RedHat: Important: gdk-pixbuf security update
Posted by Benjamin D. Thomas   
RedHat Linux Updated gdk-pixbuf packages that fix a double free vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: gdk-pixbuf security update
Advisory ID:       RHSA-2005:343-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-343.html
Issue date:        2005-04-05
Updated on:        2005-04-05
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0891
- ---------------------------------------------------------------------

1. Summary:

Updated gdk-pixbuf packages that fix a double free vulnerability are now
available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment.

A bug was found in the way gdk-pixbuf processes BMP images. It is possible
that a specially crafted BMP image could cause a denial of service attack
on applications linked against gdk-pixbuf. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to
this issue.

Users of gdk-pixbuf are advised to upgrade to these packages, which contain
a backported patch and is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

152315 - CAN-2005-0891 gdk-pixbuf BMP double free DoS

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.src.rpm
cd150c0707736057ed148da2f4f716c8  gdk-pixbuf-0.22.0-12.el2.src.rpm

i386:
7dfdd5d16a91e64380970e56d490c471  gdk-pixbuf-0.22.0-12.el2.i386.rpm
be7486b35d88c407fef24c541e525dc1  gdk-pixbuf-devel-0.22.0-12.el2.i386.rpm
9af7825523aeeff36cb7633e3cdc4403  gdk-pixbuf-gnome-0.22.0-12.el2.i386.rpm

ia64:
f6c266be7bb786fcaa6a7025719bd74f  gdk-pixbuf-0.22.0-12.el2.ia64.rpm
6d344d3c48fac3320b5c7b4c34a28018  gdk-pixbuf-devel-0.22.0-12.el2.ia64.rpm
f6cfeb5bcf4e5da379fc8dd31811224d  gdk-pixbuf-gnome-0.22.0-12.el2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.src.rpm
cd150c0707736057ed148da2f4f716c8  gdk-pixbuf-0.22.0-12.el2.src.rpm

ia64:
f6c266be7bb786fcaa6a7025719bd74f  gdk-pixbuf-0.22.0-12.el2.ia64.rpm
6d344d3c48fac3320b5c7b4c34a28018  gdk-pixbuf-devel-0.22.0-12.el2.ia64.rpm
f6cfeb5bcf4e5da379fc8dd31811224d  gdk-pixbuf-gnome-0.22.0-12.el2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.src.rpm
cd150c0707736057ed148da2f4f716c8  gdk-pixbuf-0.22.0-12.el2.src.rpm

i386:
7dfdd5d16a91e64380970e56d490c471  gdk-pixbuf-0.22.0-12.el2.i386.rpm
be7486b35d88c407fef24c541e525dc1  gdk-pixbuf-devel-0.22.0-12.el2.i386.rpm
9af7825523aeeff36cb7633e3cdc4403  gdk-pixbuf-gnome-0.22.0-12.el2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.src.rpm
cd150c0707736057ed148da2f4f716c8  gdk-pixbuf-0.22.0-12.el2.src.rpm

i386:
7dfdd5d16a91e64380970e56d490c471  gdk-pixbuf-0.22.0-12.el2.i386.rpm
be7486b35d88c407fef24c541e525dc1  gdk-pixbuf-devel-0.22.0-12.el2.i386.rpm
9af7825523aeeff36cb7633e3cdc4403  gdk-pixbuf-gnome-0.22.0-12.el2.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el3.src.rpm
976b86cf75b4e7a59bceee5b4edc9a97  gdk-pixbuf-0.22.0-12.el3.src.rpm

i386:
2ffc1b52012b1f299c8d08519a669d88  gdk-pixbuf-0.22.0-12.el3.i386.rpm
f865db4cd92f7395a9ef0769d6fd3c08  gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm
c1d243418786af9aa77f93343feb4e9c  gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm

ia64:
41f620654091eee65af1e2a7caa4c629  gdk-pixbuf-0.22.0-12.el3.ia64.rpm
2ffc1b52012b1f299c8d08519a669d88  gdk-pixbuf-0.22.0-12.el3.i386.rpm
e88d2b283b5ba14c9e17cf0fa0ff5632  gdk-pixbuf-devel-0.22.0-12.el3.ia64.rpm
d0747f8cc77eff6781978f265417ed09  gdk-pixbuf-gnome-0.22.0-12.el3.ia64.rpm

ppc:
dcde354069b804f3b32855b53915e2f0  gdk-pixbuf-0.22.0-12.el3.ppc.rpm
0cdbb62e276af7694d007568070c87ff  gdk-pixbuf-0.22.0-12.el3.ppc64.rpm
f1a2be2fee1859d6f70d5747b8823706  gdk-pixbuf-devel-0.22.0-12.el3.ppc.rpm
d1e0b31da885fd13c984f03b1a6cf92f  gdk-pixbuf-gnome-0.22.0-12.el3.ppc.rpm

