Issued:: 2005-11-15
Updated:: 2005-11-15

RHSA-2005:811 - Security Advisory

Overview
Updated Packages

Synopsis

gtk2 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated gtk2 packages that fix two security issues are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating
graphical user interfaces for the X Window System.

A bug was found in the way gtk2 processes XPM images. An attacker could
create a carefully crafted XPM file in such a way that it could cause an
application linked with gtk2 to execute arbitrary code when the file was
opened by a victim. The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an infinite-loop denial of service bug in the way
gtk2 processes XPM images. An attacker could create a carefully crafted XPM
file in such a way that it could cause an application linked with gtk2 to
stop responding when the file was opened by a victim. The Common
Vulnerabilities and Exposures project has assigned the name CVE-2005-2975
to this issue.

Users of gtk2 are advised to upgrade to these updated packages, which
contain backported patches and are not vulnerable to these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 171073 - CVE-2005-3186 XPM buffer overflow
BZ - 171904 - CVE-2005-2975 gtk2 XPM DoS

CVEs

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
gtk2-2.4.13-18.src.rpm	SHA-256: 6430cc77b341cd24e47ea21b5fbadbd91a4aea3c81c17f102177b45f1e66d88b
x86_64
gtk2-2.4.13-18.i386.rpm	SHA-256: 5b8ebfaa4e5e43a2791c6f95a1b736230f7abdad3371cf17edaa2f6c2e78c2d3
gtk2-2.4.13-18.i386.rpm	SHA-256: 5b8ebfaa4e5e43a2791c6f95a1b736230f7abdad3371cf17edaa2f6c2e78c2d3
gtk2-2.4.13-18.x86_64.rpm	SHA-256: 17026a6a164d167f188ff124fbc1815858372b66519f878333b3caa90e640f89
gtk2-2.4.13-18.x86_64.rpm	SHA-256: 17026a6a164d167f188ff124fbc1815858372b66519f878333b3caa90e640f89
gtk2-devel-2.4.13-18.x86_64.rpm	SHA-256: 634bfd8a1b0f7cf41008f17d4433ab15c3bc92f64fbcab070b70cb154084d027
gtk2-devel-2.4.13-18.x86_64.rpm	SHA-256: 634bfd8a1b0f7cf41008f17d4433ab15c3bc92f64fbcab070b70cb154084d027
ia64
gtk2-2.4.13-18.i386.rpm	SHA-256: 5b8ebfaa4e5e43a2791c6f95a1b736230f7abdad3371cf17edaa2f6c2e78c2d3
gtk2-2.4.13-18.i386.rpm	SHA-256: 5b8ebfaa4e5e43a2791c6f95a1b736230f7abdad3371cf17edaa2f6c2e78c2d3
gtk2-2.4.13-18.ia64.rpm	SHA-256: 35353420129e2a88080ac536519e82d4fa6cc263d9cb4b10a0c58a846246c0fb
gtk2-2.4.13-18.ia64.rpm	SHA-256: 35353420129e2a88080ac536519e82d4fa6cc263d9cb4b10a0c58a846246c0fb
gtk2-devel-2.4.13-18.ia64.rpm	SHA-256: 7ac1fd72dd3d5af957629163ff9557c0317dcd6114cba473eec4a579849fc31a
gtk2-devel-2.4.13-18.ia64.rpm	SHA-256: 7ac1fd72dd3d5af957629163ff9557c0317dcd6114cba473eec4a579849fc31a
i386
gtk2-2.4.13-18.i386.rpm	SHA-256: 5b8ebfaa4e5e43a2791c6f95a1b736230f7abdad3371cf17edaa2f6c2e78c2d3
gtk2-2.4.13-18.i386.rpm	SHA-256: 5b8ebfaa4e5e43a2791c6f95a1b736230f7abdad3371cf17edaa2f6c2e78c2d3
gtk2-devel-2.4.13-18.i386.rpm	SHA-256: b1af4ec99efd5d542dd4fcbf693162ac85e98ccdad03b6694a54f2f341bf949a
gtk2-devel-2.4.13-18.i386.rpm	SHA-256: b1af4ec99efd5d542dd4fcbf693162ac85e98ccdad03b6694a54f2f341bf949a

