Red Hat Product Errata RHSA-2005:343 - Security Advisory
Issued:
2005-04-05
Updated:
2005-04-05

RHSA-2005:343 - Security Advisory

Synopsis

gdk-pixbuf security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated gdk-pixbuf packages that fix a double free vulnerability are now
available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment.

A bug was found in the way gdk-pixbuf processes BMP images. It is possible
that a specially crafted BMP image could cause a denial of service attack
on applications linked against gdk-pixbuf. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to
this issue.

Users of gdk-pixbuf are advised to upgrade to these packages, which contain
a backported patch and is not vulnerable to this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server 2 ia64
  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Workstation 2 ia64
  • Red Hat Enterprise Linux Workstation 2 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

  • BZ - 152315 - CAN-2005-0891 gdk-pixbuf BMP double free DoS

References

(none)

Red Hat Enterprise Linux Server 4

SRPM
x86_64
gdk-pixbuf-0.22.0-16.el4.i386.rpm SHA-256: 943c850528795a7ccb7fdf8039dc84d3904ea60de09a7e3fd96f8f8289dcf82a
gdk-pixbuf-0.22.0-16.el4.i386.rpm SHA-256: 943c850528795a7ccb7fdf8039dc84d3904ea60de09a7e3fd96f8f8289dcf82a
gdk-pixbuf-0.22.0-16.el4.x86_64.rpm SHA-256: 073044aab79817194414b829e44a4e84a54614d357af600434da861989d8980f
gdk-pixbuf-0.22.0-16.el4.x86_64.rpm SHA-256: 073044aab79817194414b829e44a4e84a54614d357af600434da861989d8980f
gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm SHA-256: 46a4fcf7fcc25864ee67de0b6629365bf08bd170dddb86a6a58aba38ccb705b3
gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm SHA-256: 46a4fcf7fcc25864ee67de0b6629365bf08bd170dddb86a6a58aba38ccb705b3
ia64
gdk-pixbuf-0.22.0-16.el4.i386.rpm SHA-256: 943c850528795a7ccb7fdf8039dc84d3904ea60de09a7e3fd96f8f8289dcf82a
gdk-pixbuf-0.22.0-16.el4.i386.rpm SHA-256: 943c850528795a7ccb7fdf8039dc84d3904ea60de09a7e3fd96f8f8289dcf82a
gdk-pixbuf-0.22.0-16.el4.ia64.rpm SHA-256: d157a56aed306cbb1bc827963095b9737668281041394e33205d38f5a28ab374
gdk-pixbuf-0.22.0-16.el4.ia64.rpm SHA-256: d157a56aed306cbb1bc827963095b9737668281041394e33205d38f5a28ab374
gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm SHA-256: 295d52ad2b050694b320b4ea885b836ea25c52b954f6ca70089e1b96567fc96d
gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm SHA-256: 295d52ad2b050694b320b4ea885b836ea25c52b954f6ca70089e1b96567fc96d
i386
gdk-pixbuf-0.22.0-16.el4.i386.rpm SHA-256: 943c850528795a7ccb7fdf8039dc84d3904ea60de09a7e3fd96f8f8289dcf82a
gdk-pixbuf-0.22.0-16.el4.i386.rpm SHA-256: 943c850528795a7ccb7fdf8039dc84d3904ea60de09a7e3fd96f8f8289dcf82a
gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm SHA-256: 494158795d6b82d0d009f6643dc594b3ec7b1c1d50c4cbf2153fbaaf6af8362b
gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm SHA-256: 494158795d6b82d0d009f6643dc594b3ec7b1c1d50c4cbf2153fbaaf6af8362b

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
gdk-pixbuf-0.22.0-16.el4.i386.rpm SHA-256: 943c850528795a7ccb7fdf8039dc84d3904ea60de09a7e3fd96f8f8289dcf82a
gdk-pixbuf-0.22.0-16.el4.x86_64.rpm SHA-256: 073044aab79817194414b829e44a4e84a54614d357af600434da861989d8980f
gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm SHA-256: 46a4fcf7fcc25864ee67de0b6629365bf08bd170dddb86a6a58aba38ccb705b3
ia64
gdk-pixbuf-0.22.0-16.el4.i386.rpm SHA-256: 943c850528795a7ccb7fdf8039dc84d3904ea60de09a7e3fd96f8f8289dcf82a
gdk-pixbuf-0.22.0-16.el4.ia64.rpm SHA-256: d157a56aed306cbb1bc827963095b9737668281041394e33205d38f5a28ab374
gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm SHA-256: 295d52ad2b050694b320b4ea885b836ea25c52b954f6ca70089e1b96567fc96d
i386
gdk-pixbuf-0.22.0-16.el4.i386.rpm SHA-256: 943c850528795a7ccb7fdf8039dc84d3904ea60de09a7e3fd96f8f8289dcf82a
gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm SHA-256: 494158795d6b82d0d009f6643dc594b3ec7b1c1d50c4cbf2153fbaaf6af8362b

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
gdk-pixbuf-0.22.0-16.el4.i386.rpm SHA-256: 943c850528795a7ccb7fdf8039dc84d3904ea60de09a7e3fd96f8f8289dcf82a
gdk-pixbuf-0.22.0-16.el4.x86_64.rpm SHA-256: 073044aab79817194414b829e44a4e84a54614d357af600434da861989d8980f
gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm SHA-256: 46a4fcf7fcc25864ee67de0b6629365bf08bd170dddb86a6a58aba38ccb705b3
i386
gdk-pixbuf-0.22.0-16.el4.i386.rpm SHA-256: 943c850528795a7ccb7fdf8039dc84d3904ea60de09a7e3fd96f8f8289dcf82a
gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm SHA-256: 494158795d6b82d0d009f6643dc594b3ec7b1c1d50c4cbf2153fbaaf6af8362b

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
gdk-pixbuf-0.22.0-16.el4.s390.rpm SHA-256: edc2737607ced2dfdeb69e219a6db29a525b608afb293f434a7f6cb45a666f80
gdk-pixbuf-0.22.0-16.el4.s390x.rpm SHA-256: 89d16942655e2df70407817d2442a88da5342f11f0f966beb3024890b6d02edb
gdk-pixbuf-devel-0.22.0-16.el4.s390x.rpm SHA-256: f3e03a899737052b2fbdf8e9e45990db13a3b006cd542f8c5c03fadf16c85c2f
s390
gdk-pixbuf-0.22.0-16.el4.s390.rpm SHA-256: edc2737607ced2dfdeb69e219a6db29a525b608afb293f434a7f6cb45a666f80
gdk-pixbuf-devel-0.22.0-16.el4.s390.rpm SHA-256: d11b61f904b9c53bfed340b7c095abbd8f714aacfae802acf9c9af41527997d1

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
gdk-pixbuf-0.22.0-16.el4.ppc.rpm SHA-256: 92006cb59531ba413d113be015366e251a47e540d0322550a97b0ab446b91cf7
gdk-pixbuf-0.22.0-16.el4.ppc64.rpm SHA-256: 60c8392c8c2021216f21f5df1817dd3adf959f9c84e73bd7d11e8f2a73943f19
gdk-pixbuf-devel-0.22.0-16.el4.ppc.rpm SHA-256: fe3f306e5e780fa5c2a596af408f35470a648a10adc7115e8663950f4eeb5c81

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.