s390:
22877fb2b5a75cdcdf523ab4585fd2c7  gdk-pixbuf-0.22.0-12.el3.s390.rpm
a4acd9d3eb0eb28836fcc360e76f1122  gdk-pixbuf-devel-0.22.0-12.el3.s390.rpm
6b2ed0bcdb22c2253988e8b99926a533  gdk-pixbuf-gnome-0.22.0-12.el3.s390.rpm

s390x:
17a78e9783fb3d9fb966c90d15052889  gdk-pixbuf-0.22.0-12.el3.s390x.rpm
22877fb2b5a75cdcdf523ab4585fd2c7  gdk-pixbuf-0.22.0-12.el3.s390.rpm
d720e8670862c620fa40860ae9ff58cc  gdk-pixbuf-devel-0.22.0-12.el3.s390x.rpm
edb7f22d7e8a37e7659d21a1f1b1357a  gdk-pixbuf-gnome-0.22.0-12.el3.s390x.rpm

x86_64:
c1b4180a28bf65b5133c5eefa24b93a0  gdk-pixbuf-0.22.0-12.el3.x86_64.rpm
2ffc1b52012b1f299c8d08519a669d88  gdk-pixbuf-0.22.0-12.el3.i386.rpm
205637111511ee684cee2a7f55faa0f1  gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm
d6f7574029cdbdf29136463bf8034266  gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el3.src.rpm
976b86cf75b4e7a59bceee5b4edc9a97  gdk-pixbuf-0.22.0-12.el3.src.rpm

i386:
2ffc1b52012b1f299c8d08519a669d88  gdk-pixbuf-0.22.0-12.el3.i386.rpm
f865db4cd92f7395a9ef0769d6fd3c08  gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm
c1d243418786af9aa77f93343feb4e9c  gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm

x86_64:
c1b4180a28bf65b5133c5eefa24b93a0  gdk-pixbuf-0.22.0-12.el3.x86_64.rpm
2ffc1b52012b1f299c8d08519a669d88  gdk-pixbuf-0.22.0-12.el3.i386.rpm
205637111511ee684cee2a7f55faa0f1  gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm
d6f7574029cdbdf29136463bf8034266  gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el3.src.rpm
976b86cf75b4e7a59bceee5b4edc9a97  gdk-pixbuf-0.22.0-12.el3.src.rpm

i386:
2ffc1b52012b1f299c8d08519a669d88  gdk-pixbuf-0.22.0-12.el3.i386.rpm
f865db4cd92f7395a9ef0769d6fd3c08  gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm
c1d243418786af9aa77f93343feb4e9c  gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm

ia64:
41f620654091eee65af1e2a7caa4c629  gdk-pixbuf-0.22.0-12.el3.ia64.rpm
2ffc1b52012b1f299c8d08519a669d88  gdk-pixbuf-0.22.0-12.el3.i386.rpm
e88d2b283b5ba14c9e17cf0fa0ff5632  gdk-pixbuf-devel-0.22.0-12.el3.ia64.rpm
d0747f8cc77eff6781978f265417ed09  gdk-pixbuf-gnome-0.22.0-12.el3.ia64.rpm

x86_64:
c1b4180a28bf65b5133c5eefa24b93a0  gdk-pixbuf-0.22.0-12.el3.x86_64.rpm
2ffc1b52012b1f299c8d08519a669d88  gdk-pixbuf-0.22.0-12.el3.i386.rpm
205637111511ee684cee2a7f55faa0f1  gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm
d6f7574029cdbdf29136463bf8034266  gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el3.src.rpm
976b86cf75b4e7a59bceee5b4edc9a97  gdk-pixbuf-0.22.0-12.el3.src.rpm

i386:
2ffc1b52012b1f299c8d08519a669d88  gdk-pixbuf-0.22.0-12.el3.i386.rpm
f865db4cd92f7395a9ef0769d6fd3c08  gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm
c1d243418786af9aa77f93343feb4e9c  gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm

ia64:
41f620654091eee65af1e2a7caa4c629  gdk-pixbuf-0.22.0-12.el3.ia64.rpm
2ffc1b52012b1f299c8d08519a669d88  gdk-pixbuf-0.22.0-12.el3.i386.rpm
e88d2b283b5ba14c9e17cf0fa0ff5632  gdk-pixbuf-devel-0.22.0-12.el3.ia64.rpm
d0747f8cc77eff6781978f265417ed09  gdk-pixbuf-gnome-0.22.0-12.el3.ia64.rpm

x86_64:
c1b4180a28bf65b5133c5eefa24b93a0  gdk-pixbuf-0.22.0-12.el3.x86_64.rpm
2ffc1b52012b1f299c8d08519a669d88  gdk-pixbuf-0.22.0-12.el3.i386.rpm
205637111511ee684cee2a7f55faa0f1  gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm
d6f7574029cdbdf29136463bf8034266  gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gdk-pixbuf-0.22.0-16.el4.src.rpm
d1ebd19ea75268ebcc3f06824a4a572c  gdk-pixbuf-0.22.0-16.el4.src.rpm

