1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
5 |
Gentoo Linux Security Advisory GLSA 200409-28 |
6 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
7 |
http://security.gentoo.org/ |
8 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
9 |
|
10 |
Severity: Normal |
11 |
Title: GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities |
12 |
Date: September 21, 2004 |
13 |
Bugs: #64230 |
14 |
ID: 200409-28 |
15 |
|
16 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
17 |
|
18 |
Synopsis |
19 |
======== |
20 |
|
21 |
The GdkPixbuf library, which is also included in GTK+ 2, contains |
22 |
several vulnerabilities that could lead to a Denial of Service or the |
23 |
execution of arbitrary code. |
24 |
|
25 |
Background |
26 |
========== |
27 |
|
28 |
GTK+ (GIMP Toolkit +) is a toolkit for creating graphical user |
29 |
interfaces. The GdkPixbuf library provides facilities for image |
30 |
handling. It is available as a standalone library as well as shipped |
31 |
with GTK+ 2. |
32 |
|
33 |
Affected packages |
34 |
================= |
35 |
|
36 |
------------------------------------------------------------------- |
37 |
Package / Vulnerable / Unaffected |
38 |
------------------------------------------------------------------- |
39 |
1 x11-libs/gtk+ < 2.4.9-r1 >= 2.4.9-r1 |
40 |
< 2.0.0 |
41 |
2 media-libs/gdk-pixbuf < 0.22.0-r3 >= 0.22.0-r3 |
42 |
------------------------------------------------------------------- |
43 |
2 affected packages on all of their supported architectures. |
44 |
------------------------------------------------------------------- |
45 |
|
46 |
Description |
47 |
=========== |
48 |
|
49 |
A vulnerability has been discovered in the BMP image preprocessor |
50 |
(CAN-2004-0753). Furthermore, Chris Evans found a possible integer |
51 |
overflow in the pixbuf_create_from_xpm() function, resulting in a heap |
52 |
overflow (CAN-2004-0782). He also found a potential stack-based buffer |
53 |
overflow in the xpm_extract_color() function (CAN-2004-0783). A |
54 |
possible integer overflow has also been found in the ICO decoder. |
55 |
|
56 |
Impact |
57 |
====== |
58 |
|
59 |
With a specially crafted BMP image an attacker could cause an affected |
60 |
application to enter an infinite loop when that image is being |
61 |
processed. Also, by making use of specially crafted XPM or ICO images |
62 |
an attacker could trigger the overflows, which potentially allows the |
63 |
execution of arbitrary code. |
64 |
|
65 |
Workaround |
66 |
========== |
67 |
|
68 |
There is no known workaround at this time. |
69 |
|
70 |
Resolution |
71 |
========== |
72 |
|
73 |
All GTK+ 2 users should upgrade to the latest version: |
74 |
|
75 |
# emerge sync |
76 |
|
77 |
# emerge -pv ">=x11-libs/gtk+-2.4.9-r1" |
78 |
# emerge ">=x11-libs/gtk+-2.4.9-r1" |
79 |
|
80 |
All GdkPixbuf users should upgrade to the latest version: |
81 |
|
82 |
# emerge sync |
83 |
|
84 |
# emerge -pv ">=media-libs/gdk-pixbuf-0.22.0-r3" |
85 |
# emerge ">=media-libs/gdk-pixbuf-0.22.0-r3" |
86 |
|
87 |
References |
88 |
========== |
89 |
|
90 |
[ 1 ] CAN-2004-0753 |
91 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753 |
92 |
[ 2 ] CAN-2004-0782 |
93 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0782 |
94 |
[ 3 ] CAN-2004-0783 |
95 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0783 |
96 |
[ 4 ] CAN-2004-0788 |
97 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0788 |
98 |
[ 5 ] GNOME Bug 150601 |
99 |
http://bugzilla.gnome.org/show_bug.cgi?id=150601 |
100 |
|
101 |
Availability |
102 |
============ |
103 |
|
104 |
This GLSA and any updates to it are available for viewing at |
105 |
the Gentoo Security Website: |
106 |
|
107 |
http://security.gentoo.org/glsa/glsa-200409-28.xml |
108 |
|
109 |
Concerns? |
110 |
========= |
111 |
|
112 |
Security is a primary focus of Gentoo Linux and ensuring the |
113 |
confidentiality and security of our users machines is of utmost |
114 |
importance to us. Any security concerns should be addressed to |
115 |
security@g.o or alternatively, you may file a bug at |
116 |
http://bugs.gentoo.org. |
117 |
|
118 |
License |
119 |
======= |
120 |
|
121 |
Copyright 2004 Gentoo Foundation, Inc; referenced text |
122 |
belongs to its owner(s). |
123 |
|
124 |
The contents of this document are licensed under the |
125 |
Creative Commons - Attribution / Share Alike license. |
126 |
|
127 |
http://creativecommons.org/licenses/by-sa/1.0 |
128 |
|
129 |
-----BEGIN PGP SIGNATURE----- |
130 |
Version: GnuPG v1.2.4 (GNU/Linux) |
131 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
132 |
|
133 |
iD8DBQFBUJRYvcL1obalX08RAgzmAKCQVANOb5xzqSuAkRvk37qnaiDW8wCfdl0i |
134 |
XiGYgw/NB9bYGng5/0foFT0= |
135 |
=eRg1 |
136 |
-----END PGP SIGNATURE----- |