---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-289
2004-09-15
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : gtk2
Version     : 2.4.7                      
Release     : 2.4                  
Summary     : The GIMP ToolKit (GTK+), a library for creating GUIs for
X.
Description :
GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.

---------------------------------------------------------------------
Update Information:

During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw
was
discovered in the BMP image processor of gtk2. An attacker could create
a
carefully crafted BMP file which would cause an application to enter an
infinite loop and not respond to user input when the file was opened by
a
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0753 to this issue.

During a security audit Chris Evans discovered a stack and a heap
overflow
in the XPM image decoder. An attacker could create a carefully crafted
XPM
file which could cause an application linked with gtk2 to crash or
possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer overflow in the ICO image
decoder.
An attacker could create a carefully crafted ICO file which could cause
an
application linked with gtk2 to crash when the file was opened by a
victim.
(CAN-2004-0788)

---------------------------------------------------------------------
* Tue Sep 07 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.7-2.4

- Fix issues in the xpm and ico loaders  found by Chris Evans (#130711)

* Fri Aug 20 2004 Owen Taylor <otaylor@redhat.com> - 2.4.7-2.2

- Fix problem with infinite loop on bad BMP data (#130450, 
  test BMP from Chris Evans, fix from Manish Singh)

* Sat Aug 14 2004 Matthias Clasen <mclasen@redhat.com> 2.4.7-1

- update to 2.4.7

* Fri Aug 13 2004 Matthias Clasen <mclasen@redhat.com> 2.4.6-1

- update to 2.4.6
- call libtoolize --force to win .so's back...

* Fri Jul 30 2004 Jonathan Blandford <jrb@redhat.com> 2.4.4-4

- add typeahead patch to GtkTreeView
- automake-1.9

* Tue Jul 27 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-3

- Use -64 suffix on powerpc64.  (#128605)

* Fri Jul 16 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-2

- Fix permissions of gdk-pixbuf-csource script. 
- Escape macros in %changelog

* Fri Jul 09 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-1

- Update to 2.4.4

* Thu Jul 08 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-5

- Look for the gtk.immodules file in the right location.  (#127073)

* Thu Jul 08 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-4

- Add a wrapper for gdk-pixbuf-csource.

* Wed Jun 23 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-3

- Don't install testgtk and testtext
- Rename binaries to -32/-64 (#124478)
- Move arch-dependent config files to /etc/gtk-2.0/$host (#124482)
- Add wrappers for updating the arch-dependent config files

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Thu May 20 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-1

- Upgrade to 2.4.1


---------------------------------------------------------------------
This update can be downloaded from:
    

75a86a6d678f76a2f6238a992463005f  SRPMS/gtk2-2.4.7-2.4.src.rpm
f6923be90c1621e83a19df610213ff12  x86_64/gtk2-2.4.7-2.4.x86_64.rpm
e46b3ea2a153749dcf6d5cdf38603ea6  x86_64/gtk2-devel-2.4.7-2.4.x86_64.rpm
81f2cf32b341d60fa766e638624a201c 
x86_64/debug/gtk2-debuginfo-2.4.7-2.4.x86_64.rpm
b659bb38815921f415c45790d2c4b1c6  x86_64/gtk2-2.4.7-2.4.i386.rpm
b659bb38815921f415c45790d2c4b1c6  i386/gtk2-2.4.7-2.4.i386.rpm
9d38f480c8ccb6857fc6cbdb322ac073  i386/gtk2-devel-2.4.7-2.4.i386.rpm
5099d6ef8357b99e90e9fa2fd9c28695 
i386/debug/gtk2-debuginfo-2.4.7-2.4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

Fedora: gtk2 vulnerabilities (Core 2)

September 15, 2004
Several vulnerabilities.

Summary

GTK+ is a multi-platform toolkit for creating graphical user

interfaces. Offering a complete set of widgets, GTK+ is suitable for

projects ranging from small one-off tools to complete application

suites.

Update Information:

During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was discovered in the BMP image processor of gtk2. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0753 to this issue.

During a security audit Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file was opened by a victim. (CAN-2004-0788)

* Tue Sep 07 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.7-2.4

- Fix issues in the xpm and ico loaders found by Chris Evans (#130711)

* Fri Aug 20 2004 Owen Taylor <otaylor@redhat.com> - 2.4.7-2.2

- Fix problem with infinite loop on bad BMP data (#130450, test BMP from Chris Evans, fix from Manish Singh)

* Sat Aug 14 2004 Matthias Clasen <mclasen@redhat.com> 2.4.7-1

- update to 2.4.7

* Fri Aug 13 2004 Matthias Clasen <mclasen@redhat.com> 2.4.6-1

- update to 2.4.6 - call libtoolize --force to win .so's back...

* Fri Jul 30 2004 Jonathan Blandford <jrb@redhat.com> 2.4.4-4

- add typeahead patch to GtkTreeView - automake-1.9

* Tue Jul 27 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-3

- Use -64 suffix on powerpc64. (#128605)

* Fri Jul 16 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-2

- Fix permissions of gdk-pixbuf-csource script. - Escape macros in %changelog

* Fri Jul 09 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-1

- Update to 2.4.4

* Thu Jul 08 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-5

- Look for the gtk.immodules file in the right location. (#127073)

* Thu Jul 08 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-4

- Add a wrapper for gdk-pixbuf-csource.

* Wed Jun 23 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-3

- Don't install testgtk and testtext - Rename binaries to -32/-64 (#124478) - Move arch-dependent config files to /etc/gtk-2.0/$host (#124482) - Add wrappers for updating the arch-dependent config files

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Thu May 20 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-1

- Upgrade to 2.4.1


This update can be downloaded from:


75a86a6d678f76a2f6238a992463005f SRPMS/gtk2-2.4.7-2.4.src.rpm f6923be90c1621e83a19df610213ff12 x86_64/gtk2-2.4.7-2.4.x86_64.rpm e46b3ea2a153749dcf6d5cdf38603ea6 x86_64/gtk2-devel-2.4.7-2.4.x86_64.rpm 81f2cf32b341d60fa766e638624a201c x86_64/debug/gtk2-debuginfo-2.4.7-2.4.x86_64.rpm b659bb38815921f415c45790d2c4b1c6 x86_64/gtk2-2.4.7-2.4.i386.rpm b659bb38815921f415c45790d2c4b1c6 i386/gtk2-2.4.7-2.4.i386.rpm 9d38f480c8ccb6857fc6cbdb322ac073 i386/gtk2-devel-2.4.7-2.4.i386.rpm 5099d6ef8357b99e90e9fa2fd9c28695 i386/debug/gtk2-debuginfo-2.4.7-2.4.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Change Log

References

Fedora Update Notification FEDORA-2004-289 2004-09-15 Product : Fedora Core 2 Name : gtk2 Version : 2.4.7 Release : 2.4 Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X. Description : GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small one-off tools to complete application suites.

Update Instructions

Severity
Product : Fedora Core 2
Name : gtk2
Version : 2.4.7
Release : 2.4
Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved