Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > November 2005 > Four Fedora Update Notifications: 1. FEDORA-2005-1086 - Fedora Core 3 - gdk-pixbuf 2. FEDORA-2005-1087 - Fedora Core 3 - gtk2 3. FEDORA-2005-1085 - Fedora Core 4 - gdk-pixbuf 4. FEDORA-2005-1088 - Fedora Core 4 - gtk2

November 2005

Four Fedora Update Notifications: 1. FEDORA-2005-1086 - Fedora Core 3 - gdk-pixbuf 2. FEDORA-2005-1087 - Fedora Core 3 - gtk2 3. FEDORA-2005-1085 - Fedora Core 4 - gdk-pixbuf 4. FEDORA-2005-1088 - Fedora Core 4 - gtk2

ID: 01034
Ref: 970/2005
Date: 21 November 2005:15:02:14
Version: 1
Title: Four Fedora Update Notifications: 1. FEDORA-2005-1086 - Fedora Core 3 - gdk-pixbuf 2. FEDORA-2005-1087 - Fedora Core 3 - gtk2 3. FEDORA-2005-1085 - Fedora Core 4 - gdk-pixbuf 4. FEDORA-2005-1088 - Fedora Core 4 - gtk2
Abstract:
Vendors affected: Fedora
Operating systems affected: Fedora
Applications affected: Fedora
Title
=====

Four Fedora Update Notifications:

1. FEDORA-2005-1086 - Fedora Core 3 - gdk-pixbuf

2. FEDORA-2005-1087 - Fedora Core 3 - gtk2

3. FEDORA-2005-1085 - Fedora Core 4 - gdk-pixbuf

4. FEDORA-2005-1088 - Fedora Core 4 - gtk2


Detail
======

1. The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.

2. GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.

3. The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.

4. GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.



1.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1086
2005-11-15
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : gdk-pixbuf
Version : 0.22.0
Release : 16.fc3.3
Summary : An image loading library used with GNOME.
Description :
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.

- ---------------------------------------------------------------------
Update Information:

The gdk-pixbuf package contains an image loading library
used with the GNOME GUI desktop environment.

A bug was found in the way gdk-pixbuf processes XPM images.
An attacker could create a carefully crafted XPM file in
such a way that it could cause an application linked with
gdk-pixbuf to execute arbitrary code when the file was
opened by a victim. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an integer overflow bug in the way
gdk-pixbuf processes XPM images. An attacker could create a
carefully crafted XPM file in such a way that it could cause
an application linked with gdk-pixbuf to execute arbitrary
code or crash when the file was opened by a victim. The
Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-2976 to this issue.

Ludwig Nussel also discovered an infinite-loop denial of
service bug in the way gdk-pixbuf processes XPM images. An
attacker could create a carefully crafted XPM file in such a
way that it could cause an application linked with
gdk-pixbuf to stop responding when the file was opened by a
victim. The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-2975 to this issue.

Users of gdk-pixbuf are advised to upgrade to these updated
packages, which contain backported patches and are not
vulnerable to these issues.
- ---------------------------------------------------------------------
* Mon Oct 31 2005 Matthias Clasen - 1:0.22.0-16.fc3.3
- - Prevent another integer overflow in the xpm loader (#171901, CVE-2005-2976)
- - Prevent an infinite loop in the xpm loader (#171901, CVE-2005-2976)

* Wed Oct 19 2005 Matthias Clasen - 1:0.22.0-16.fc3.2
- - Prevent an integer overflow in the xpm loader (#171073, CVE-2005-3186)
- - Backport the noexecstack patch from FC-4


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

36ab9c1c4f1cd6e9b1797da558737ff7 SRPMS/gdk-pixbuf-0.22.0-16.fc3.3.src.rpm
d3246e0d9f3f4c34e0f927a1e236be25 x86_64/gdk-pixbuf-0.22.0-16.fc3.3.x86_64.rpm
9672ba672933f8b4a8f2970395afe517 x86_64/gdk-pixbuf-devel-0.22.0-16.fc3.3.x86_64.rpm
b6d4bb7e18c74776e64cb4336da1bf37 x86_64/gdk-pixbuf-gnome-0.22.0-16.fc3.3.x86_64.rpm
8932ddbd550b967b0fa527a1094ff007 x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-16.fc3.3.x86_64.rpm
726dcbf604c857dd1a7e052cbd866d56 x86_64/gdk-pixbuf-0.22.0-16.fc3.3.i386.rpm
726dcbf604c857dd1a7e052cbd866d56 i386/gdk-pixbuf-0.22.0-16.fc3.3.i386.rpm
0b0866675e8a54cde5bd750fce59195f i386/gdk-pixbuf-devel-0.22.0-16.fc3.3.i386.rpm
fe1596cf330e88c2f4c15155207ea30d i386/gdk-pixbuf-gnome-0.22.0-16.fc3.3.i386.rpm
f3cf4719daf4ba9fbf6e558a45fb4c67 i386/debug/gdk-pixbuf-debuginfo-0.22.0-16.fc3.3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------


2.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1087
2005-11-15
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : gtk2
Version : 2.4.14
Release : 4.fc3.3
Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X.
Description :
GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.

