Fedora Core 2 gdk-pixbuf Critical Update: BMP DoS Risk and Mitigation

The gdk-pixbuf package contains an image loading library used with the

GNOME GUI desktop environment. The GdkPixBuf library provides image

loading facilities, the rendering of a GdkPixBuf into various formats

(drawables or GdkRGB buffers), and a cache interface.

David Costanzo found a bug in the way gdk-pixbuf processes BMP images.

It is possible that a specially crafted BMP image could cause a denial

of service attack in applications linked against gdk-pixbuf.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the name CAN-2005-0891 to this issue.

- Fix a double free in the bmp loader

a0ba48a2695141af2d4a0f7ff3218062 SRPMS/gdk-pixbuf-0.22.0-12.fc2.src.rpm

c1dc4fe31433159afb6bcfdd98dd84a2 x86_64/gdk-pixbuf-0.22.0-12.fc2.x86_64.rpm

c561473d5921958c2aa7aed692671933 x86_64/gdk-pixbuf-devel-0.22.0-12.fc2.x86_64.rpm

eb0fae059933dd9613048b4dfaa73d6f x86_64/gdk-pixbuf-gnome-0.22.0-12.fc2.x86_64.rpm

886d8069570a4202bfbcb6304203fd5a x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-12.fc2.x86_64.rpm

f56442e8a45c71b7004373b94acf5a9f i386/gdk-pixbuf-0.22.0-12.fc2.i386.rpm

0b16b3e1d3223b91728211fa311e8d72 i386/gdk-pixbuf-devel-0.22.0-12.fc2.i386.rpm

19ea2d840949337df59ccbe8e3303648 i386/gdk-pixbuf-gnome-0.22.0-12.fc2.i386.rpm

a64d219947db70a88a5a29f1fba24227 i386/debug/gdk-pixbuf-debuginfo-0.22.0-12.fc2.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

--fedora-announce-list mailing list

fedora-announce-list@redhat.com