- --------------------------------------------------------------------------Debian Security Advisory DSA 911-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 29th, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------Package        : gtk+2.0
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-2975 CVE-2005-2976 CVE-2005-3186
BugTraq ID     : 15428
Debian Bug     : 339431

Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf
XPM image rendering library.  The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2005-2975

    Ludwig Nussel discovered an infinite loop when processing XPM
    images that allows an attacker to cause a denial of service via a
    specially crafted XPM file.

CVE-2005-2976

    Ludwig Nussel discovered an integer overflow in the way XPM images
    are processed that could lead to the execution of arbitrary code
    or crash the application via a specially crafted XPM file.

CVE-2005-3186

    "infamous41md" discovered an integer in the XPM processing routine
    that can be used to execute arbitrary code via a traditional heap
    overflow.

The following matrix explains which versions fix these problems:

             old stable (woody)    stable (sarge)   unstable (sid)
gdk-pixbuf     0.17.0-2woody3        0.22.0-8.1       0.22.0-11
gtk+2.0         2.0.2-5woody3         2.6.4-3.1        2.6.10-2

We recommend that you upgrade your gtk+2.0 packages.


Upgrade Instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------  Source archives:

          Size/MD5 checksum:      863 2c19c0b3843d6003e5561830e80aec28
          Size/MD5 checksum:    48155 4035c2ee98fd6c0dde2c6d73d252c6e4
          Size/MD5 checksum:  7835836 dc80381b84458d944c5300a1672c099c

  Architecture independent components:

          Size/MD5 checksum:  1379440 c1501024119c24ed506990384e52c660

  Alpha architecture:

          Size/MD5 checksum:   221376 ed09b3dbbed147b7be1820048f832593
          Size/MD5 checksum:     1104 ed3650ca259b534fc67c03a833a6a6f7
          Size/MD5 checksum:  1586026 7bda54cc76e8eefbb2395f397d3cc7c6
          Size/MD5 checksum:   595890 eca337b48cb5c2894bec95b0765ba65e
          Size/MD5 checksum:  5878258 5ea4f1fad5efe6d3344bfc13b3addc65
          Size/MD5 checksum:   178326 285885ccfc39722d26950f0bada6c867

  ARM architecture:

          Size/MD5 checksum:   215182 5be1bc9cfaa8086536f6e3a165fd930e
          Size/MD5 checksum:     1100 0a29371fc6cac98e6545ff12b76d7847
          Size/MD5 checksum:  1420128 02ddea0ef1473ea7775d912fb1e3b91c
          Size/MD5 checksum:   595368 ff659a4540d523aac34decb6eff1f297
          Size/MD5 checksum:  2903986 02aa5794bcfa4aa9599f7ce6f28f8d6d
          Size/MD5 checksum:   177280 309dd451617141fb027c9bcd033790ea

  Intel IA-32 architecture:

          Size/MD5 checksum:   215480 c82e1af319f9f5949caab2938717b8e4
          Size/MD5 checksum:     1106 9d59680c9fa9ba60219f296d7959726b
          Size/MD5 checksum:  1289508 e353ab4cf8ba7d8d3a85948d7160ce99
          Size/MD5 checksum:   595390 82104b484be3b874e0af857cb37a790b
          Size/MD5 checksum:  2722172 be34f43c3d39e4df7c9ac4ec558d8e75
          Size/MD5 checksum:   177124 0c6e637485b5925c10180483ed989ba4

  Intel IA-64 architecture:

          Size/MD5 checksum:   231234 1ca5b216a2567c33ac780304dba4be5d
          Size/MD5 checksum:     1100 15327d5515c0d1a161cc5b61b86b22ce
          Size/MD5 checksum:  2077588 901d4767fb27fe07d7ed13725ccdd2b8
          Size/MD5 checksum:   596730 fd38392178172446f0bc716061be5209
          Size/MD5 checksum:  9450266 a17f9d4a6dab77314a1b93549f10a3bd
          Size/MD5 checksum:   178702 a1f72b3672cd240cd911d6b3a451f80e

  HP Precision architecture:

