Debian: New gtk+2.0 packages fix denial of service

    Date31 Jan 2007
    CategoryDebian
    3961
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1256-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    January 31st, 2007                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : gtk+2.0
    Vulnerability  : programming error
    Problem-Type   : local(remote)
    Debian-specific: no
    CVE ID         : CVE-2007-0010
    
    It was discovered that the image loading code in the GTK+ graphical user
    interface library performs insufficient error handling when loading
    malformed images, which may lead to denial of service.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 2.6.4-3.2. This update lacks builds for the Motorola 680x0
    architecture, which had build problems. Packages will be released once
    this problem has been resolved.
    
    For the upcoming stable distribution (etch) this problem has been
    fixed in version 2.8.20-5.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 2.8.20-5.
    
    We recommend that you upgrade your GTK packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.2.dsc
          Size/MD5 checksum:     2000 924fc66562da7adbee73a2a4108234d0
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.2.diff.gz
          Size/MD5 checksum:    50209 d4acaa3b9b173c72a8f12e4cd4d58ad3
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4.orig.tar.gz
          Size/MD5 checksum: 16354198 a3ab72c9c80384fb707b992eb8b43c13
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.6.4-3.2_all.deb
          Size/MD5 checksum:  2983824 9f8755d13ddee3b68519efef0978ec7e
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-doc_2.6.4-3.2_all.deb
          Size/MD5 checksum:  2317902 c52db4b0b9eb0380773fa123fb1a2a27
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_alpha.deb
          Size/MD5 checksum:    62362 8329abe98a8ef77265a3b0432348a959
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_alpha.deb
          Size/MD5 checksum:   268654 460bc578a95bbff65548415a5dbd8ed5
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_alpha.deb
          Size/MD5 checksum:  2463370 bb69500b048169b06705e7a8ccddba35
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_alpha.deb
          Size/MD5 checksum: 17691526 ce653b8fc37602e34357df4700072b11
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_alpha.deb
          Size/MD5 checksum:    20892 259d0b5099956fe0d66c91272668dfb8
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_alpha.deb
          Size/MD5 checksum:  8474916 2ee3472499398fbb3f1af4c678e48ac2
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_amd64.deb
          Size/MD5 checksum:    55360 3dc0816c858b6647586ad3fb63aae82a
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_amd64.deb
          Size/MD5 checksum:   263278 c8280b595f948d9a1c4a1c7d8a5b9cfe
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_amd64.deb
          Size/MD5 checksum:  2199372 8aa43980bef83c37338ab162067d7b75
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_amd64.deb
          Size/MD5 checksum: 17653842 ac4608896615e56dccfddb0a0d355b01
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_amd64.deb
          Size/MD5 checksum:    19672 8cabd1fe124c2b6c6d3e04a71603ef8a
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_amd64.deb
          Size/MD5 checksum:  7614800 b8d4a474e7b1e2ae5edcb7ec6821a577
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_arm.deb
          Size/MD5 checksum:    53000 d510854eb1715dd2d88e9bbf9ef349bd
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_arm.deb
          Size/MD5 checksum:   255736 3a9dd5d0ecbd3527c7befb5cdcf69829
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_arm.deb
          Size/MD5 checksum:  2042846 e70a73ee37ed16d78d5a357255ee9107
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_arm.deb
          Size/MD5 checksum: 17600310 69ed671651d67bd4ae4ee991b28f24d2
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_arm.deb
          Size/MD5 checksum:    18138 0cd346721990a27af05d0e2f8b44b845
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_arm.deb
          Size/MD5 checksum:  7478086 c361a462643199bd2a0820eacb689db4
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_hppa.deb
          Size/MD5 checksum:    60146 94d96f02508f86bfd25754d389b39376
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_hppa.deb
          Size/MD5 checksum:   263780 0eae29cb6a6f759b814ee87dd6fca132
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_hppa.deb
          Size/MD5 checksum:  2464550 6e07695c5ed60aa1e78ca0092b7c0e73
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_hppa.deb
          Size/MD5 checksum: 17799816 06bef4d2269ba875858a1a3ea382842a
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_hppa.deb
          Size/MD5 checksum:    19742 62ce04f11cab334cb459865792c2d30e
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_hppa.deb
          Size/MD5 checksum:  8408492 3ba1603539d75d948433d2d75fbc4141
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_i386.deb
          Size/MD5 checksum:    51242 6abfee5cca9f6c930ad48493e344fd1e
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_i386.deb
          Size/MD5 checksum:   260274 e3a7fdc0529b0c3343df40e525a2f4a6
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_i386.deb
          Size/MD5 checksum:  2097386 e91b7d11055b80948a9bc52009115e17
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_i386.deb
          Size/MD5 checksum: 17543668 c15a4345d83d0f911df0d0d59d469f3e
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_i386.deb
          Size/MD5 checksum:    18198 1741bd4b6d0f0b9f514858feedafc9f6
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_i386.deb
          Size/MD5 checksum:  7234616 6a32a399f590404f9dc89ef615217b69
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_ia64.deb
          Size/MD5 checksum:    68604 8a2ef1af240960f37b3db020268f7d61
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_ia64.deb
          Size/MD5 checksum:   277030 536d97b01743ec867daaa3d476e2049b
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_ia64.deb
          Size/MD5 checksum:  2894772 4f315bc6c70d81eba08bd6bb0501357b
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_ia64.deb
          Size/MD5 checksum: 17740612 4db7b4bd7de9db2abfa261e495aba932
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_ia64.deb
          Size/MD5 checksum:    22398 bbbe5290b52e2eb4c1aa7c0437a73033
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_ia64.deb
          Size/MD5 checksum:  8622502 4c4739493cb3684fcb2f1a0f2c0e8810
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_mips.deb
          Size/MD5 checksum:    55786 01929f626d18789cb9884c54029f789f
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_mips.deb
          Size/MD5 checksum:   260016 7fd9a2f1e3f92a0b63269e39d31e1584
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_mips.deb
          Size/MD5 checksum:  2122748 dcfd0e6f9888ff2cb07c5008d5c22619
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_mips.deb
          Size/MD5 checksum: 17886428 73169d84d449f63802d7b432179b5536
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_mips.deb
          Size/MD5 checksum:    22852 709c36059d01add78dc19264e6ee0781
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_mips.deb
          Size/MD5 checksum:  8298850 d5f8cec256ec2dc7d3d397f5b971aee2
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_mipsel.deb
          Size/MD5 checksum:    55718 7edfce371461c4b66f98d10ee8b6f6df
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_mipsel.deb
          Size/MD5 checksum:   259914 7d221db5e02fc9429875ad569a540c66
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_mipsel.deb
          Size/MD5 checksum:  2123176 5e0270b0e509d278a30b4148e8a08812
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_mipsel.deb
          Size/MD5 checksum: 17655176 8edfc3ef071c3c56a8d617793cfb4a0e
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_mipsel.deb
          Size/MD5 checksum:    22922 2abaf513ddc723b9025aedf739b4ea83
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_mipsel.deb
          Size/MD5 checksum:  7745332 8a2e0f5550ac277092d5e6cdf9aa970f
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_powerpc.deb
          Size/MD5 checksum:    57000 3671e0e658dd7166faf9d79e518235f7
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_powerpc.deb
          Size/MD5 checksum:   260260 e69a7b4198b91c990e5f72a78084a85d
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_powerpc.deb
          Size/MD5 checksum:  2188036 14a7b08719149d6a1b8e281a62dad948
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_powerpc.deb
          Size/MD5 checksum: 28599066 a5eb56399191742e2ddc583493d3d3d1
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_powerpc.deb
          Size/MD5 checksum:    22186 278f93c9b7e12e45aae1d056578d71b2
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_powerpc.deb
          Size/MD5 checksum:  8260218 9089ba673c623f7173d08f9737c49d62
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_s390.deb
          Size/MD5 checksum:    55380 d74e201e96cdd6517225f743b70812e2
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_s390.deb
          Size/MD5 checksum:   262600 8b8a638168ddab2d581f1b0e0258d41c
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_s390.deb
          Size/MD5 checksum:  2294780 ec24c79be145e2a4a658cbec5fd4a457
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_s390.deb
          Size/MD5 checksum: 18179444 9e164ffb449afbb48aee5c5dbca06077
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_s390.deb
          Size/MD5 checksum:    19570 1619385d8151f92e61bb00eae2a65e71
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_s390.deb
          Size/MD5 checksum:  8354034 02cfaeccd47acd70e204235f610f05b6
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_sparc.deb
          Size/MD5 checksum:    51056 78f0c84fdc078e5e077b4b51a2a261f7
        http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_sparc.deb
          Size/MD5 checksum:   256648 cfcba8eaf83b5e337fca19ba6a55ecae
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_sparc.deb
          Size/MD5 checksum:  2138170 42c3fdc3035380580ffc2a7af02ad024
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_sparc.deb
          Size/MD5 checksum: 17712686 2fe26171dddc6bbde157ef6bcf9532fc
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_sparc.deb
          Size/MD5 checksum:    17894 ccb283bc384929708635dc6665502da0
        http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_sparc.deb
          Size/MD5 checksum:  7951170 764770b52e0e84b9dc192a4bc2ec75f8
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"14","type":"x","order":"1","pct":53.85,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":30.77,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.