Debian: gdk-pixbuf several vulnerabilities

    Date16 Sep 2004
    CategoryDebian
    2915
    Posted ByLinuxSecurity Advisories
    Chris Evans discovered several problems in gdk-pixbuf, the GdkPixBuflibrary used in Gtk.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 546-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    September 16th, 2004                     http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : gdk-pixbuf
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0753 CAN-2004-0782 CAN-2004-0788
    
    Chris Evans discovered several problems in gdk-pixbuf, the GdkPixBuf
    library used in Gtk.  It is possible for an attacker to execute
    arbitrary code on the victims machine.  Gdk-pixbuf for Gtk+1.2 is an
    external package.  For Gtk+2.0 it's part of the main gtk package.
    
    The Common Vulnerabilities and Exposures Project identifies the
    following vulnerabilities:
    
    CAN-2004-0753
    
        Denial of service in bmp loader.
    
    CAN-2004-0782
    
        Heap-based overflow in pixbuf_create_from_xpm.
    
    CAN-2004-0788
    
        Integer overflow in the ico loader.
    
    For the stable distribution (woody) these problems have been fixed in
    version 0.17.0-2woody2.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 0.22.0-7.
    
    We recommend that you upgrade your gdk-pixbuf packages.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody2.dsc
          Size/MD5 checksum:      706 3cc56516d717be2ce80caf00a7801748
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody2.diff.gz
          Size/MD5 checksum:    19285 a5a7762e36a8b172f9e66709ec23adcd
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0.orig.tar.gz
          Size/MD5 checksum:   547194 021914ad9104f265527c28220315e542
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_alpha.deb
          Size/MD5 checksum:   177060 279cbc10c636658467f3f0399aa143b7
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_alpha.deb
          Size/MD5 checksum:     9722 43600435d5bc6aab0613544693151248
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_alpha.deb
          Size/MD5 checksum:     8874 81163f83dd6375b295bcd080293b508a
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_alpha.deb
          Size/MD5 checksum:   193636 7f2f524d42131e607ee0fdf7eab21c8e
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_arm.deb
          Size/MD5 checksum:   156888 247743e5c98c50c236fe8881d525a9e2
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_arm.deb
          Size/MD5 checksum:     8142 5763a1963ad9544d4e6825eaa5787047
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_arm.deb
          Size/MD5 checksum:     7288 e7dddce3c14109a08b6bcd1ca2b7495c
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_arm.deb
          Size/MD5 checksum:   161318 79938be443732c5f7add7c54984c8771
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_i386.deb
          Size/MD5 checksum:   147634 a8acb10f8485d0f46257a06a8a07bb45
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_i386.deb
          Size/MD5 checksum:     7602 2ce52283726d0ac94f4db8075eec6f24
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_i386.deb
          Size/MD5 checksum:     7146 a0cf92a722c6125c2c4de312f25283e9
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_i386.deb
          Size/MD5 checksum:   151454 83e9903d762952eb4f37a8894db27113
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_ia64.deb
          Size/MD5 checksum:   194964 5bcf490f3b65cbe85f25fedda3ad9bca
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_ia64.deb
          Size/MD5 checksum:    11016 c43a72253d262d345fe18a6af37a8463
          Size/MD5 checksum:    11016 c43a72253d262d345fe18a6af37a8463
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_ia64.deb
          Size/MD5 checksum:    11070 e9a001c2709caa51b8093942711647e4
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_ia64.deb
          Size/MD5 checksum:   229470 ed2b1e4cb830bf7b6518580560e948cf
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_hppa.deb
          Size/MD5 checksum:   181318 1be47304016ae08cb2aaf874a1c23595
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_hppa.deb
          Size/MD5 checksum:     9638 5eb751003626768ca9c5162a6c956748
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_hppa.deb
          Size/MD5 checksum:     9314 cbe69c3c2aa9f111f225da90b1f88142
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_hppa.deb
          Size/MD5 checksum:   189910 2d63ccaa4567281505319e570eb28052
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_m68k.deb
          Size/MD5 checksum:   142148 2b56601acbdbe62447a0b8222f04f32d
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_m68k.deb
          Size/MD5 checksum:     7308 f105f85118d7d2e7e64beb15f1edfd3a
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_m68k.deb
          Size/MD5 checksum:     7030 c99be5492c71c4b06ec47a0e131f910d
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_m68k.deb
          Size/MD5 checksum:   156408 5f844e43fb3645802a9cf0848e929074
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_mips.deb
          Size/MD5 checksum:   167560 8cc8f41bbe9b5e8bc5a16fd4bd2355e9
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_mips.deb
          Size/MD5 checksum:     9566 996c4d6ba55b275f67e129312775866f
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_mips.deb
          Size/MD5 checksum:     8270 b7ceb187fdb72c6d2f9190c4e1ac6803
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_mips.deb
          Size/MD5 checksum:   165278 247d7804a0d275c9f06b6a70fba5c990
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_mipsel.deb
          Size/MD5 checksum:   168116 fff2704f2ab052b09c6efe885fc4ac9b
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_mipsel.deb
          Size/MD5 checksum:     9482 915611160e8c6e7b56a63b405705e2cc
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_mipsel.deb
          Size/MD5 checksum:     8122 cedb46e7c6949508455b4e2cf6d2ab64
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_mipsel.deb
          Size/MD5 checksum:   165452 95ef85acba0495ea804dbceaa3d194f9
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_powerpc.deb
          Size/MD5 checksum:   166110 76dfd7b42b1f2980a888505461b1fba5
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_powerpc.deb
          Size/MD5 checksum:     9248 b6979133bf009a1b34ef00407546563c
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_powerpc.deb
          Size/MD5 checksum:     8072 1dc256cb98fcef2f2fe66d887dbe3f1d
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_powerpc.deb
          Size/MD5 checksum:   171118 f75945d7015087d7671512d7c843889c
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_s390.deb
          Size/MD5 checksum:   153494 02968dda9991f11e736a8f67ab31041f
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_s390.deb
          Size/MD5 checksum:     7858 2fede104ce269e4c2c7d86f18368a181
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_s390.deb
          Size/MD5 checksum:     7564 626a7c5fa143002b72930b08d0259b8f
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_s390.deb
          Size/MD5 checksum:   167354 abd0019162d198d1e6485a8661cc17c9
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_sparc.deb
          Size/MD5 checksum:   161154 64d01e6702c95b8dec9e21e9cd846527
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_sparc.deb
          Size/MD5 checksum:     8270 45fcd5861d90a258b715ed7ad8458bab
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_sparc.deb
          Size/MD5 checksum:     7502 04cd802ed9d51e1889a3200bd28990ca
         http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_sparc.deb
          Size/MD5 checksum:   167018 b1009ca14d8ef9f42a6568d6ac7f3e81
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.