Issued:
2005-11-15
Updated:
2005-11-15

RHSA-2005:810 - Security Advisory

Synopsis

gdk-pixbuf security update

Type/Severity

Security Advisory: Important

Topic

Updated gdk-pixbuf packages that fix several security issues are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment.

A bug was found in the way gdk-pixbuf processes XPM images. An attacker
could create a carefully crafted XPM file in such a way that it could cause
an application linked with gdk-pixbuf to execute arbitrary code when the
file was opened by a victim. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf
processes XPM images. An attacker could create a carefully crafted XPM file
in such a way that it could cause an application linked with gdk-pixbuf to
execute arbitrary code or crash when the file was opened by a victim. The
Common Vulnerabilities and Exposures project has assigned the name
CVE-2005-2976 to this issue.

Ludwig Nussel also discovered an infinite-loop denial of service bug in the
way gdk-pixbuf processes XPM images. An attacker could create a carefully
crafted XPM file in such a way that it could cause an application linked
with gdk-pixbuf to stop responding when the file was opened by a victim.
The Common Vulnerabilities and Exposures project has assigned the name
CVE-2005-2975 to this issue.

Users of gdk-pixbuf are advised to upgrade to these updated packages, which
contain backported patches and are not vulnerable to these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server 2 ia64
  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Workstation 2 ia64
  • Red Hat Enterprise Linux Workstation 2 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

  • BZ - 171071 - CVE-2005-3186 XPM buffer overflow
  • BZ - 171900 - CVE-2005-2975 Multiple XPM processing issues (CVE-2005-2976)

CVEs

References

(none)

Red Hat Enterprise Linux Server 4

SRPM
x86_64
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm SHA-256: 96e69173ff9d688c5c862ce6f479d13f66cfb50e3126508b2a1cb1165fe1a7a6
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm SHA-256: 96e69173ff9d688c5c862ce6f479d13f66cfb50e3126508b2a1cb1165fe1a7a6
gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm SHA-256: 27dbc3c116e076213e0e826c80081a21bb849caefa2d3c7d7b3b56d80210c357
gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm SHA-256: 27dbc3c116e076213e0e826c80081a21bb849caefa2d3c7d7b3b56d80210c357
gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm SHA-256: ec99bc037569d37f31db8d30b65de13e2ba37658211e62fb000fb81275d4d44a
gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm SHA-256: ec99bc037569d37f31db8d30b65de13e2ba37658211e62fb000fb81275d4d44a
ia64
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm SHA-256: 96e69173ff9d688c5c862ce6f479d13f66cfb50e3126508b2a1cb1165fe1a7a6
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm SHA-256: 96e69173ff9d688c5c862ce6f479d13f66cfb50e3126508b2a1cb1165fe1a7a6
gdk-pixbuf-0.22.0-17.el4.3.ia64.rpm SHA-256: 9c51aa5b6e5f43ddf4c168869c218913a83d51ba040b710321f4edff3a969e35
gdk-pixbuf-0.22.0-17.el4.3.ia64.rpm SHA-256: 9c51aa5b6e5f43ddf4c168869c218913a83d51ba040b710321f4edff3a969e35
gdk-pixbuf-devel-0.22.0-17.el4.3.ia64.rpm SHA-256: 27569e9df964c89d856e4f2f53db77d4d0f3bf8cebfa20b420126afc7730591f
gdk-pixbuf-devel-0.22.0-17.el4.3.ia64.rpm SHA-256: 27569e9df964c89d856e4f2f53db77d4d0f3bf8cebfa20b420126afc7730591f
i386
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm SHA-256: 96e69173ff9d688c5c862ce6f479d13f66cfb50e3126508b2a1cb1165fe1a7a6
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm SHA-256: 96e69173ff9d688c5c862ce6f479d13f66cfb50e3126508b2a1cb1165fe1a7a6
gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm SHA-256: 83c619f93922fcd6f15d880b86927471477b2fcf63e13b946e86e15aa95c443c
gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm SHA-256: 83c619f93922fcd6f15d880b86927471477b2fcf63e13b946e86e15aa95c443c

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm SHA-256: 96e69173ff9d688c5c862ce6f479d13f66cfb50e3126508b2a1cb1165fe1a7a6
gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm SHA-256: 27dbc3c116e076213e0e826c80081a21bb849caefa2d3c7d7b3b56d80210c357
gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm SHA-256: ec99bc037569d37f31db8d30b65de13e2ba37658211e62fb000fb81275d4d44a
ia64
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm SHA-256: 96e69173ff9d688c5c862ce6f479d13f66cfb50e3126508b2a1cb1165fe1a7a6
gdk-pixbuf-0.22.0-17.el4.3.ia64.rpm SHA-256: 9c51aa5b6e5f43ddf4c168869c218913a83d51ba040b710321f4edff3a969e35
gdk-pixbuf-devel-0.22.0-17.el4.3.ia64.rpm SHA-256: 27569e9df964c89d856e4f2f53db77d4d0f3bf8cebfa20b420126afc7730591f
i386
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm SHA-256: 96e69173ff9d688c5c862ce6f479d13f66cfb50e3126508b2a1cb1165fe1a7a6
gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm SHA-256: 83c619f93922fcd6f15d880b86927471477b2fcf63e13b946e86e15aa95c443c

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm SHA-256: 96e69173ff9d688c5c862ce6f479d13f66cfb50e3126508b2a1cb1165fe1a7a6
gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm SHA-256: 27dbc3c116e076213e0e826c80081a21bb849caefa2d3c7d7b3b56d80210c357
gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm SHA-256: ec99bc037569d37f31db8d30b65de13e2ba37658211e62fb000fb81275d4d44a
i386
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm SHA-256: 96e69173ff9d688c5c862ce6f479d13f66cfb50e3126508b2a1cb1165fe1a7a6
gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm SHA-256: 83c619f93922fcd6f15d880b86927471477b2fcf63e13b946e86e15aa95c443c

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
gdk-pixbuf-0.22.0-17.el4.3.s390.rpm SHA-256: 9f1d8089b0ac19fc813a8e7cf9a9b20f6f516f82e0933dada05cb912ae68d3a2
gdk-pixbuf-0.22.0-17.el4.3.s390x.rpm SHA-256: 7655a2260fc8d7eb2a22dfcf133fbd7c5b9ad29c96e68ca9f5b8a7e1ed1d5e62
gdk-pixbuf-devel-0.22.0-17.el4.3.s390x.rpm SHA-256: 3305475b13bdd2714d6a9c0724f3da93dbd1e9c8889892542071c73aa6a427e9
s390
gdk-pixbuf-0.22.0-17.el4.3.s390.rpm SHA-256: 9f1d8089b0ac19fc813a8e7cf9a9b20f6f516f82e0933dada05cb912ae68d3a2
gdk-pixbuf-devel-0.22.0-17.el4.3.s390.rpm SHA-256: 07576452d7534bad174d938b1a985b6f10371e00fe8328e6f9bc06ee94a9b13b

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
gdk-pixbuf-0.22.0-17.el4.3.ppc.rpm SHA-256: 58b5a732c2adc5a89ad150452943a9cd0be0aa5b08a3e6867b7ad33e078f26cb
gdk-pixbuf-0.22.0-17.el4.3.ppc64.rpm SHA-256: 7b086d1a7331ff472c0ca1745fd60757b15a0d8236f789618e0fae0e19505020
gdk-pixbuf-devel-0.22.0-17.el4.3.ppc.rpm SHA-256: 0d7224ea8dd4036165b4565e220c0958f419e9e63675592dda26d3df73d113af

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.