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
gtk2-2.4.13-18.src.rpm	SHA-256: 6430cc77b341cd24e47ea21b5fbadbd91a4aea3c81c17f102177b45f1e66d88b
x86_64
gtk2-2.4.13-18.i386.rpm	SHA-256: 5b8ebfaa4e5e43a2791c6f95a1b736230f7abdad3371cf17edaa2f6c2e78c2d3
gtk2-2.4.13-18.x86_64.rpm	SHA-256: 17026a6a164d167f188ff124fbc1815858372b66519f878333b3caa90e640f89
gtk2-devel-2.4.13-18.x86_64.rpm	SHA-256: 634bfd8a1b0f7cf41008f17d4433ab15c3bc92f64fbcab070b70cb154084d027
ia64
gtk2-2.4.13-18.i386.rpm	SHA-256: 5b8ebfaa4e5e43a2791c6f95a1b736230f7abdad3371cf17edaa2f6c2e78c2d3
gtk2-2.4.13-18.ia64.rpm	SHA-256: 35353420129e2a88080ac536519e82d4fa6cc263d9cb4b10a0c58a846246c0fb
gtk2-devel-2.4.13-18.ia64.rpm	SHA-256: 7ac1fd72dd3d5af957629163ff9557c0317dcd6114cba473eec4a579849fc31a
i386
gtk2-2.4.13-18.i386.rpm	SHA-256: 5b8ebfaa4e5e43a2791c6f95a1b736230f7abdad3371cf17edaa2f6c2e78c2d3
gtk2-devel-2.4.13-18.i386.rpm	SHA-256: b1af4ec99efd5d542dd4fcbf693162ac85e98ccdad03b6694a54f2f341bf949a

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
gtk2-2.4.13-18.src.rpm	SHA-256: 6430cc77b341cd24e47ea21b5fbadbd91a4aea3c81c17f102177b45f1e66d88b
x86_64
gtk2-2.4.13-18.i386.rpm	SHA-256: 5b8ebfaa4e5e43a2791c6f95a1b736230f7abdad3371cf17edaa2f6c2e78c2d3
gtk2-2.4.13-18.x86_64.rpm	SHA-256: 17026a6a164d167f188ff124fbc1815858372b66519f878333b3caa90e640f89
gtk2-devel-2.4.13-18.x86_64.rpm	SHA-256: 634bfd8a1b0f7cf41008f17d4433ab15c3bc92f64fbcab070b70cb154084d027
i386
gtk2-2.4.13-18.i386.rpm	SHA-256: 5b8ebfaa4e5e43a2791c6f95a1b736230f7abdad3371cf17edaa2f6c2e78c2d3
gtk2-devel-2.4.13-18.i386.rpm	SHA-256: b1af4ec99efd5d542dd4fcbf693162ac85e98ccdad03b6694a54f2f341bf949a

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
gtk2-2.4.13-18.src.rpm	SHA-256: 6430cc77b341cd24e47ea21b5fbadbd91a4aea3c81c17f102177b45f1e66d88b
s390x
gtk2-2.4.13-18.s390.rpm	SHA-256: 73cd6f88a927acfb4424a3c80ead1e3b91498b535255033ea3654d08ca4a337b
gtk2-2.4.13-18.s390x.rpm	SHA-256: 0f0c53f95809f78b3862cfe15672a3526cf417393c88bad996ce4c1beb45fba3
gtk2-devel-2.4.13-18.s390x.rpm	SHA-256: 5747e1878fdb079dad55c1acc79f4dbf089634d05ed51d335501b36e2d15a850
s390
gtk2-2.4.13-18.s390.rpm	SHA-256: 73cd6f88a927acfb4424a3c80ead1e3b91498b535255033ea3654d08ca4a337b
gtk2-devel-2.4.13-18.s390.rpm	SHA-256: 0e4d6b4db98d3d66dea87cd5bfc80953a1182eea50d2f4c5e317d1fad7b697b8

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
gtk2-2.4.13-18.src.rpm	SHA-256: 6430cc77b341cd24e47ea21b5fbadbd91a4aea3c81c17f102177b45f1e66d88b
ppc
gtk2-2.4.13-18.ppc.rpm	SHA-256: 44a594ff4552589302a243dbbde8e5c69f4a9a7ddd1c3f7e82116ef0531e6ad2
gtk2-2.4.13-18.ppc64.rpm	SHA-256: 1e61ce18b6335fcdb4707b48a5eb8546b75dd5699dfdc51674e14cba5955a12e
gtk2-devel-2.4.13-18.ppc.rpm	SHA-256: 714bc16e8fdbcb264c2b4426035b061dcc7b2d5cab865f1ab84d2ddff6ad4e6a

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation