- --------------------------------------------------------------------------Debian Security Advisory DSA 913-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
December 1st, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------Package        : gdk-pixbuf
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-2975 CVE-2005-2976 CVE-2005-3186
BugTraq ID     : 15428
Debian Bug     : 339431

Several vulnerabilities have been found in gdk-pixbuf, the Gtk+
GdkPixBuf XPM image rendering library.  The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2005-2975

    Ludwig Nussel discovered an infinite loop when processing XPM
    images that allows an attacker to cause a denial of service via a
    specially crafted XPM file.

CVE-2005-2976

    Ludwig Nussel discovered an integer overflow in the way XPM images
    are processed that could lead to the execution of arbitrary code
    or crash the application via a specially crafted XPM file.

CVE-2005-3186

    "infamous41md" discovered an integer in the XPM processing routine
    that can be used to execute arbitrary code via a traditional heap
    overflow.

The following matrix explains which versions fix these problems:

             old stable (woody)    stable (sarge)   unstable (sid)
gdk-pixbuf     0.17.0-2woody3        0.22.0-8.1       0.22.0-11
gtk+2.0         2.0.2-5woody3         2.6.4-3.1        2.6.10-2

We recommend that you upgrade your gdk-pixbuf packages.


Upgrade Instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------  Source archives:

          Size/MD5 checksum:      706 148ab895e798cb66959ae0bf7c725424
          Size/MD5 checksum:    20031 7851718d740e6e6a629e462b87269234
          Size/MD5 checksum:   547194 021914ad9104f265527c28220315e542

  Alpha architecture:

          Size/MD5 checksum:   177066 edf14dd71b77d893ca27c7768dd0a9f4
          Size/MD5 checksum:     9730 52bcd65497f80d9f9b649f2dff012436
          Size/MD5 checksum:     8874 1d7cfd64edf8fc05888e608bbba6edc9
          Size/MD5 checksum:   193844 d20a90a4252d8f9ada81eb07b9798f25

  ARM architecture:

          Size/MD5 checksum:   156918 7a96bcd45ce4b637283c2b966c1fbbbc
          Size/MD5 checksum:     8146 b1081dd21eadff238d9b411a71487759
          Size/MD5 checksum:     7282 b65d0f3169de9ff0bd73289de74be475
          Size/MD5 checksum:   161486 96ab7f9daf68d8f5317cf8e633e2da29

  Intel IA-32 architecture:

          Size/MD5 checksum:   147604 45fbdaa219558095236d758b15ab8da0
          Size/MD5 checksum:     7602 b0d9ed0671ea6b4abc1311c3b50c2821
          Size/MD5 checksum:     7142 e125861f4de9b5958e47336332532408
          Size/MD5 checksum:   151634 8db98edeeeceddca00ab90d23a3377fd

  Intel IA-64 architecture:

          Size/MD5 checksum:   194976 de93fe82b55f27ae64566d9946d0fee9
          Size/MD5 checksum:    11016 11b9ec958564155bf58ecef0ce38621f
          Size/MD5 checksum:    11076 d425f1ddd7dda9a2b09816976e365da8
          Size/MD5 checksum:   229474 69ad68e6ed5ea88df1abdf954e26dfa4

  HP Precision architecture:

          Size/MD5 checksum:   181324 e3543dc0a15a94e57946647fdc777791
          Size/MD5 checksum:     9638 b392986cc6d6ddf24a47589f9fc78b5b
          Size/MD5 checksum:     9316 3be84377508b98df8f700885dc0bcb13
          Size/MD5 checksum:   190026 4741d1df4e66ba1a90758a44a68123ab

  Motorola 680x0 architecture:

          Size/MD5 checksum:   142140 505be04e8005f316259cad3025d599c3
          Size/MD5 checksum:     7306 3967ebf6db8793d6a86fd294af843260
          Size/MD5 checksum:     7016 fb75b5d4d20a3a9f497a154622071d12
          Size/MD5 checksum:   156574 12a13ab0e1bd6aa4557d52e433ce0128

  Big endian MIPS architecture:

          Size/MD5 checksum:   167564 44823af863fa6eaea95bec78a78f3c48
          Size/MD5 checksum:     9566 722001dea6d4386afdcaa5503a2734f4
          Size/MD5 checksum:     8274 8400f88e4c1ccf9d0a0fc1cdfd160818
          Size/MD5 checksum:   165456 e8f367d5b275641cac0dcdb78dd8b847

  Little endian MIPS architecture:

          Size/MD5 checksum:   168088 27fe81d3e0d259d0b2f9f1d0cb6b20c3
          Size/MD5 checksum:     9482 4d21b6c2528e39207b4e161ffc9f8bce
          Size/MD5 checksum:     8116 5465609ebc24647a0bb8cce0b855c04a
          Size/MD5 checksum:   165596 9a1e6e006eccecd83d1531e22a5eb69c

  PowerPC architecture:

          Size/MD5 checksum:   166132 cda8b87f950b3711955c8e3124ee40e1
          Size/MD5 checksum:     9246 6823a85cd60349e4ba10e24884a173fd
          Size/MD5 checksum:     8072 b57e887073c448885cba21df750f7b3c
          Size/MD5 checksum:   171316 d343436d579fbb1a359e076b84480114

  IBM S/390 architecture:

          Size/MD5 checksum:   153500 4e03bafc909b4461adead1162b7b2621
          Size/MD5 checksum:     7866 20eb416547214564d687c6e1b6dc0d81
          Size/MD5 checksum:     7564 bc0b59ddcb29b96cbbe839d881a419e2
          Size/MD5 checksum:   167510 59c3f71ee91508e678a66bf28c983f82

  Sun Sparc architecture:

