---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-287
2004-09-15
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : gdk-pixbuf
Version     : 0.22.0                      
Release     : 11.2.3                  
Summary     : An image loading library used with GNOME.
Description :
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.

---------------------------------------------------------------------
Update Information:

During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw
was
discovered in the BMP image processor of gdk-pixbuf. An attacker could
create a carefully crafted BMP file which would cause an application
to enter an infinite loop and not respond to user input when the file
was
opened by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0753 to this issue.

During a security audit, Chris Evans discovered a stack and a heap
overflow
in the XPM image decoder. An attacker could create a carefully crafted
XPM
file which could cause an application linked with gtk2 to crash or
possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer overflow in the ICO image
decoder.
An attacker could create a carefully crafted ICO file which could cause
an
application linked with gtk2 to crash when the file is opened by a
victim.
(CAN-2004-0788)

---------------------------------------------------------------------
* Tue Sep 07 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.2.3

- Rebuild for FC2

* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.2.2

- Rebuild for FC1

* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.1.3

- Rebuild for RHEL3

* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> -
1:0.22.0-11.1.2E

- Fix issues in the xpm and ico loaders  found by Chris Evans (#130711)

* Fri Aug 20 2004 Owen Taylor <otaylor@redhat.com> - 1:0.22.0-10.0.2E

- Fix problem with infinite loop on bad BMP data (#130455,
  test BMP from Chris Evans, fix from Manish Singh)

* Sun Aug 15 2004 Tim Waugh <twaugh@redhat.com> 1:0.22.0-9

- Fixed underquoted m4 definition.

* Mon Jun 21 2004 Matthias Clasen <mclasen@redhat.com>

- Make build

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Fri Mar 05 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.3

- Include /usr/lib/*.la for AS2.1

* Fri Mar 05 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.2E

- Add some additional defines to work with 2.1AS

* Thu Mar 04 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.1.1

- Bump and rebuild

* Thu Mar 04 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.1.0

- Redo package to build without libtool-1.5 patch

* Wed Mar 03 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.0

- Add a couple of bug-fixes backported from GTK+-2.x


---------------------------------------------------------------------
This update can be downloaded from:
    

df423014919ec5696f889ac6f4787746  SRPMS/gdk-pixbuf-0.22.0-11.2.3.src.rpm
b0c43651dc3ce287199500dfcc2f0587 
x86_64/gdk-pixbuf-0.22.0-11.2.3.x86_64.rpm
7e7fc5ed5415290c782869c4b4891cbf 
x86_64/gdk-pixbuf-devel-0.22.0-11.2.3.x86_64.rpm
144f31eb04ea373b7e03c7c0478956e9 
x86_64/gdk-pixbuf-gnome-0.22.0-11.2.3.x86_64.rpm
3eab7a99d72773cc58f9ae76020170d7 
x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.3.x86_64.rpm
7191295371d1375fa214aae40ed552ad  i386/gdk-pixbuf-0.22.0-11.2.3.i386.rpm
1312362346782b79454397d5116c3401 
i386/gdk-pixbuf-devel-0.22.0-11.2.3.i386.rpm
26640728f906fbc08f11302aea0c551d 
i386/gdk-pixbuf-gnome-0.22.0-11.2.3.i386.rpm
5e6d6f574976df72d29a33e19e178aaa 
i386/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

Fedora: gdk-pixbuf vulnerabilities (Core 2)

September 15, 2004
Several vulnerabilities.

Summary

The gdk-pixbuf package contains an image loading library used with the

GNOME GUI desktop environment. The GdkPixBuf library provides image

loading facilities, the rendering of a GdkPixBuf into various formats

(drawables or GdkRGB buffers), and a cache interface.

Update Information:

During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was discovered in the BMP image processor of gdk-pixbuf. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0753 to this issue.

During a security audit, Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file is opened by a victim. (CAN-2004-0788)

* Tue Sep 07 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.2.3

- Rebuild for FC2

* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.2.2

- Rebuild for FC1

* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.1.3

- Rebuild for RHEL3

* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.1.2E

- Fix issues in the xpm and ico loaders found by Chris Evans (#130711)

* Fri Aug 20 2004 Owen Taylor <otaylor@redhat.com> - 1:0.22.0-10.0.2E

- Fix problem with infinite loop on bad BMP data (#130455, test BMP from Chris Evans, fix from Manish Singh)

* Sun Aug 15 2004 Tim Waugh <twaugh@redhat.com> 1:0.22.0-9

- Fixed underquoted m4 definition.

* Mon Jun 21 2004 Matthias Clasen <mclasen@redhat.com>

- Make build

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Fri Mar 05 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.3

- Include /usr/lib/*.la for AS2.1

* Fri Mar 05 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.2E

- Add some additional defines to work with 2.1AS

* Thu Mar 04 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.1.1

- Bump and rebuild

* Thu Mar 04 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.1.0

- Redo package to build without libtool-1.5 patch

* Wed Mar 03 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.0

- Add a couple of bug-fixes backported from GTK+-2.x


This update can be downloaded from:


df423014919ec5696f889ac6f4787746 SRPMS/gdk-pixbuf-0.22.0-11.2.3.src.rpm b0c43651dc3ce287199500dfcc2f0587 x86_64/gdk-pixbuf-0.22.0-11.2.3.x86_64.rpm 7e7fc5ed5415290c782869c4b4891cbf x86_64/gdk-pixbuf-devel-0.22.0-11.2.3.x86_64.rpm 144f31eb04ea373b7e03c7c0478956e9 x86_64/gdk-pixbuf-gnome-0.22.0-11.2.3.x86_64.rpm 3eab7a99d72773cc58f9ae76020170d7 x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.3.x86_64.rpm 7191295371d1375fa214aae40ed552ad i386/gdk-pixbuf-0.22.0-11.2.3.i386.rpm 1312362346782b79454397d5116c3401 i386/gdk-pixbuf-devel-0.22.0-11.2.3.i386.rpm 26640728f906fbc08f11302aea0c551d i386/gdk-pixbuf-gnome-0.22.0-11.2.3.i386.rpm 5e6d6f574976df72d29a33e19e178aaa i386/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Change Log

References

Fedora Update Notification FEDORA-2004-287 2004-09-15 Product : Fedora Core 2 Name : gdk-pixbuf Version : 0.22.0 Release : 11.2.3 Summary : An image loading library used with GNOME. Description : The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. The GdkPixBuf library provides image loading facilities, the rendering of a GdkPixBuf into various formats (drawables or GdkRGB buffers), and a cache interface.

Update Instructions

Severity
Product : Fedora Core 2
Name : gdk-pixbuf
Version : 0.22.0
Release : 11.2.3
Summary : An image loading library used with GNOME.

Related News