i386:
0871d792413b0c21bd4fff8a142bebb1  gdk-pixbuf-0.22.0-16.el4.i386.rpm
c8072476dff533717a389f6fb32f978d  gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm

ia64:
7ff5fe095b30974df15e143b0d7e929e  gdk-pixbuf-0.22.0-16.el4.ia64.rpm
0871d792413b0c21bd4fff8a142bebb1  gdk-pixbuf-0.22.0-16.el4.i386.rpm
be7e5e039520062ff027c2f482728fde  gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm

ppc:
67814460f4036204f6a6061239d8748f  gdk-pixbuf-0.22.0-16.el4.ppc.rpm
3c01305b14fa397a13b6e3faea132bd0  gdk-pixbuf-0.22.0-16.el4.ppc64.rpm
1e85a9e6c3c78def4fdaaa07f5b4fe3c  gdk-pixbuf-devel-0.22.0-16.el4.ppc.rpm

s390:
1864bf760c9f2dcbe7983df29099a225  gdk-pixbuf-0.22.0-16.el4.s390.rpm
ed820e2cb04141a57ac381bca8d6332a  gdk-pixbuf-devel-0.22.0-16.el4.s390.rpm

s390x:
a3f558d6b7370c864a6771412d1a2513  gdk-pixbuf-0.22.0-16.el4.s390x.rpm
1864bf760c9f2dcbe7983df29099a225  gdk-pixbuf-0.22.0-16.el4.s390.rpm
3c11f5939e9ac8d2e6eb5e6177b733d8  gdk-pixbuf-devel-0.22.0-16.el4.s390x.rpm

x86_64:
61f8e510098ebd12f32a7e479d0026d7  gdk-pixbuf-0.22.0-16.el4.x86_64.rpm
0871d792413b0c21bd4fff8a142bebb1  gdk-pixbuf-0.22.0-16.el4.i386.rpm
c94e5cee6ee5c19dd49f7371e8fddb78  gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gdk-pixbuf-0.22.0-16.el4.src.rpm
d1ebd19ea75268ebcc3f06824a4a572c  gdk-pixbuf-0.22.0-16.el4.src.rpm

i386:
0871d792413b0c21bd4fff8a142bebb1  gdk-pixbuf-0.22.0-16.el4.i386.rpm
c8072476dff533717a389f6fb32f978d  gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm

x86_64:
61f8e510098ebd12f32a7e479d0026d7  gdk-pixbuf-0.22.0-16.el4.x86_64.rpm
0871d792413b0c21bd4fff8a142bebb1  gdk-pixbuf-0.22.0-16.el4.i386.rpm
c94e5cee6ee5c19dd49f7371e8fddb78  gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gdk-pixbuf-0.22.0-16.el4.src.rpm
d1ebd19ea75268ebcc3f06824a4a572c  gdk-pixbuf-0.22.0-16.el4.src.rpm

i386:
0871d792413b0c21bd4fff8a142bebb1  gdk-pixbuf-0.22.0-16.el4.i386.rpm
c8072476dff533717a389f6fb32f978d  gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm

ia64:
7ff5fe095b30974df15e143b0d7e929e  gdk-pixbuf-0.22.0-16.el4.ia64.rpm
0871d792413b0c21bd4fff8a142bebb1  gdk-pixbuf-0.22.0-16.el4.i386.rpm
be7e5e039520062ff027c2f482728fde  gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm

x86_64:
61f8e510098ebd12f32a7e479d0026d7  gdk-pixbuf-0.22.0-16.el4.x86_64.rpm
0871d792413b0c21bd4fff8a142bebb1  gdk-pixbuf-0.22.0-16.el4.i386.rpm
c94e5cee6ee5c19dd49f7371e8fddb78  gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gdk-pixbuf-0.22.0-16.el4.src.rpm
d1ebd19ea75268ebcc3f06824a4a572c  gdk-pixbuf-0.22.0-16.el4.src.rpm

i386:
0871d792413b0c21bd4fff8a142bebb1  gdk-pixbuf-0.22.0-16.el4.i386.rpm
c8072476dff533717a389f6fb32f978d  gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm

ia64:
7ff5fe095b30974df15e143b0d7e929e  gdk-pixbuf-0.22.0-16.el4.ia64.rpm
0871d792413b0c21bd4fff8a142bebb1  gdk-pixbuf-0.22.0-16.el4.i386.rpm
be7e5e039520062ff027c2f482728fde  gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm

x86_64:
61f8e510098ebd12f32a7e479d0026d7  gdk-pixbuf-0.22.0-16.el4.x86_64.rpm
0871d792413b0c21bd4fff8a142bebb1  gdk-pixbuf-0.22.0-16.el4.i386.rpm
c94e5cee6ee5c19dd49f7371e8fddb78  gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0891

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.