdk.i586.rpm
d99f6327006f96e8b170c20500d64985
corporate/3.0/i586/libgdk_pixbuf2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
f2a98b2036167b780e87e2cd0d105983
corporate/3.0/i586/libgtk+-linuxfb-2.0_0-2.2.4-10.6.C30mdk.i586.rpm
e28fbfc9664db29c37517ca8957647c0
corporate/3.0/i586/libgtk+-linuxfb-2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
8b80464f88674e0bf5f7ed06efafcb72
corporate/3.0/i586/libgtk+-x11-2.0_0-2.2.4-10.6.C30mdk.i586.rpm
b154589c077c790b1f71379194ed84a6
corporate/3.0/i586/libgtk+2.0_0-2.2.4-10.6.C30mdk.i586.rpm
819ee9fa563420c37d7cae612c3a6bec
corporate/3.0/i586/libgtk+2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
dbe156cf5e976fc744b635eab3e88884
corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.6.C30mdk.src.rpm
Corporate 3.0/X86_64:
bed655ae3c4d6635e87488eefebe7e12
corporate/3.0/x86_64/gtk+2.0-2.2.4-10.6.C30mdk.x86_64.rpm
369daff90b35687abae6ad34cf513af3
corporate/3.0/x86_64/lib64gdk_pixbuf2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
3675f57dd8e738cd1674db6518cd7c0d
corporate/3.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
28dfaebd73dacca8fc2497caeac619a5
corporate/3.0/x86_64/lib64gtk+-linuxfb-2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
22b487085911cce6fa8a5f2d6557009b
corporate/3.0/x86_64/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
e0cf2152fc480ab73e4236de7a186d23
corporate/3.0/x86_64/lib64gtk+-x11-2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
512547fd9c3efca43b7c000fdbaedec3
corporate/3.0/x86_64/lib64gtk+2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
4aac840549a80fa69f5f527ce6b09421
corporate/3.0/x86_64/lib64gtk+2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
dbe156cf5e976fc744b635eab3e88884
corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.6.C30mdk.src.rpm
Corporate 4.0:
ab946717fc68226a2fbb8964fa4a9cb4
corporate/4.0/i586/gtk+2.0-2.8.3-4.3.20060mlcs4.i586.rpm
28f5073f9effbb65613c2f7b6ceae180
corporate/4.0/i586/libgdk_pixbuf2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
0b32eb04192333a7ae6c297befca476f
corporate/4.0/i586/libgdk_pixbuf2.0_0-devel-2.8.3-4.3.20060mlcs4.i586.rpm
d2054c43e2fcc262c35ae3bd18736b69
corporate/4.0/i586/libgtk+-x11-2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
28f6ac38124b6a46a22e83f870c93693
corporate/4.0/i586/libgtk+2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
f9cd95997500fe783119dd1fe797bf85
corporate/4.0/i586/libgtk+2.0_0-devel-2.8.3-4.3.20060mlcs4.i586.rpm
fd9738d1b171f76decea52a1abd344a2
corporate/4.0/SRPMS/gtk+2.0-2.8.3-4.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
0e705604eb73b7c181d3b7663e39e664
corporate/4.0/x86_64/gtk+2.0-2.8.3-4.3.20060mlcs4.x86_64.rpm
808a4be8218c00b62057de06edae248c
corporate/4.0/x86_64/lib64gdk_pixbuf2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
379c2977cf755ab760d5693dcaa28be0
corporate/4.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.8.3-4.3.20060mlcs4.x86_64.rpm
193c57c8073552decc25d755536db21d
corporate/4.0/x86_64/lib64gtk+-x11-2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
1c2e7713425fc786bd7a60b4fe106d28
corporate/4.0/x86_64/lib64gtk+2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
b8436740a32a0fce48bdb9df3234b1f6
corporate/4.0/x86_64/lib64gtk+2.0_0-devel-2.8.3-4.3.20060mlcs4.x86_64.rpm
fd9738d1b171f76decea52a1abd344a2
corporate/4.0/SRPMS/gtk+2.0-2.8.3-4.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFyf3/mqjQ0CJFipgRAtYmAJ9uAEfC6fiUknh970LL+YOl0FZYmACfZ7o/
3HjHNMoqq7j5xfaqomAcy34=
=M9jU
-----END PGP SIGNATURE-----