- ---------------------------------------------------------------------
Update Information:

The gtk2 package contains the GIMP ToolKit (GTK+), a library
for creating graphical user interfaces for the X Window System.

A bug was found in the way gtk2 processes XPM images. An
attacker could create a carefully crafted XPM file in such a
way that it could cause an application linked with gtk2 to
execute arbitrary code when the file was opened by a victim.
The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an infinite-loop denial of service
bug in the way gtk2 processes XPM images. An attacker could
create a carefully crafted XPM file in such a way that it
could cause an application linked with gtk2 to stop
responding when the file was opened by a victim. The Common
Vulnerabilities and Exposures project has assigned the name
CVE-2005-2975 to this issue.

Users of gtk2 are advised to upgrade to these updated
packages, which contain backported patches and are not
vulnerable to these issues.
- ---------------------------------------------------------------------
* Mon Oct 31 2005 Matthias Clasen - 2.4.14-3.fc3.3
- - Prevent an infinite loop in the xpm loader (#171905, CVE-2005-2975)

* Wed Oct 19 2005 Matthias Clasen - 2.4.14-3.fc3.1
- - Prevent an integer overflow in the xpm loader (#171072, CAN-2005-3186)


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

44f37d231bffc16d7e516a7798007bb1 SRPMS/gtk2-2.4.14-4.fc3.3.src.rpm
1f9f05dd279c8454591bbd315cb2e542 x86_64/gtk2-2.4.14-4.fc3.3.x86_64.rpm
3aa5941eb7d4f254f4947bd795d3918a x86_64/gtk2-devel-2.4.14-4.fc3.3.x86_64.rpm
edf32a673b31f5de843243cd742c2bbf x86_64/debug/gtk2-debuginfo-2.4.14-4.fc3.3.x86_64.rpm
5c55dcfe8e8854ecf26bc915c7dce15f x86_64/gtk2-2.4.14-4.fc3.3.i386.rpm
5c55dcfe8e8854ecf26bc915c7dce15f i386/gtk2-2.4.14-4.fc3.3.i386.rpm
bcdc3b7f967cd4783c453a0fbf6c8fc9 i386/gtk2-devel-2.4.14-4.fc3.3.i386.rpm
09a8d4d38180ca97fe905bc9c0f152bb i386/debug/gtk2-debuginfo-2.4.14-4.fc3.3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------


3.

- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1085
2005-11-15
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : gdk-pixbuf
Version : 0.22.0
Release : 18.fc4.2
Summary : An image loading library used with GNOME.
Description :
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.

- ---------------------------------------------------------------------
Update Information:

The gdk-pixbuf package contains an image loading library
used with the GNOME GUI desktop environment.

A bug was found in the way gdk-pixbuf processes XPM images.
An attacker could create a carefully crafted XPM file in
such a way that it could cause an application linked with
gdk-pixbuf to execute arbitrary code when the file was
opened by a victim. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an integer overflow bug in the way
gdk-pixbuf processes XPM images. An attacker could create a
carefully crafted XPM file in such a way that it could cause
an application linked with gdk-pixbuf to execute arbitrary
code or crash when the file was opened by a victim. The
Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-2976 to this issue.

Ludwig Nussel also discovered an infinite-loop denial of
service bug in the way gdk-pixbuf processes XPM images. An
attacker could create a carefully crafted XPM file in such a
way that it could cause an application linked with
gdk-pixbuf to stop responding when the file was opened by a
victim. The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-2975 to this issue.

Users of gdk-pixbuf are advised to upgrade to these updated
packages, which contain backported patches and are not
vulnerable to these issues.
- ---------------------------------------------------------------------
* Mon Oct 31 2005 Matthias Clasen - 1:0.22.0-18.fc4.2
- - Prevent another integer overflow in the xpm loader (#171901, CVE-2005-2976)
- - Prevent an infinite loop in the xpm loader (#171901, CVE-2005-2976)

* Wed Oct 19 2005 Matthias Clasen - 1:0.22.0-18.fc4.1
- - Prevent an integer overflow in the xpm loader (#171073, CVE-2005-3186)


