VUPEN Security - Mandriva Security Update Fixes GTK2 "GdkPixbufLoader()" Denial of Service Vulnerability / Exploit (Security Advisories)

	Contact \| Site en Français

VUPEN VNS v4.0

Features and Options

Free 14-Day Trial

Partner Program

Receive More Information

Latest Intelligence

VUPEN Security Advisories

Virus and Malware Alerts

VUPEN Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Mandriva Security Update Fixes GTK2 "GdkPixbufLoader()" Denial of Service Vulnerability

Title : Mandriva Security Update Fixes GTK2 "GdkPixbufLoader()" Denial of Service Vulnerability
VUPEN ID : VUPEN/ADV-2007-0515
CVE ID : CVE-2007-0010
CWE ID : VUPEN VNS Only

CVSS V2 : VUPEN VNS Only

Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-08

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Mandriva has released security updates to address a vulnerability identified in gtk+2.0. This issue could be exploited by attackers to cause a denial of service. For additional information, see : VUPEN/ADV-2007-0331

Affected Products

Mandriva Linux 2007.0
Mandriva Corporate 3.0
Mandriva Corporate 4.0

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
6b0b76ba984d8432cca4e8d938c51844 2007.0/i586/gtk+2.0-2.10.3-5.3mdv2007.0.i586.rpm
015aa62677f20cf6b9f89301014ccf4d 2007.0/i586/libgdk_pixbuf2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
8f6bc5e09ee08263633e3601d1d21069 2007.0/i586/libgdk_pixbuf2.0_0-devel-2.10.3-5.3mdv2007.0.i586.rpm
ef1f5a96362f5fafb982520897283919 2007.0/i586/libgtk+-x11-2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
b96eeb174cba468e8064890668b43a56 2007.0/i586/libgtk+2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
65f2ea83177a38b1682f4d4e5e633aea 2007.0/i586/libgtk+2.0_0-devel-2.10.3-5.3mdv2007.0.i586.rpm
4f15cba4c1c1b6e37dfe9f0b5b73401c 2007.0/SRPMS/gtk+2.0-2.10.3-5.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
b2470dc8cd884cf15dc47e29dbdb36de 2007.0/x86_64/gtk+2.0-2.10.3-5.3mdv2007.0.x86_64.rpm
11d3f44a7f55f4899984e33a07c8f722 2007.0/x86_64/lib64gdk_pixbuf2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
33c26bea1a14b147f41e45467d6894e3 2007.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.10.3-5.3mdv2007.0.x86_64.rpm
2e3855166383646465a01bd56e1529b7 2007.0/x86_64/lib64gtk+-x11-2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
4fea83682012ad4c5571e205b04dc7d1 2007.0/x86_64/lib64gtk+2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
04f7f152d4e99d6c71043554e2adfa3a 2007.0/x86_64/lib64gtk+2.0_0-devel-2.10.3-5.3mdv2007.0.x86_64.rpm
4f15cba4c1c1b6e37dfe9f0b5b73401c 2007.0/SRPMS/gtk+2.0-2.10.3-5.3mdv2007.0.src.rpm

Corporate 3.0:
7d4501132efb62d24276152ccc23a2e0 corporate/3.0/i586/gtk+2.0-2.2.4-10.6.C30mdk.i586.rpm
f8828f652ae310e3de135f181e3c6f19 corporate/3.0/i586/libgdk_pixbuf2.0_0-2.2.4-10.6.C30mdk.i586.rpm
d99f6327006f96e8b170c20500d64985 corporate/3.0/i586/libgdk_pixbuf2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
f2a98b2036167b780e87e2cd0d105983 corporate/3.0/i586/libgtk+-linuxfb-2.0_0-2.2.4-10.6.C30mdk.i586.rpm
e28fbfc9664db29c37517ca8957647c0 corporate/3.0/i586/libgtk+-linuxfb-2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
8b80464f88674e0bf5f7ed06efafcb72 corporate/3.0/i586/libgtk+-x11-2.0_0-2.2.4-10.6.C30mdk.i586.rpm
b154589c077c790b1f71379194ed84a6 corporate/3.0/i586/libgtk+2.0_0-2.2.4-10.6.C30mdk.i586.rpm
819ee9fa563420c37d7cae612c3a6bec corporate/3.0/i586/libgtk+2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
dbe156cf5e976fc744b635eab3e88884 corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
bed655ae3c4d6635e87488eefebe7e12 corporate/3.0/x86_64/gtk+2.0-2.2.4-10.6.C30mdk.x86_64.rpm
369daff90b35687abae6ad34cf513af3 corporate/3.0/x86_64/lib64gdk_pixbuf2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
3675f57dd8e738cd1674db6518cd7c0d corporate/3.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
28dfaebd73dacca8fc2497caeac619a5 corporate/3.0/x86_64/lib64gtk+-linuxfb-2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
22b487085911cce6fa8a5f2d6557009b corporate/3.0/x86_64/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
e0cf2152fc480ab73e4236de7a186d23 corporate/3.0/x86_64/lib64gtk+-x11-2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
512547fd9c3efca43b7c000fdbaedec3 corporate/3.0/x86_64/lib64gtk+2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
4aac840549a80fa69f5f527ce6b09421 corporate/3.0/x86_64/lib64gtk+2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
dbe156cf5e976fc744b635eab3e88884 corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.6.C30mdk.src.rpm

Corporate 4.0:
ab946717fc68226a2fbb8964fa4a9cb4 corporate/4.0/i586/gtk+2.0-2.8.3-4.3.20060mlcs4.i586.rpm
28f5073f9effbb65613c2f7b6ceae180 corporate/4.0/i586/libgdk_pixbuf2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
0b32eb04192333a7ae6c297befca476f corporate/4.0/i586/libgdk_pixbuf2.0_0-devel-2.8.3-4.3.20060mlcs4.i586.rpm
d2054c43e2fcc262c35ae3bd18736b69 corporate/4.0/i586/libgtk+-x11-2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
28f6ac38124b6a46a22e83f870c93693 corporate/4.0/i586/libgtk+2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
f9cd95997500fe783119dd1fe797bf85 corporate/4.0/i586/libgtk+2.0_0-devel-2.8.3-4.3.20060mlcs4.i586.rpm
fd9738d1b171f76decea52a1abd344a2 corporate/4.0/SRPMS/gtk+2.0-2.8.3-4.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
0e705604eb73b7c181d3b7663e39e664 corporate/4.0/x86_64/gtk+2.0-2.8.3-4.3.20060mlcs4.x86_64.rpm
808a4be8218c00b62057de06edae248c corporate/4.0/x86_64/lib64gdk_pixbuf2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
379c2977cf755ab760d5693dcaa28be0 corporate/4.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.8.3-4.3.20060mlcs4.x86_64.rpm
193c57c8073552decc25d755536db21d corporate/4.0/x86_64/lib64gtk+-x11-2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
1c2e7713425fc786bd7a60b4fe106d28 corporate/4.0/x86_64/lib64gtk+2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
b8436740a32a0fce48bdb9df3234b1f6 corporate/4.0/x86_64/lib64gtk+2.0_0-devel-2.8.3-4.3.20060mlcs4.x86_64.rpm
fd9738d1b171f76decea52a1abd344a2 corporate/4.0/SRPMS/gtk+2.0-2.8.3-4.3.20060mlcs4.src.rpm

References

http://www.vupen.com/english/advisories/2007/0515
http://archives.mandrivalinux.com/security-announce/2007-02/msg00008.php

ChangeLog

2007-02-08 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

VUPEN Vulnerability
Notification Service

Latest Advisories

>> 2010-03-19

CA ARCserve Backup JRE Code Execution and Security Bypass Issues

>> 2010-03-19

Debian Security Update Fixes PHP XML-RPC Denial of Service Issue

>> 2010-03-19

Ubuntu Security Update Fixes Thunderbird Multiple Vulnerabilities

>> 2010-03-18

IBM DB2 Content Manager Web Services Single Sign-on Vulnerability

>> 2010-03-18

Transmission "tr_magnetParse()" Magnet Buffer Overflow Vulnerability

More Informations