Fedora: gdk-pixbuf 0.22.0 Critical DoS Risk from BMP Images

The gdk-pixbuf package contains an image loading library used with the

GNOME GUI desktop environment. The GdkPixBuf library provides image

loading facilities, the rendering of a GdkPixBuf into various formats

(drawables or GdkRGB buffers), and a cache interface.

David Costanzo found a bug in the way gdk-pixbuf processes BMP images.

It is possible that a specially crafted BMP image could cause a denial

of service attack in applications linked against gdk-pixbuf.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the name CAN-2005-0891 to this issue.

- Fix a double free in the bmp loader

140402ef3823af459027e7eec1fb4a31 SRPMS/gdk-pixbuf-0.22.0-16.fc3.src.rpm

46732d3473a71aa4ab90dd456f0e957f x86_64/gdk-pixbuf-0.22.0-16.fc3.x86_64.rpm

14639a9be1a8470ef3ebf5f8ca6951fa x86_64/gdk-pixbuf-devel-0.22.0-16.fc3.x86_64.rpm

d35d6f6ff840efced466d44e2556b556 x86_64/gdk-pixbuf-gnome-0.22.0-16.fc3.x86_64.rpm

91cb66921118ac3187e2a5234d33672a x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-16.fc3.x86_64.rpm

c226b3c99d9f139883015b249621294f x86_64/gdk-pixbuf-0.22.0-16.fc3.i386.rpm

c226b3c99d9f139883015b249621294f i386/gdk-pixbuf-0.22.0-16.fc3.i386.rpm

7a7790402d9d477f7f0f47a74259bfa4 i386/gdk-pixbuf-devel-0.22.0-16.fc3.i386.rpm

4e8f98e1e520d1f9e2b7b1fa98c06119 i386/gdk-pixbuf-gnome-0.22.0-16.fc3.i386.rpm

a3b06be3f9bd8ec74588dc6b95b637a9 i386/debug/gdk-pixbuf-debuginfo-0.22.0-16.fc3.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

--fedora-announce-list mailing list

fedora-announce-list@redhat.com