From security@linux-mandrake.com Fri Apr 8 14:24:44 2005 From: Mandrakelinux Security Team To: bugtraq@securityfocus.com Date: Thu, 07 Apr 2005 16:41:19 -0600 Subject: MDKSA-2005:068 - Updated gtk+2.0 packages fix vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: gtk+2.0 Advisory ID: MDKSA-2005:068 Date: April 7th, 2005 Affected versions: 10.0, 10.1, Corporate 3.0 ______________________________________________________________________ Problem Description: A bug was discovered in the way that gtk+2.0 processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gtk+2.0. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0891 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: 6ded91220f9da5195a7eb8bd29744ce5 10.0/RPMS/gtk+2.0-2.2.4-10.2.100mdk.i586.rpm defbd824fdbceafb811c4a26804eea2d 10.0/RPMS/libgdk_pixbuf2.0_0-2.2.4-10.2.100mdk.i586.rpm fa164ed6e67c60abd8f9624715b06cef 10.0/RPMS/libgdk_pixbuf2.0_0-devel-2.2.4-10.2.100mdk.i586.rpm 0a90ddf71f6e8bd8b70503a4bbe41f00 10.0/RPMS/libgtk+-linuxfb-2.0_0-2.2.4-10.2.100mdk.i586.rpm 5f9257920729f34f1657406ab69dd3fe 10.0/RPMS/libgtk+-linuxfb-2.0_0-devel-2.2.4-10.2.100mdk.i586.rpm ff6e8a3eb98537c53607275896788a6b 10.0/RPMS/libgtk+-x11-2.0_0-2.2.4-10.2.100mdk.i586.rpm dcb5de61416c85a2680bfe331e12faf4 10.0/RPMS/libgtk+2.0_0-2.2.4-10.2.100mdk.i586.rpm b5e1886ca33a99b7ea26ba65a634a171 10.0/RPMS/libgtk+2.0_0-devel-2.2.4-10.2.100mdk.i586.rpm 8a7e5e9f6620200330f7800d65e02468 10.0/SRPMS/gtk+2.0-2.2.4-10.2.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 3442a95e11299776193b69b6bc86513a amd64/10.0/RPMS/gtk+2.0-2.2.4-10.2.100mdk.amd64.rpm 879dfefb728b1f04c5f5e0c049cb173b amd64/10.0/RPMS/lib64gdk_pixbuf2.0_0-2.2.4-10.2.100mdk.amd64.rpm c4ac90a0f8d987a825fb1f6732e14c57 amd64/10.0/RPMS/lib64gdk_pixbuf2.0_0-devel-2.2.4-10.2.100mdk.amd64.rpm 554b74e447cda888be6ae8cb7e916761 amd64/10.0/RPMS/lib64gtk+-linuxfb-2.0_0-2.2.4-10.2.100mdk.amd64.rpm c17c2e94111421bfd631adf517fc5b57 amd64/10.0/RPMS/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-10.2.100mdk.amd64.rpm fd493ea1d4da40eedf305e2d558d41e6 amd64/10.0/RPMS/lib64gtk+-x11-2.0_0-2.2.4-10.2.100mdk.amd64.rpm 292e229535ee420bc8bbf7488225611a amd64/10.0/RPMS/lib64gtk+2.0_0-2.2.4-10.2.100mdk.amd64.rpm 827a421ac971df39a90f47467195eb75 amd64/10.0/RPMS/lib64gtk+2.0_0-devel-2.2.4-10.2.100mdk.amd64.rpm 8a7e5e9f6620200330f7800d65e02468 amd64/10.0/SRPMS/gtk+2.0-2.2.4-10.2.100mdk.src.rpm Mandrakelinux 10.1: 63bdf92cde28cd4596862acb8303db89 10.1/RPMS/gtk+2.0-2.4.9-9.1.101mdk.i586.rpm d0b44ebf0f5a32495164e3b95f836a1e 10.1/RPMS/libgdk_pixbuf2.0_0-2.4.9-9.1.101mdk.i586.rpm b61a83a21d2af5f893d010687e4ba31c 10.1/RPMS/libgdk_pixbuf2.0_0-devel-2.4.9-9.1.101mdk.i586.rpm 79e3363764cd1e005c92217b1601410d 10.1/RPMS/libgtk+-x11-2.0_0-2.4.9-9.1.101mdk.i586.rpm db1d643a7c5e8c2ea9caf3a09b08ffd1 10.1/RPMS/libgtk+2.0_0-2.4.9-9.1.101mdk.i586.rpm 825f54c99f3e0790fa563318eb0ad4f4 10.1/RPMS/libgtk+2.0_0-devel-2.4.9-9.1.101mdk.i586.rpm 73738f0963942b9266e0cb3ec2e7812b 10.1/SRPMS/gtk+2.0-2.4.9-9.