          Size/MD5 checksum:   161136 aa671663e7343c7f7f8b47960b558f11
          Size/MD5 checksum:     8270 2f7862d0a6f2f98b0d4c6e3e0b6929df
          Size/MD5 checksum:     7502 97aac947b5168472b1ab4a6a0399d1c1
          Size/MD5 checksum:   167184 9d79c42f3dcba5026069b15e742aafdd


Debian GNU/Linux 3.1 alias sarge
- --------------------------------  Source archives:

          Size/MD5 checksum:      709 7a800a91469430a28ab1900ebb92ba83
          Size/MD5 checksum:   372331 20d149f93e8093e4dbb365e9278ce741
          Size/MD5 checksum:   519266 4db0503b5a62533db68b03908b981751

  Alpha architecture:

          Size/MD5 checksum:   185780 fbfdd560a6b3591165a757797198e931
          Size/MD5 checksum:    10376 3b5273e0e21ee40c5d540a22ff91b99a
          Size/MD5 checksum:     8650 c5d672403f8038129d35022515e8a339
          Size/MD5 checksum:   205704 22b1261a845cea95520acd68cf6e74ec

  AMD64 architecture:

          Size/MD5 checksum:   155358 8653e4d9403ff7baeefbc7c955b83eb7
          Size/MD5 checksum:     8474 ffad5870291f93584f70fa7645b54bdd
          Size/MD5 checksum:     7942 d32005b5de994f10f15dfb91a6caf507
          Size/MD5 checksum:   183366 6304fdc084b9e2ec433712b091e497c5

  ARM architecture:

          Size/MD5 checksum:   153978 e13ef5dd0694f3d0cc5836d2fdbddec0
          Size/MD5 checksum:     8126 4ef59c62c86c0d567929d0e88fd4ebb9
          Size/MD5 checksum:     7076 ccc7721296431294a6a657ec5c4bf2a7
          Size/MD5 checksum:   171352 afe13217c5566e0ecf26950bc9b2f4b5

  Intel IA-32 architecture:

          Size/MD5 checksum:   150416 0f2d4af07ce624a4fa3af2e0964e91a3
          Size/MD5 checksum:     7860 4e0d60fa4cebefe5c434fbe2e5bf16e6
          Size/MD5 checksum:     7354 3b6d8fc4ebc1314a35c307dd51ec1e1f
          Size/MD5 checksum:   172140 0f6b383d15e21f02a9db0f3b58d31864

  Intel IA-64 architecture:

          Size/MD5 checksum:   196584 25c9be6f81524a4641c8b7faf3f14b48
          Size/MD5 checksum:    10860 a04397bc288e8abe6f8094ac5cdfc8a8
          Size/MD5 checksum:    10544 97dec60626ea52e0ce3adf5df0619228
          Size/MD5 checksum:   232546 973a9a9a079936e682fe352dfb2eae0a

  HP Precision architecture:

          Size/MD5 checksum:   173056 0960b569e9cc3c6533e4a2394b56b18a
          Size/MD5 checksum:     9238 5699f6b933217187a165956a4adcf8c9
          Size/MD5 checksum:     9070 e82facecfb3184345b797176110c8795
          Size/MD5 checksum:   201596 df67a873b1f1781b5418479802780074

  Motorola 680x0 architecture:

          Size/MD5 checksum:   137808 855cd148e584d2a47e15b893bc771076
          Size/MD5 checksum:     7114 1c2ffc6287c76e8b656ac4cc8cb45197
          Size/MD5 checksum:     6822 b23f138f206443979bef0f0d16429e9f
          Size/MD5 checksum:   168122 fec535c555ffcec871f015251bb5d392

  Big endian MIPS architecture:

          Size/MD5 checksum:   166212 c3648e5b7be69cb95dd162d1532a4064
          Size/MD5 checksum:     9512 c4b9a6a610d879af5986eabeb819bd44
          Size/MD5 checksum:     8084 af031e50f98a270977aac6d3f60c37aa
          Size/MD5 checksum:   178910 0538e2bfe12f9fcd0d9b391adc4ca403

  Little endian MIPS architecture:

          Size/MD5 checksum:   167032 2739863166ce8ccdd7a289e47ce94e8f
          Size/MD5 checksum:     9544 cdd63315a97c0ff14fa6982811d25ac4
          Size/MD5 checksum:     8058 a7fee13884e082a5c0646c6723e757f4
          Size/MD5 checksum:   180220 d15b93b2235a05eeba9ab2fdce88327e

  PowerPC architecture:

          Size/MD5 checksum:   163132 8562f340ba8cba0079fa6c36a5c3a384
          Size/MD5 checksum:     9170 cd1fe56377a4313d54bbce1622c5f10f
          Size/MD5 checksum:     9526 c9f4119ba2c4b9b2a00fd0b44b01358c
          Size/MD5 checksum:   192594 3adc981ada6481239fc3c61af7781da2

  IBM S/390 architecture:

          Size/MD5 checksum:   164994 c92cd17bdead77f5ab59a314208d07ea
          Size/MD5 checksum:     8168 e4bce7d526b10a608e6238d0fb602131
          Size/MD5 checksum:     7802 551bdf573b50cff118ff68360a249630
          Size/MD5 checksum:   184668 d0917c0875e16ab54637f1ac1c299208

  Sun Sparc architecture:

          Size/MD5 checksum:   155602 8c2980db112716debc75371df0ae3e3a
          Size/MD5 checksum:     8130 462d2e5c734a69f942dd73d67224f3d4
          Size/MD5 checksum:     7304 4935a0b91d3056e28b8375d99a13181c
          Size/MD5 checksum:   174592 93b600efa8160007aa687eb67b63b141


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New gdk-pixbuf packages fix several vulnerabilities

December 1, 2005
Updated package.

Summary

Severity

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved