Debian: DSA 911-1 Critical: Gtk+2.0 Remote Threats and Fixes
debian
November 29, 2005
Updated package.
Summary
Ludwig Nussel discovered an infinite loop when processing XPM
images that allows an attacker to cause a denial of service via a
specially crafted XPM file.
CVE-2005-2976
Ludwig Nussel discovered an integer overflow in the way XPM images
are processed that could lead to the execution of arbitrary code
or crash the application via a specially crafted XPM file.
CVE-2005-3186
"infamous41md" discovered an integer in the XPM processing routine
that can be used to execute arbitrary code via a traditional heap
overflow.
The following matrix explains which versions fix these problems:
old stable (woody) stable (sarge) unstable (sid)
gdk-pixbuf 0.17.0-2woody3 0.22.0-8.1 0.22.0-11
gtk+2.0 2.0.2-5woody3 2.6.4-3.1 2.6.10-2
We recommend that you upgrade your gtk+2.0 packages.
Upgrade Instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will in...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!