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 58f3b14ddf3174f282a7fcedd2291cb2 x86_64/10.1/RPMS/gtk+2.0-2.4.9-9.1.101mdk.x86_64.rpm d0b44ebf0f5a32495164e3b95f836a1e x86_64/10.1/RPMS/libgdk_pixbuf2.0_0-2.4.9-9.1.101mdk.i586.rpm 79e3363764cd1e005c92217b1601410d x86_64/10.1/RPMS/libgtk+-x11-2.0_0-2.4.9-9.1.101mdk.i586.rpm db1d643a7c5e8c2ea9caf3a09b08ffd1 x86_64/10.1/RPMS/libgtk+2.0_0-2.4.9-9.1.101mdk.i586.rpm 0a8969769eb5197c102f9c4e26de3c9d x86_64/10.1/RPMS/lib64gdk_pixbuf2.0_0-2.4.9-9.1.101mdk.x86_64.rpm 8587febd8da71ae4ac0523f1bf3799ba x86_64/10.1/RPMS/lib64gdk_pixbuf2.0_0-devel-2.4.9-9.1.101mdk.x86_64.rpm 81a6326dd657d99ee7dd7c0677fc8ff2 x86_64/10.1/RPMS/lib64gtk+-x11-2.0_0-2.4.9-9.1.101mdk.x86_64.rpm 777f9c5fc9d83748825e0e9af165c3e3 x86_64/10.1/RPMS/lib64gtk+2.0_0-2.4.9-9.1.101mdk.x86_64.rpm 72273e60a9ff32f874239d90d5cdfd24 x86_64/10.1/RPMS/lib64gtk+2.0_0-devel-2.4.9-9.1.101mdk.x86_64.rpm 73738f0963942b9266e0cb3ec2e7812b x86_64/10.1/SRPMS/gtk+2.0-2.4.9-9.1.101mdk.src.rpm Corporate 3.0: 87c55c922e3fe5dce66fd619d6d94034 corporate/3.0/RPMS/gtk+2.0-2.2.4-10.3.C30mdk.i586.rpm 5bdfa2ded3da000da4d39c7bdb5a2edb corporate/3.0/RPMS/libgdk_pixbuf2.0_0-2.2.4-10.3.C30mdk.i586.rpm e6e00410204aff942b57b4b42ce3708a corporate/3.0/RPMS/libgdk_pixbuf2.0_0-devel-2.2.4-10.3.C30mdk.i586.rpm 7b714ac098a96754362d0e6e6b06d22a corporate/3.0/RPMS/libgtk+-linuxfb-2.0_0-2.2.4-10.3.C30mdk.i586.rpm 4f13d0dd61a046297f8ced1e78496549 corporate/3.0/RPMS/libgtk+-linuxfb-2.0_0-devel-2.2.4-10.3.C30mdk.i586.rpm 5009d264352ec2f4710d4e2d198f5178 corporate/3.0/RPMS/libgtk+-x11-2.0_0-2.2.4-10.3.C30mdk.i586.rpm 70cc0d5faecb6ade7db357bd98ae2f2c corporate/3.0/RPMS/libgtk+2.0_0-2.2.4-10.3.C30mdk.i586.rpm fe6a4d000fb5af708fec694109e56339 corporate/3.0/RPMS/libgtk+2.0_0-devel-2.2.4-10.3.C30mdk.i586.rpm cb2b245a60da7db473b9d6f95596a8e8 corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.3.C30mdk.src.rpm Corporate 3.0/X86_64: 62ba5850d9ce991c37b00d4f4c2423fc x86_64/corporate/3.0/RPMS/gtk+2.0-2.2.4-10.3.C30mdk.x86_64.rpm c3752c95681dba01c2862559099ae28c x86_64/corporate/3.0/RPMS/lib64gdk_pixbuf2.0_0-2.2.4-10.3.C30mdk.x86_64.rpm c60a80e68525611932a2be6c5a224471 x86_64/corporate/3.0/RPMS/lib64gdk_pixbuf2.0_0-devel-2.2.4-10.3.C30mdk.x86_64.rpm 493ef92d6e50f9399303015c73d74bdd x86_64/corporate/3.0/RPMS/lib64gtk+-linuxfb-2.0_0-2.2.4-10.3.C30mdk.x86_64.rpm 0b60bc13179cb5563580bcfe78754065 x86_64/corporate/3.0/RPMS/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-10.3.C30mdk.x86_64.rpm 93ca4819c1be2754e0b45fafebe12133 x86_64/corporate/3.0/RPMS/lib64gtk+-x11-2.0_0-2.2.4-10.3.C30mdk.x86_64.rpm 313c17b002cde662476654bca69a887b x86_64/corporate/3.0/RPMS/lib64gtk+2.0_0-2.2.4-10.3.C30mdk.x86_64.rpm 730e178acc1c61b370490b7aaf71bb5f x86_64/corporate/3.0/RPMS/lib64gtk+2.0_0-devel-2.2.4-10.3.C30mdk.x86_64.rpm cb2b245a60da7db473b9d6f95596a8e8 x86_64/corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.3.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCVbcPmqjQ0CJFipgRAgiaAKCLaa9bsCxjetQNQ46K4d3AcLe+kwCdFCuo zTSJivJXoAzKnQyRC9GJtYU= =DEei -----END PGP SIGNATURE-----