Date: 06 April 2005
References: ESB-2005.0264 ESB-2005.0555
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2005.0276 -- RHSA-2005:343-01
Important: gdk-pixbuf security update
6 April 2005
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: gdk-pixbuf
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 4
Red Hat Desktop version 4
Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Impact: Denial of Service
Access: Remote/Unauthenticated
CVE Names: CAN-2005-0891
Ref: ESB-2005.0264
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-343.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: gdk-pixbuf security update
Advisory ID: RHSA-2005:343-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-343.html
Issue date: 2005-04-05
Updated on: 2005-04-05
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0891
- - ---------------------------------------------------------------------
1. Summary:
Updated gdk-pixbuf packages that fix a double free vulnerability are now
available.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment.
A bug was found in the way gdk-pixbuf processes BMP images. It is possible
that a specially crafted BMP image could cause a denial of service attack
on applications linked against gdk-pixbuf. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to
this issue.
Users of gdk-pixbuf are advised to upgrade to these packages, which contain
a backported patch and is not vulnerable to this issue.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
152315 - CAN-2005-0891 gdk-pixbuf BMP double free DoS
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.src.rpm
cd150c0707736057ed148da2f4f716c8 gdk-pixbuf-0.22.0-12.el2.src.rpm
i386:
7dfdd5d16a91e64380970e56d490c471 gdk-pixbuf-0.22.0-12.el2.i386.rpm
be7486b35d88c407fef24c541e525dc1 gdk-pixbuf-devel-0.22.0-12.el2.i386.rpm
9af7825523aeeff36cb7633e3cdc4403 gdk-pixbuf-gnome-0.22.0-12.el2.i386.rpm
ia64:
f6c266be7bb786fcaa6a7025719bd74f gdk-pixbuf-0.22.0-12.el2.ia64.rpm
6d344d3c48fac3320b5c7b4c34a28018 gdk-pixbuf-devel-0.22.0-12.el2.ia64.rpm
f6cfeb5bcf4e5da379fc8dd31811224d gdk-pixbuf-gnome-0.22.0-12.el2.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.src.rpm
cd150c0707736057ed148da2f4f716c8 gdk-pixbuf-0.22.0-12.el2.src.rpm
ia64:
f6c266be7bb786fcaa6a7025719bd74f gdk-pixbuf-0.22.0-12.el2.ia64.rpm
6d344d3c48fac3320b5c7b4c34a28018 gdk-pixbuf-devel-0.22.0-12.el2.ia64.rpm
f6cfeb5bcf4e5da379fc8dd31811224d gdk-pixbuf-gnome-0.22.0-12.el2.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.src.rpm
cd150c0707736057ed148da2f4f716c8 gdk-pixbuf-0.22.0-12.el2.src.rpm
i386:
7dfdd5d16a91e64380970e56d490c471 gdk-pixbuf-0.22.0-12.el2.i386.rpm
be7486b35d88c407fef24c541e525dc1 gdk-pixbuf-devel-0.22.0-12.el2.i386.rpm
9af7825523aeeff36cb7633e3cdc4403 gdk-pixbuf-gnome-0.22.0-12.el2.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.src.rpm
cd150c0707736057ed148da2f4f716c8 gdk-pixbuf-0.22.0-12.el2.src.rpm
i386:
7dfdd5d16a91e64380970e56d490c471 gdk-pixbuf-0.22.0-12.el2.i386.rpm
be7486b35d88c407fef24c541e525dc1 gdk-pixbuf-devel-0.22.0-12.el2.i386.rpm
9af7825523aeeff36cb7633e3cdc4403 gdk-pixbuf-gnome-0.22.0-12.el2.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el3.src.rpm
976b86cf75b4e7a59bceee5b4edc9a97 gdk-pixbuf-0.22.0-12.el3.src.rpm
i386:
2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm
f865db4cd92f7395a9ef0769d6fd3c08 gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm
c1d243418786af9aa77f93343feb4e9c gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm
ia64:
41f620654091eee65af1e2a7caa4c629 gdk-pixbuf-0.22.0-12.el3.ia64.rpm
2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm
e88d2b283b5ba14c9e17cf0fa0ff5632 gdk-pixbuf-devel-0.22.0-12.el3.ia64.rpm
d0747f8cc77eff6781978f265417ed09 gdk-pixbuf-gnome-0.22.0-12.el3.ia64.rpm
ppc:
dcde354069b804f3b32855b53915e2f0 gdk-pixbuf-0.22.0-12.el3.ppc.rpm
0cdbb62e276af7694d007568070c87ff gdk-pixbuf-0.22.0-12.el3.ppc64.rpm
f1a2be2fee1859d6f70d5747b8823706 gdk-pixbuf-devel-0.22.0-12.el3.ppc.rpm
d1e0b31da885fd13c984f03b1a6cf92f gdk-pixbuf-gnome-0.22.0-12.el3.ppc.rpm
s390:
22877fb2b5a75cdcdf523ab4585fd2c7 gdk-pixbuf-0.22.0-12.el3.s390.rpm
a4acd9d3eb0eb28836fcc360e76f1122 gdk-pixbuf-devel-0.22.0-12.el3.s390.rpm
6b2ed0bcdb22c2253988e8b99926a533 gdk-pixbuf-gnome-0.22.0-12.el3.s390.rpm
s390x:
17a78e9783fb3d9fb966c90d15052889 gdk-pixbuf-0.22.0-12.el3.s390x.rpm
22877fb2b5a75cdcdf523ab4585fd2c7 gdk-pixbuf-0.22.0-12.el3.s390.rpm
d720e8670862c620fa40860ae9ff58cc gdk-pixbuf-devel-0.22.0-12.el3.s390x.rpm
edb7f22d7e8a37e7659d21a1f1b1357a gdk-pixbuf-gnome-0.22.0-12.el3.s390x.rpm
x86_64:
c1b4180a28bf65b5133c5eefa24b93a0 gdk-pixbuf-0.22.0-12.el3.x86_64.rpm
2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm
205637111511ee684cee2a7f55faa0f1 gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm
d6f7574029cdbdf29136463bf8034266 gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el3.src.rpm
976b86cf75b4e7a59bceee5b4edc9a97 gdk-pixbuf-0.22.0-12.el3.src.rpm
i386:
2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm
f865db4cd92f7395a9ef0769d6fd3c08 gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm
c1d243418786af9aa77f93343feb4e9c gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm
x86_64:
c1b4180a28bf65b5133c5eefa24b93a0 gdk-pixbuf-0.22.0-12.el3.x86_64.rpm
2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm
205637111511ee684cee2a7f55faa0f1 gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm
d6f7574029cdbdf29136463bf8034266 gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el3.src.rpm
976b86cf75b4e7a59bceee5b4edc9a97 gdk-pixbuf-0.22.0-12.el3.src.rpm
i386:
2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm
f865db4cd92f7395a9ef0769d6fd3c08 gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm
c1d243418786af9aa77f93343feb4e9c gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm
ia64:
41f620654091eee65af1e2a7caa4c629 gdk-pixbuf-0.22.0-12.el3.ia64.rpm
2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm
e88d2b283b5ba14c9e17cf0fa0ff5632 gdk-pixbuf-devel-0.22.0-12.el3.ia64.rpm
d0747f8cc77eff6781978f265417ed09 gdk-pixbuf-gnome-0.22.0-12.el3.ia64.rpm
x86_64:
c1b4180a28bf65b5133c5eefa24b93a0 gdk-pixbuf-0.22.0-12.el3.x86_64.rpm
2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm
205637111511ee684cee2a7f55faa0f1 gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm
d6f7574029cdbdf29136463bf8034266 gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el3.src.rpm
976b86cf75b4e7a59bceee5b4edc9a97 gdk-pixbuf-0.22.0-12.el3.src.rpm
i386:
2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm
f865db4cd92f7395a9ef0769d6fd3c08 gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm
c1d243418786af9aa77f93343feb4e9c gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm
ia64:
41f620654091eee65af1e2a7caa4c629 gdk-pixbuf-0.22.0-12.el3.ia64.rpm
2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm
e88d2b283b5ba14c9e17cf0fa0ff5632 gdk-pixbuf-devel-0.22.0-12.el3.ia64.rpm
d0747f8cc77eff6781978f265417ed09 gdk-pixbuf-gnome-0.22.0-12.el3.ia64.rpm
x86_64:
c1b4180a28bf65b5133c5eefa24b93a0 gdk-pixbuf-0.22.0-12.el3.x86_64.rpm
2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm
205637111511ee684cee2a7f55faa0f1 gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm
d6f7574029cdbdf29136463bf8034266 gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gdk-pixbuf-0.22.0-16.el4.src.rpm
d1ebd19ea75268ebcc3f06824a4a572c gdk-pixbuf-0.22.0-16.el4.src.rpm
i386:
0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm
c8072476dff533717a389f6fb32f978d gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm
ia64:
7ff5fe095b30974df15e143b0d7e929e gdk-pixbuf-0.22.0-16.el4.ia64.rpm
0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm
be7e5e039520062ff027c2f482728fde gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm
ppc:
67814460f4036204f6a6061239d8748f gdk-pixbuf-0.22.0-16.el4.ppc.rpm
3c01305b14fa397a13b6e3faea132bd0 gdk-pixbuf-0.22.0-16.el4.ppc64.rpm
1e85a9e6c3c78def4fdaaa07f5b4fe3c gdk-pixbuf-devel-0.22.0-16.el4.ppc.rpm
s390:
1864bf760c9f2dcbe7983df29099a225 gdk-pixbuf-0.22.0-16.el4.s390.rpm
ed820e2cb04141a57ac381bca8d6332a gdk-pixbuf-devel-0.22.0-16.el4.s390.rpm
s390x:
a3f558d6b7370c864a6771412d1a2513 gdk-pixbuf-0.22.0-16.el4.s390x.rpm
1864bf760c9f2dcbe7983df29099a225 gdk-pixbuf-0.22.0-16.el4.s390.rpm
3c11f5939e9ac8d2e6eb5e6177b733d8 gdk-pixbuf-devel-0.22.0-16.el4.s390x.rpm
x86_64:
61f8e510098ebd12f32a7e479d0026d7 gdk-pixbuf-0.22.0-16.el4.x86_64.rpm
0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm
c94e5cee6ee5c19dd49f7371e8fddb78 gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gdk-pixbuf-0.22.0-16.el4.src.rpm
d1ebd19ea75268ebcc3f06824a4a572c gdk-pixbuf-0.22.0-16.el4.src.rpm
i386:
0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm
c8072476dff533717a389f6fb32f978d gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm
x86_64:
61f8e510098ebd12f32a7e479d0026d7 gdk-pixbuf-0.22.0-16.el4.x86_64.rpm
0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm
c94e5cee6ee5c19dd49f7371e8fddb78 gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gdk-pixbuf-0.22.0-16.el4.src.rpm
d1ebd19ea75268ebcc3f06824a4a572c gdk-pixbuf-0.22.0-16.el4.src.rpm
i386:
0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm
c8072476dff533717a389f6fb32f978d gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm
ia64:
7ff5fe095b30974df15e143b0d7e929e gdk-pixbuf-0.22.0-16.el4.ia64.rpm
0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm
be7e5e039520062ff027c2f482728fde gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm
x86_64:
61f8e510098ebd12f32a7e479d0026d7 gdk-pixbuf-0.22.0-16.el4.x86_64.rpm
0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm
c94e5cee6ee5c19dd49f7371e8fddb78 gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gdk-pixbuf-0.22.0-16.el4.src.rpm
d1ebd19ea75268ebcc3f06824a4a572c gdk-pixbuf-0.22.0-16.el4.src.rpm
i386:
0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm
c8072476dff533717a389f6fb32f978d gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm
ia64:
7ff5fe095b30974df15e143b0d7e929e gdk-pixbuf-0.22.0-16.el4.ia64.rpm
0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm
be7e5e039520062ff027c2f482728fde gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm
x86_64:
61f8e510098ebd12f32a7e479d0026d7 gdk-pixbuf-0.22.0-16.el4.x86_64.rpm
0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm
c94e5cee6ee5c19dd49f7371e8fddb78 gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0891
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFCUq1qXlSAg2UNWIIRApawAJ9aFHteb4s0s6rNQOIyPr2GGG6gPwCfUa8H
8Z7usb1gquvJu/DCWdqAKww=
=Dlo2
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQlM4Hih9+71yA2DNAQKRdQP/UFuJ0aIQDnGsAFL8HOsefao0K4SfFSs8
TKBMVi0QQHlmNP2QG02x8eNQHClfPm8k4jSSoheBR37fnjxjmqqlEVXJiuypXq3O
gCAMXiam6xvhxn4R/p4AWdRtDKBm/q5YtWmiveoDtIaUDoKYiQN8FY4y6sHhg/++
pRvLzAwf4sw=
=ogX9
-----END PGP SIGNATURE-----
|