Fedora Core 3: FEDORA-2005-268 Critical: GTK+ BMP Denial Of Service

GTK+ is a multi-platform toolkit for creating graphical user

interfaces. Offering a complete set of widgets, GTK+ is suitable for

projects ranging from small one-off tools to complete application

suites.

David Costanzo found a bug in the way GTK+ processes BMP images.

It is possible that a specially crafted BMP image could cause a denial

of service attack in applications linked against GTK+.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the name CAN-2005-0891 to this issue.

- Fix a double free in the bmp loader

8c9c1a539e15629f204038597c57e75a SRPMS/gtk2-2.4.14-3.fc3.src.rpm

6491f2ebf95a79a0fafdd90256033189 x86_64/gtk2-2.4.14-3.fc3.x86_64.rpm

7facd80dc1c9ffc2e1745cb1505096c0 x86_64/gtk2-devel-2.4.14-3.fc3.x86_64.rpm

922ad9d8b24a4a580bca1f3461c1fcde x86_64/debug/gtk2-debuginfo-2.4.14-3.fc3.x86_64.rpm

9351093394765c34bc5a6b28e8db301b x86_64/gtk2-2.4.14-3.fc3.i386.rpm

9351093394765c34bc5a6b28e8db301b i386/gtk2-2.4.14-3.fc3.i386.rpm

abb369e8b7dbcbe785a23d9cf52ca2a0 i386/gtk2-devel-2.4.14-3.fc3.i386.rpm

816116449734868587e069851dc57a62 i386/debug/gtk2-debuginfo-2.4.14-3.fc3.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

--fedora-announce-list mailing list

fedora-announce-list@redhat.com