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

7c780b05008f3e1999bf8abbb0bb7b7a SRPMS/gdk-pixbuf-0.22.0-18.fc4.2.src.rpm
599efb60ec868f5242a4ca353c0b1ef6 ppc/gdk-pixbuf-0.22.0-18.fc4.2.ppc.rpm
1f18e28bf51ab6e7fb6bd064d91cbd17 ppc/gdk-pixbuf-devel-0.22.0-18.fc4.2.ppc.rpm
1905bece6ab5f5b4c49de5ff2a39e201 ppc/gdk-pixbuf-gnome-0.22.0-18.fc4.2.ppc.rpm
eefdf10dfdd1cd5ba10f81136e0c6662 ppc/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.ppc.rpm
4e478e20404e7167b5b6f30efcd80ed9 ppc/gdk-pixbuf-0.22.0-18.fc4.2.ppc64.rpm
7f2a934348fba04f2a8e9a210701406f x86_64/gdk-pixbuf-0.22.0-18.fc4.2.x86_64.rpm
861b6a186287685c4383e91f1353b77a x86_64/gdk-pixbuf-devel-0.22.0-18.fc4.2.x86_64.rpm
0e760f0a8385a1919962b9f684dabf1c x86_64/gdk-pixbuf-gnome-0.22.0-18.fc4.2.x86_64.rpm
9ef3e8849f5706bc6dc71559af1b056d x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.x86_64.rpm
212ce3ac8b0fe3f767048a2186cb3766 x86_64/gdk-pixbuf-0.22.0-18.fc4.2.i386.rpm
212ce3ac8b0fe3f767048a2186cb3766 i386/gdk-pixbuf-0.22.0-18.fc4.2.i386.rpm
7e0136afe88fd82d236a2e04ab76bc9a i386/gdk-pixbuf-devel-0.22.0-18.fc4.2.i386.rpm
8128ef8c06fcf1dfb952c84912cab910 i386/gdk-pixbuf-gnome-0.22.0-18.fc4.2.i386.rpm
1fa0933b6e9c7d21fca40b96a162a623 i386/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------


4.

- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1088
2005-11-15
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : gtk2
Version : 2.6.10
Release : 2.fc4.4
Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X.
Description :
GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.

- ---------------------------------------------------------------------
Update Information:

The gtk2 package contains the GIMP ToolKit (GTK+), a library
for creating graphical user interfaces for the X Window System.

A bug was found in the way gtk2 processes XPM images. An
attacker could create a carefully crafted XPM file in such a
way that it could cause an application linked with gtk2 to
execute arbitrary code when the file was opened by a victim.
The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an infinite-loop denial of service
bug in the way gtk2 processes XPM images. An attacker could
create a carefully crafted XPM file in such a way that it
could cause an application linked with gtk2 to stop
responding when the file was opened by a victim. The Common
Vulnerabilities and Exposures project has assigned the name
CVE-2005-2975 to this issue.

Users of gtk2 are advised to upgrade to these updated
packages, which contain backported patches and are not
vulnerable to these issues.
- ---------------------------------------------------------------------
* Mon Oct 31 2005 Matthias Clasen - 2.6.10-2.fc4.4
- - Prevent an infinite loop in the xpm loader (#171905, CVE-2005-2975)

* Wed Oct 19 2005 Matthias Clasen - 2.6.10-2.fc4.2
- - Prevent an integer overflow in the xpm loader (#171075, CAN-2005-3186)


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

8b6c8d169a2077aec57fb1551e6b032d SRPMS/gtk2-2.6.10-2.fc4.4.src.rpm
5a1ab1b673c5a2efbdd75e23ad206945 ppc/gtk2-2.6.10-2.fc4.4.ppc.rpm
7880fe183673db71572a166571e5a91d ppc/gtk2-devel-2.6.10-2.fc4.4.ppc.rpm
52958efbd0796646ad0c1ca43a086009 ppc/debug/gtk2-debuginfo-2.6.10-2.fc4.4.ppc.rpm
ef8f41011dc23c3c1432ac81b6965632 ppc/gtk2-2.6.10-2.fc4.4.ppc64.rpm
b1e55459ebf53ad98c7c991c4a771539 x86_64/gtk2-2.6.10-2.fc4.4.x86_64.rpm
eb387f58aabad431bc6ac4e9c377c81f x86_64/gtk2-devel-2.6.10-2.fc4.4.x86_64.rpm
ed1e986aaca3a7d6fe01efaa5227de1e x86_64/debug/gtk2-debuginfo-2.6.10-2.fc4.4.x86_64.rpm
06c4edc69cd8cefc88e0745c9cbad651 x86_64/gtk2-2.6.10-2.fc4.4.i386.rpm
06c4edc69cd8cefc88e0745c9cbad651 i386/gtk2-2.6.10-2.fc4.4.i386.rpm
e9f0a994835b3666c1b85f38121e3251 i386/gtk2-devel-2.6.10-2.fc4.4.i386.rpm
d5ab5b36abd4882a3f0d6081179959d3 i386/debug/gtk2-debuginfo-2.6.10-2.fc4.4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |