LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Red Hat: gdk-pixbuf security flaws Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux Several vulnerabilities.

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated gdk-pixbuf packages fix security flaws
Advisory ID:       RHSA-2004:447-01
Issue date:        2004-09-15
Updated on:        2004-09-15
Product:           Red Hat Enterprise Linux
Obsoletes:         RHSA-2004:103
CVE Names:         CAN-2004-0753 CAN-2004-0782 CAN-2004-0783 CAN-2004-0788
---------------------------------------------------------------------

1. Summary:

Updated gdk-pixbuf packages that fix several security flaws are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment.

During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was
discovered in the BMP image processor of gdk-pixbuf.  An attacker could
create a carefully crafted BMP file which would cause an application
to enter an infinite loop and not respond to user input when the file was
opened by a victim.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0753 to this issue.

During a security audit, Chris Evans discovered a stack and a heap overflow
in the XPM image decoder. An attacker could create a carefully crafted XPM
file which could cause an application linked with gtk2 to crash or possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer overflow in the ICO image decoder.
An attacker could create a carefully crafted ICO file which could cause an
application linked with gtk2 to crash when the file is opened by a victim.
(CAN-2004-0788)

Users of gdk-pixbuf are advised to upgrade to these packages, which
contain backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

     http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed  (http://bugzilla.redhat.com/ for more info):

130455 - CAN-2004-0753 bmp image loader DOS

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: 
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gdk-pixbuf-0.22.0-11.1.2E.src.rpm
4a81129ce3485da48cd8ea297484f739  gdk-pixbuf-0.22.0-11.1.2E.src.rpm

i386:
fc37808aea44dc57f6d44c8258405108  gdk-pixbuf-0.22.0-11.1.2E.i386.rpm
ecfafbfbb95758bddeb1c2a59df944ef  gdk-pixbuf-devel-0.22.0-11.1.2E.i386.rpm
190e0a2bad3002a43410c482257ba11d  gdk-pixbuf-gnome-0.22.0-11.1.2E.i386.rpm

ia64:
e9bfb39f870342cccc68f5b2aa24d681  gdk-pixbuf-0.22.0-11.1.2E.ia64.rpm
18b5513c5da53b975683c891c9ab9ee7  gdk-pixbuf-devel-0.22.0-11.1.2E.ia64.rpm
cd9f8918bc7b5ac8ebaa76b3639191aa  gdk-pixbuf-gnome-0.22.0-11.1.2E.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: 
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gdk-pixbuf-0.22.0-11.1.2E.src.rpm
4a81129ce3485da48cd8ea297484f739  gdk-pixbuf-0.22.0-11.1.2E.src.rpm

ia64:
e9bfb39f870342cccc68f5b2aa24d681  gdk-pixbuf-0.22.0-11.1.2E.ia64.rpm
18b5513c5da53b975683c891c9ab9ee7  gdk-pixbuf-devel-0.22.0-11.1.2E.ia64.rpm
cd9f8918bc7b5ac8ebaa76b3639191aa  gdk-pixbuf-gnome-0.22.0-11.1.2E.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: 
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gdk-pixbuf-0.22.0-11.1.2E.src.rpm
4a81129ce3485da48cd8ea297484f739  gdk-pixbuf-0.22.0-11.1.2E.src.rpm

i386:
fc37808aea44dc57f6d44c8258405108  gdk-pixbuf-0.22.0-11.1.2E.i386.rpm
ecfafbfbb95758bddeb1c2a59df944ef  gdk-pixbuf-devel-0.22.0-11.1.2E.i386.rpm
190e0a2bad3002a43410c482257ba11d  gdk-pixbuf-gnome-0.22.0-11.1.2E.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: 
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gdk-pixbuf-0.22.0-11.1.2E.src.rpm
4a81129ce3485da48cd8ea297484f739  gdk-pixbuf-0.22.0-11.1.2E.src.rpm

i386:
fc37808aea44dc57f6d44c8258405108  gdk-pixbuf-0.22.0-11.1.2E.i386.rpm
ecfafbfbb95758bddeb1c2a59df944ef  gdk-pixbuf-devel-0.22.0-11.1.2E.i386.rpm
190e0a2bad3002a43410c482257ba11d  gdk-pixbuf-gnome-0.22.0-11.1.2E.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: 
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gdk-pixbuf-0.22.0-11.1.3.2.src.rpm
65da3d6c0ca50364821dba20c3d4a38e  gdk-pixbuf-0.22.0-11.1.3.2.src.rpm

i386:
4ebeee89a843d3a1469c7aa8be99f055  gdk-pixbuf-0.22.0-11.1.3.2.i386.rpm
c6a539c6dbde002645651a60d1f868ba  gdk-pixbuf-devel-0.22.0-11.1.3.2.i386.rpm
10a3a14fef750fd9bc77b6e2f83c0419  gdk-pixbuf-gnome-0.22.0-11.1.3.2.i386.rpm

ia64:
248641551811128fc518b6ef2e6921df  gdk-pixbuf-0.22.0-11.1.3.2.ia64.rpm
ff62cbf4cf801fc44c700267585165e7  gdk-pixbuf-devel-0.22.0-11.1.3.2.ia64.rpm
5edd61801e36db3a7b7259ef33d701d3  gdk-pixbuf-gnome-0.22.0-11.1.3.2.ia64.rpm

ppc:
0bcd881f394f8563e1ff97243f9e904e  gdk-pixbuf-0.22.0-11.1.3.2.ppc.rpm
9bc4a86012d86bb1cb5b97f3eccecd20  gdk-pixbuf-devel-0.22.0-11.1.3.2.ppc.rpm
4a28f50a8efa26f27436a81523a112d2  gdk-pixbuf-gnome-0.22.0-11.1.3.2.ppc.rpm

s390:
62fc1252743b4582758421103a908600  gdk-pixbuf-0.22.0-11.1.3.2.s390.rpm
9237691771a9195d4a9ac6eb9c7c7e64  gdk-pixbuf-devel-0.22.0-11.1.3.2.s390.rpm
592e3265dedd9dc597135fe8b1aafc7f  gdk-pixbuf-gnome-0.22.0-11.1.3.2.s390.rpm

s390x:
855c7c984c3cbf7782b3c66f5d619d4e  gdk-pixbuf-0.22.0-11.1.3.2.s390x.rpm
9ac9638729458931a9598edd4f5af4db  gdk-pixbuf-devel-0.22.0-11.1.3.2.s390x.rpm
48a01e36226b57f427bfa81ad77b3f42  gdk-pixbuf-gnome-0.22.0-11.1.3.2.s390x.rpm

x86_64:
df298cd9bcde6179413957bfb352e954  gdk-pixbuf-0.22.0-11.1.3.2.x86_64.rpm
43eda80058f5a1e2a8c6600e9ea0ca27  gdk-pixbuf-devel-0.22.0-11.1.3.2.x86_64.rpm
9a2081a1e1c2f592103d173108558cbc  gdk-pixbuf-gnome-0.22.0-11.1.3.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: 
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gdk-pixbuf-0.22.0-11.1.3.2.src.rpm
65da3d6c0ca50364821dba20c3d4a38e  gdk-pixbuf-0.22.0-11.1.3.2.src.rpm

i386:
4ebeee89a843d3a1469c7aa8be99f055  gdk-pixbuf-0.22.0-11.1.3.2.i386.rpm
c6a539c6dbde002645651a60d1f868ba  gdk-pixbuf-devel-0.22.0-11.1.3.2.i386.rpm
10a3a14fef750fd9bc77b6e2f83c0419  gdk-pixbuf-gnome-0.22.0-11.1.3.2.i386.rpm

x86_64:
df298cd9bcde6179413957bfb352e954  gdk-pixbuf-0.22.0-11.1.3.2.x86_64.rpm
43eda80058f5a1e2a8c6600e9ea0ca27  gdk-pixbuf-devel-0.22.0-11.1.3.2.x86_64.rpm
9a2081a1e1c2f592103d173108558cbc  gdk-pixbuf-gnome-0.22.0-11.1.3.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: 
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gdk-pixbuf-0.22.0-11.1.3.2.src.rpm
65da3d6c0ca50364821dba20c3d4a38e  gdk-pixbuf-0.22.0-11.1.3.2.src.rpm

i386:
4ebeee89a843d3a1469c7aa8be99f055  gdk-pixbuf-0.22.0-11.1.3.2.i386.rpm
c6a539c6dbde002645651a60d1f868ba  gdk-pixbuf-devel-0.22.0-11.1.3.2.i386.rpm
10a3a14fef750fd9bc77b6e2f83c0419  gdk-pixbuf-gnome-0.22.0-11.1.3.2.i386.rpm

ia64:
248641551811128fc518b6ef2e6921df  gdk-pixbuf-0.22.0-11.1.3.2.ia64.rpm
ff62cbf4cf801fc44c700267585165e7  gdk-pixbuf-devel-0.22.0-11.1.3.2.ia64.rpm
5edd61801e36db3a7b7259ef33d701d3  gdk-pixbuf-gnome-0.22.0-11.1.3.2.ia64.rpm

x86_64:
df298cd9bcde6179413957bfb352e954  gdk-pixbuf-0.22.0-11.1.3.2.x86_64.rpm
43eda80058f5a1e2a8c6600e9ea0ca27  gdk-pixbuf-devel-0.22.0-11.1.3.2.x86_64.rpm
9a2081a1e1c2f592103d173108558cbc  gdk-pixbuf-gnome-0.22.0-11.1.3.2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: 
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gdk-pixbuf-0.22.0-11.1.3.2.src.rpm
65da3d6c0ca50364821dba20c3d4a38e  gdk-pixbuf-0.22.0-11.1.3.2.src.rpm

i386:
4ebeee89a843d3a1469c7aa8be99f055  gdk-pixbuf-0.22.0-11.1.3.2.i386.rpm
c6a539c6dbde002645651a60d1f868ba  gdk-pixbuf-devel-0.22.0-11.1.3.2.i386.rpm
10a3a14fef750fd9bc77b6e2f83c0419  gdk-pixbuf-gnome-0.22.0-11.1.3.2.i386.rpm

ia64:
248641551811128fc518b6ef2e6921df  gdk-pixbuf-0.22.0-11.1.3.2.ia64.rpm
ff62cbf4cf801fc44c700267585165e7  gdk-pixbuf-devel-0.22.0-11.1.3.2.ia64.rpm
5edd61801e36db3a7b7259ef33d701d3  gdk-pixbuf-gnome-0.22.0-11.1.3.2.ia64.rpm

x86_64:
df298cd9bcde6179413957bfb352e954  gdk-pixbuf-0.22.0-11.1.3.2.x86_64.rpm
43eda80058f5a1e2a8c6600e9ea0ca27  gdk-pixbuf-devel-0.22.0-11.1.3.2.x86_64.rpm
9a2081a1e1c2f592103d173108558cbc  gdk-pixbuf-gnome-0.22.0-11.1.3.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:
 
http://bugzilla.gnome.org/show_bug.cgi?id=150601 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0782 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0783 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0788

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.