          Size/MD5 checksum:   220956 edd51b44537f51e470d8b2943c309952
          Size/MD5 checksum:     1108 314dabcc5226bce8f63a8df5a252b584
          Size/MD5 checksum:  1718118 ca53b11b4294c94ff8c4f9f72437b6e7
          Size/MD5 checksum:   595688 50571f1e4793bdc9e169132defa1693a
          Size/MD5 checksum:  3317050 fef66e14343d589e06cb244b6374bb38
          Size/MD5 checksum:   177778 718d0b01ad8a46e50dd28b7999a84231

  Motorola 680x0 architecture:

          Size/MD5 checksum:   215174 2fb7d0afdfac137895e5fb343f6861f9
          Size/MD5 checksum:     1106 fac1df7c4af7bc5b21680a3a6644ce67
          Size/MD5 checksum:  1331670 f55e5b35c28b2639eb13dc9bb32f1347
          Size/MD5 checksum:   595384 b36ebd35c01f490348ed9817079700d6
          Size/MD5 checksum:  2833584 c18bb1755fb31d6da4f8093fe3c03060
          Size/MD5 checksum:   177022 a159f5a1121c260673aee75b2e5bea2d

  Big endian MIPS architecture:

          Size/MD5 checksum:   216496 c38396a00cb755ddaddc8047329a664a
          Size/MD5 checksum:     1104 23407e61f23a3021ebd5871871013773
          Size/MD5 checksum:  1384584 f740703f3077ecfce8c41f264a63cf1a
          Size/MD5 checksum:   595738 0ae33fcedb001ade8548419a11492707
          Size/MD5 checksum:  4934158 4289111f54a5c6023dfe37b081a8a22a
          Size/MD5 checksum:   177506 e9f92a71bd505feb58ffe7e131e4244e

  Little endian MIPS architecture:

          Size/MD5 checksum:   216170 16933f5e26cf8aa335958943e4a8bd98
          Size/MD5 checksum:     1104 23657699ac0cced8d77adb7baffe1e78
          Size/MD5 checksum:  1375132 9d605722fdab1a9dd5f9830af7da0e67
          Size/MD5 checksum:   595706 648f12a77e737b06e14797407f6617ca
          Size/MD5 checksum:  4789004 398536470f317e5e2d3f50fdfaab1bc5
          Size/MD5 checksum:   177480 12f2e0288223289532430e4c96f76fd2

  PowerPC architecture:

          Size/MD5 checksum:   215246 bac105a786f6085110017cbfbc001ffb
          Size/MD5 checksum:     1106 2e1df3200d2fa60f1480e8a62515d50d
          Size/MD5 checksum:  1505610 9560968696c020d1d4b0d76fa07844d0
          Size/MD5 checksum:   595432 12b496e50c8bd7c822d0e05fa378f6df
          Size/MD5 checksum:  2980722 d112daa322581d876b7875f05f02aeca
          Size/MD5 checksum:   177308 b192c4a7e154ac33571a0c0b31a2f5ac

  IBM S/390 architecture:

          Size/MD5 checksum:   218074 f82c50d7854a0b52005d702f6f969d64
          Size/MD5 checksum:     1102 43c949763c6a96d0e6cb9ec1f24c388d
          Size/MD5 checksum:  1447638 47636343d961b7a0a64c006dd97a15a2
          Size/MD5 checksum:   595634 097a1c2b9090ede08fd57cd7c4b7c0bd
          Size/MD5 checksum:  3004574 56fbb2eb95210ce8547ccbaab380df19
          Size/MD5 checksum:   177374 d6e449c54fa3ae768932382b09801ed8

  Sun Sparc architecture:

          Size/MD5 checksum:   216190 70d05edded855a56b8ed92b735a54e1b
          Size/MD5 checksum:     1104 35d308fd4d0171f8363f09cfce189f63
          Size/MD5 checksum:  1434226 7b892592d104c9965240d6ac66bca9ba
          Size/MD5 checksum:   595324 1392262c2a82832aae38b5c78f04f3bb
          Size/MD5 checksum:  2872174 6ead4c78c5cc9c008cd4f05ab3823ba3
          Size/MD5 checksum:   177182 2be94de14832d7bf602c942fea220204


Debian GNU/Linux 3.1 alias sarge
- --------------------------------  Source archives:

          Size/MD5 checksum:     2000 876d42d456f4c65949fe326d4603d0a6
          Size/MD5 checksum:    49387 743d43246b74d208e704b0a8212625df
          Size/MD5 checksum: 16354198 a3ab72c9c80384fb707b992eb8b43c13

  Architecture independent components:

          Size/MD5 checksum:  2983652 b84d91a0e62bc5294208e39a10d8f875
          Size/MD5 checksum:  2317798 2b12f72ddc801222745fba5784f0d30a

  Alpha architecture:

          Size/MD5 checksum:    62274 8efa86fa72b71c8e1ffdcf569bdd3bf9
          Size/MD5 checksum:   268572 aa3ae47b77c14ae4e1763c8199994264
          Size/MD5 checksum:  2463284 b46cb55a251b626f39c88484175a4eda
          Size/MD5 checksum: 17691386 e42711f63e75be8961dd277a882c6331
          Size/MD5 checksum:    20884 a150efa24ea5521aac282fb289f7cb90
          Size/MD5 checksum:  8475038 57a1cdf6dd1a43188bdab145f472ee75

  AMD64 architecture:

          Size/MD5 checksum:    55272 4807db987b4f1ae1a1ce83f995e15b85
          Size/MD5 checksum:   263204 ec67df85400b5970d1d983928537e5cf
          Size/MD5 checksum:  2199236 84e0e79ee05b3f8368e28a3f7566df45
          Size/MD5 checksum: 17653866 b0c569bd51812ed574e59095637d6e73
          Size/MD5 checksum:    19672 6909052aa7ba8ee968b58b8e89bf2388
          Size/MD5 checksum:  7615034 65cf59aefee1022990492a18d4a132ab

  ARM architecture:

          Size/MD5 checksum:    52910 b44bfd00c91685e787729ab6e3f7e9a6
          Size/MD5 checksum:   255640 1e9e352aeaf2652cfe18dcfa69668543
          Size/MD5 checksum:  2042744 f23c0f10108b093dd7159f2fc250f54e
          Size/MD5 checksum: 17599402 b2db72cde1646ff9c137db8d4c519e86
          Size/MD5 checksum:    18138 f77d55c822f498beefb001ec9cc469fa
          Size/MD5 checksum:  7478104 89254e98a3da4f85de96a84b927cbde9

  Intel IA-32 architecture:

          Size/MD5 checksum:    51142 54ac82ff996e06087721a12edca85ca0
          Size/MD5 checksum:   260184 9562defc5dd5d78d3eac97ac79c0f1b6
          Size/MD5 checksum:  2097270 8dedb3a4d88d4aeb64f0b3be221b25e2
          Size/MD5 checksum: 17534636 1f90e641d602fb9aef7233c8f2fdc374
          Size/MD5 checksum:    18194 eb658bed31f5fa07d5ac7fe194dbd50e
          Size/MD5 checksum:  7234930 bb53cc8a482cf455ea1b0c913d6cd2cb

  Intel IA-64 architecture:

          Size/MD5 checksum:    68508 d73110728702e8c59323435310b78aa2
          Size/MD5 checksum:   276954 94f3ec8cdf10daa527e65993f39834ad
          Size/MD5 checksum:  2894720 05a6507d6de9eaebd36168a293b8077d
          Size/MD5 checksum: 17741224 ad54e2f45926cd52618f0eecdd9ebe34
          Size/MD5 checksum:    22406 bc869ec76246419c8d0921b8cd79942b
          Size/MD5 checksum:  8622734 06e087a2328df617cc742e301df62753

  HP Precision architecture:

          Size/MD5 checksum:    60060 99a7e167fcba943ebeff9f4268055623
          Size/MD5 checksum:   263712 2cbbaede3e2498c6a7a27cf6b36186e2
          Size/MD5 checksum:  2464528 bbf763c89d4f57fcd9e00b679d5d28ac
          Size/MD5 checksum: 17801132 f1ee34b603b0fd82d0f5c884a80b65c3
          Size/MD5 checksum:    19744 13930708ce9c937d039755ee09a65324
          Size/MD5 checksum:  8408548 321bc004724d528e249865c03a4e6aab

