Stay Secure with the Latest Linux Advisories

security advisorydenial of servicegtk2 update

Fedora Core 3: FEDORA-2005-268 Critical: GTK+ BMP Denial Of Service

David Costanzo found a bug in the way GTK+ processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack in applications linked against GTK+. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to this issue.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-268 2005-03-30 ---------------------------------------------------------------------Product : Fedora Core 3 Name : gtk2 Version : 2.4.14 Release : 3.fc3 Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X. Description : GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small one-off tools to complete application suites. ---------------------------------------------------------------------Update Information: David Costanzo found a bug in the way GTK+ processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack in applications linked against GTK+. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to this issue. ---------------------------------------------------------------------* Mon Mar 28 2005 Matthias Clasen - 2.4.14-3.fc3 - Fix a double free in the bmp loader ---------------------------------------------------------------------This update can be downloaded from: 8c9c1a539e15629f204038597c57e75a SRPMS/gtk2-2.4.14-3.fc3.src.rpm 6491f2ebf95a79a0fafdd90256033189 x86_64/gtk2-2.4.14-3.fc3.x86_64.rpm 7facd80dc1c9ffc2e1745cb1505096c0 x86_64/gtk2-devel-2.4.14-3.fc3.x86_64.rpm 922ad9d8b24a4a580bca1f3461c1fcde x86_64/debug/gtk2-debuginfo-2.4.14-3.fc3.x86_64.rpm 9351093394765c34bc5a6b28e8db301b x86_64/gtk2-2.4.14-3.fc3.i386.rpm 9351093394765c34bc5a6b28e8db301b i386/gtk2-2.4.14-3.fc3.i386.rpm abb369e8b7dbcbe785a23d9cf52ca2a0 i386/gtk2-devel-2.4.14-3.fc3.i386.rpm 816116449734868587e069851dc57a62 i386/debug/gtk2-debuginfo-2.4.14-3.fc3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- --fedora-announce-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Important patch for Fedora Core 3 rectifying BMP handling issue within GTK+ to avert potential service interruptions.. GTK2 Update, Fedora Core 3, Denial Of Service, Image Processing. . Severity: Critical. LinuxSecurity.com Team

Mar 30, 2005 •Critical Fedora