|
|
|
>>
VUPEN Security / Public Mailing Lists Mirror |
Assigned : VUPEN/ADV-2005-2436
From : "Matthias Clasen" <mclasen at redhat.com>
Subject : Fedora Core 3 Update: gdk-pixbuf-0.22.0-16.fc3.3
Date : 2005-11-15
Original Message
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1086
2005-11-15
---------------------------------------------------------------------
Product : Fedora Core 3
Name : gdk-pixbuf
Version : 0.22.0
Release : 16.fc3.3
Summary : An image loading library used with GNOME.
Description :
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.
---------------------------------------------------------------------
Update Information:
The gdk-pixbuf package contains an image loading library
used with the GNOME GUI desktop environment.
A bug was found in the way gdk-pixbuf processes XPM images.
An attacker could create a carefully crafted XPM file in
such a way that it could cause an application linked with
gdk-pixbuf to execute arbitrary code when the file was
opened by a victim. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-3186 to this issue.
Ludwig Nussel discovered an integer overflow bug in the way
gdk-pixbuf processes XPM images. An attacker could create a
carefully crafted XPM file in such a way that it could cause
an application linked with gdk-pixbuf to execute arbitrary
code or crash when the file was opened by a victim. The
Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-2976 to this issue.
Ludwig Nussel also discovered an infinite-loop denial of
service bug in the way gdk-pixbuf processes XPM images. An
attacker could create a carefully crafted XPM file in such a
way that it could cause an application linked with
gdk-pixbuf to stop responding when the file was opened by a
victim. The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-2975 to this issue.
Users of gdk-pixbuf are advised to upgrade to these updated
packages, which contain backported patches and are not
vulnerable to these issues.
---------------------------------------------------------------------
* Mon Oct 31 2005 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-16.fc3.3
- Prevent another integer overflow in the xpm loader (#171901, CVE-2005-2976)
- Prevent an infinite loop in the xpm loader (#171901, CVE-2005-2976)
* Wed Oct 19 2005 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-16.fc3.2
- Prevent an integer overflow in the xpm loader (#171073, CVE-2005-3186)
- Backport the noexecstack patch from FC-4
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
36ab9c1c4f1cd6e9b1797da558737ff7 SRPMS/gdk-pixbuf-0.22.0-16.fc3.3.src.rpm
d3246e0d9f3f4c34e0f927a1e236be25 x86_64/gdk-pixbuf-0.22.0-16.fc3.3.x86_64.rpm
9672ba672933f8b4a8f2970395afe517 x86_64/gdk-pixbuf-devel-0.22.0-16.fc3.3.x86_64.rpm
b6d4bb7e18c74776e64cb4336da1bf37 x86_64/gdk-pixbuf-gnome-0.22.0-16.fc3.3.x86_64.rpm
8932ddbd550b967b0fa527a1094ff007 x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-16.fc3.3.x86_64.rpm
726dcbf604c857dd1a7e052cbd866d56 x86_64/gdk-pixbuf-0.22.0-16.fc3.3.i386.rpm
726dcbf604c857dd1a7e052cbd866d56 i386/gdk-pixbuf-0.22.0-16.fc3.3.i386.rpm
0b0866675e8a54cde5bd750fce59195f i386/gdk-pixbuf-devel-0.22.0-16.fc3.3.i386.rpm
fe1596cf330e88c2f4c15155207ea30d i386/gdk-pixbuf-gnome-0.22.0-16.fc3.3.i386.rpm
f3cf4719daf4ba9fbf6e558a45fb4c67 i386/debug/gdk-pixbuf-debuginfo-0.22.0-16.fc3.3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list
Disclaimer : VUPEN Security does not endorse the content of this
message submitted by others to public mailinglists. Messages submitted to public
mailinglists do not necessarily reflect the opinions or policies of VUPEN Security.
VUPEN Security makes no warranties, express or implied, as to the content of the message
in this page or the accuracy and reliability of any messages and other materials
submitted to public mailinglists. Any questions or comments regarding this page
should be sent to
team@vupen.com
|
|
|
|
|
|
Monthly Statistics |
 |
|
|
|
| |
|
Try VUPEN
VNS |
 |
|
 |
|
| |
|
 |
| |
|
|
|
|