  Motorola 680x0 architecture:

          Size/MD5 checksum:    47752 8721dd7e1931aefd72ff6c23e667355a
          Size/MD5 checksum:   255414 b8e6fd4222ca20dec668bfab34024211
          Size/MD5 checksum:  2045046 a74b3ecc5d12d6566bb3def13eea2ee4
          Size/MD5 checksum: 17822784 dccea1d9ae943c4efaf1f556c5e7d16c
          Size/MD5 checksum:    18100 e2fcdfba8eae770d0d091a16147b02be
          Size/MD5 checksum:  7584802 a8f06db2e97fdca5d7131641cb87e6fc

  Big endian MIPS architecture:

          Size/MD5 checksum:    55698 2e233ae546e0e6bd0b0b0acdb97dc280
          Size/MD5 checksum:   259924 3290adf3c203e0d44ba2a80f8bbb4f6e
          Size/MD5 checksum:  2122598 205e050434251cc386a5ed78f1be4dec
          Size/MD5 checksum: 17885036 ef05b92517ee66fea11ad51e8737d9b6
          Size/MD5 checksum:    22858 58f33e26cba9e2c570aa3f71c4a86d1b
          Size/MD5 checksum:  8298762 f5eb185ce2ff53a530ee35b7aadd0d69

  Little endian MIPS architecture:

          Size/MD5 checksum:    55630 3ffbc3c391c376a88b59127dbd3d9811
          Size/MD5 checksum:   259836 605358dfcd79e6d26af498a71266df91
          Size/MD5 checksum:  2123080 91894a08c3dc6607e27c373281b6d9c8
          Size/MD5 checksum: 17651848 1db2645552e19d37204c58a671ef89b6
          Size/MD5 checksum:    22924 d6f5ba287f9569a3c45d14253895cf22
          Size/MD5 checksum:  7745414 985800b5a5e3ffab531efefa2b896d2b

  PowerPC architecture:

          Size/MD5 checksum:    56914 ab390a6e0de776bfe600d9fda732152a
          Size/MD5 checksum:   260204 e89efb3f0c1b01d1230efbf4e40c7e8b
          Size/MD5 checksum:  2187944 66fc71b309ffa82890c607cd99a4fdf2
          Size/MD5 checksum: 28593970 dc9734cbb0718815e33808ca4f82a143
          Size/MD5 checksum:    22188 1e9a28597a9b214424878199b40e9fef
          Size/MD5 checksum:  8260248 d9407df720a9bc7ebfdfea5e9be20a2d

  IBM S/390 architecture:

          Size/MD5 checksum:    55302 5a77b24f45d5a31c0cdd4ad24a3e0666
          Size/MD5 checksum:   262564 75f285e192a63e8342fcd59f7e4b503f
          Size/MD5 checksum:  2294784 4781127b291fe5ece91dc62c32f89757
          Size/MD5 checksum: 18179652 087628d587f2c29d5a996778d99f1352
          Size/MD5 checksum:    19580 002d9074502272e35fb17f26cd1497a1
          Size/MD5 checksum:  8354106 f86a8301975bbd943bba7af3bb625ae3

  Sun Sparc architecture:

          Size/MD5 checksum:    50952 0670511a0028098bb2b7e8a91d195220
          Size/MD5 checksum:   256562 d35492a1f6de84c96ea0f31ebf250c4c
          Size/MD5 checksum:  2137976 d2d31e848e05dc062336f80d3bdb310a
          Size/MD5 checksum: 17714380 0ae0a52d3c00e951b1b9d737d94d19a5
          Size/MD5 checksum:    17894 b9628edefc91fa4101780b56c69c86a8
          Size/MD5 checksum:  7951126 87b73953c3fa278472e0b4150c160326


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New gtk+2.0 packages fix several vulnerabilities

November 29, 2005
Updated package.

Summary

Severity

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved