Security Advisory gdk-pixbuf security update

Advisory: RHSA-2005:343-03
Type: Security Advisory
Severity: Important
Issued on: 2005-04-05
Last updated on: 2005-04-05
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2005-0891

Details

Updated gdk-pixbuf packages that fix a double free vulnerability are now
available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment.

A bug was found in the way gdk-pixbuf processes BMP images. It is possible
that a specially crafted BMP image could cause a denial of service attack
on applications linked against gdk-pixbuf. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to
this issue.

Users of gdk-pixbuf are advised to upgrade to these packages, which contain
a backported patch and is not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
gdk-pixbuf-0.22.0-12.el3.src.rpm     976b86cf75b4e7a59bceee5b4edc9a97
 
IA-32:
gdk-pixbuf-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     2ffc1b52012b1f299c8d08519a669d88
gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     f865db4cd92f7395a9ef0769d6fd3c08
gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     c1d243418786af9aa77f93343feb4e9c
 
x86_64:
gdk-pixbuf-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     2ffc1b52012b1f299c8d08519a669d88
gdk-pixbuf-0.22.0-12.el3.x86_64.rpm
File outdated by:  RHSA-2005:810		     c1b4180a28bf65b5133c5eefa24b93a0
gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm
File outdated by:  RHSA-2005:810		     205637111511ee684cee2a7f55faa0f1
gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm
File outdated by:  RHSA-2005:810		     d6f7574029cdbdf29136463bf8034266
 
Red Hat Desktop (v. 4)
SRPMS:
gdk-pixbuf-0.22.0-16.el4.src.rpm     d1ebd19ea75268ebcc3f06824a4a572c
 
IA-32:
gdk-pixbuf-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     0871d792413b0c21bd4fff8a142bebb1
gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     c8072476dff533717a389f6fb32f978d
 
x86_64:
gdk-pixbuf-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     0871d792413b0c21bd4fff8a142bebb1
gdk-pixbuf-0.22.0-16.el4.x86_64.rpm
File outdated by:  RHSA-2005:810		     61f8e510098ebd12f32a7e479d0026d7
gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm
File outdated by:  RHSA-2005:810		     c94e5cee6ee5c19dd49f7371e8fddb78
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
gdk-pixbuf-0.22.0-12.el2.src.rpm     cd150c0707736057ed148da2f4f716c8
 
IA-32:
gdk-pixbuf-0.22.0-12.el2.i386.rpm
File outdated by:  RHSA-2005:810		     7dfdd5d16a91e64380970e56d490c471
gdk-pixbuf-devel-0.22.0-12.el2.i386.rpm
File outdated by:  RHSA-2005:810		     be7486b35d88c407fef24c541e525dc1
gdk-pixbuf-gnome-0.22.0-12.el2.i386.rpm
File outdated by:  RHSA-2005:810		     9af7825523aeeff36cb7633e3cdc4403
 
IA-64:
gdk-pixbuf-0.22.0-12.el2.ia64.rpm
File outdated by:  RHSA-2005:810		     f6c266be7bb786fcaa6a7025719bd74f
gdk-pixbuf-devel-0.22.0-12.el2.ia64.rpm
File outdated by:  RHSA-2005:810		     6d344d3c48fac3320b5c7b4c34a28018
gdk-pixbuf-gnome-0.22.0-12.el2.ia64.rpm
File outdated by:  RHSA-2005:810		     f6cfeb5bcf4e5da379fc8dd31811224d
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
gdk-pixbuf-0.22.0-12.el3.src.rpm     976b86cf75b4e7a59bceee5b4edc9a97
 
IA-32:
gdk-pixbuf-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     2ffc1b52012b1f299c8d08519a669d88
gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     f865db4cd92f7395a9ef0769d6fd3c08
gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     c1d243418786af9aa77f93343feb4e9c
 
IA-64:
gdk-pixbuf-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     2ffc1b52012b1f299c8d08519a669d88
gdk-pixbuf-0.22.0-12.el3.ia64.rpm
File outdated by:  RHSA-2005:810		     41f620654091eee65af1e2a7caa4c629
gdk-pixbuf-devel-0.22.0-12.el3.ia64.rpm
File outdated by:  RHSA-2005:810		     e88d2b283b5ba14c9e17cf0fa0ff5632
gdk-pixbuf-gnome-0.22.0-12.el3.ia64.rpm
File outdated by:  RHSA-2005:810		     d0747f8cc77eff6781978f265417ed09
 
PPC:
gdk-pixbuf-0.22.0-12.el3.ppc.rpm
File outdated by:  RHSA-2005:810		     dcde354069b804f3b32855b53915e2f0
gdk-pixbuf-0.22.0-12.el3.ppc64.rpm
File outdated by:  RHSA-2005:810		     0cdbb62e276af7694d007568070c87ff
gdk-pixbuf-devel-0.22.0-12.el3.ppc.rpm
File outdated by:  RHSA-2005:810		     f1a2be2fee1859d6f70d5747b8823706
gdk-pixbuf-gnome-0.22.0-12.el3.ppc.rpm
File outdated by:  RHSA-2005:810		     d1e0b31da885fd13c984f03b1a6cf92f
 
s390:
gdk-pixbuf-0.22.0-12.el3.s390.rpm
File outdated by:  RHSA-2005:810		     22877fb2b5a75cdcdf523ab4585fd2c7
gdk-pixbuf-devel-0.22.0-12.el3.s390.rpm
File outdated by:  RHSA-2005:810		     a4acd9d3eb0eb28836fcc360e76f1122
gdk-pixbuf-gnome-0.22.0-12.el3.s390.rpm
File outdated by:  RHSA-2005:810		     6b2ed0bcdb22c2253988e8b99926a533
 
s390x:
gdk-pixbuf-0.22.0-12.el3.s390.rpm
File outdated by:  RHSA-2005:810		     22877fb2b5a75cdcdf523ab4585fd2c7
gdk-pixbuf-0.22.0-12.el3.s390x.rpm
File outdated by:  RHSA-2005:810		     17a78e9783fb3d9fb966c90d15052889
gdk-pixbuf-devel-0.22.0-12.el3.s390x.rpm
File outdated by:  RHSA-2005:810		     d720e8670862c620fa40860ae9ff58cc
gdk-pixbuf-gnome-0.22.0-12.el3.s390x.rpm
File outdated by:  RHSA-2005:810		     edb7f22d7e8a37e7659d21a1f1b1357a
 
x86_64:
gdk-pixbuf-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     2ffc1b52012b1f299c8d08519a669d88
gdk-pixbuf-0.22.0-12.el3.x86_64.rpm
File outdated by:  RHSA-2005:810		     c1b4180a28bf65b5133c5eefa24b93a0
gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm
File outdated by:  RHSA-2005:810		     205637111511ee684cee2a7f55faa0f1
gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm
File outdated by:  RHSA-2005:810		     d6f7574029cdbdf29136463bf8034266
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
gdk-pixbuf-0.22.0-16.el4.src.rpm     d1ebd19ea75268ebcc3f06824a4a572c
 
IA-32:
gdk-pixbuf-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     0871d792413b0c21bd4fff8a142bebb1
gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     c8072476dff533717a389f6fb32f978d
 
IA-64:
gdk-pixbuf-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     0871d792413b0c21bd4fff8a142bebb1
gdk-pixbuf-0.22.0-16.el4.ia64.rpm
File outdated by:  RHSA-2005:810		     7ff5fe095b30974df15e143b0d7e929e
gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm
File outdated by:  RHSA-2005:810		     be7e5e039520062ff027c2f482728fde
 
PPC:
gdk-pixbuf-0.22.0-16.el4.ppc.rpm
File outdated by:  RHSA-2005:810		     67814460f4036204f6a6061239d8748f
gdk-pixbuf-0.22.0-16.el4.ppc64.rpm
File outdated by:  RHSA-2005:810		     3c01305b14fa397a13b6e3faea132bd0
gdk-pixbuf-devel-0.22.0-16.el4.ppc.rpm
File outdated by:  RHSA-2005:810		     1e85a9e6c3c78def4fdaaa07f5b4fe3c
 
s390:
gdk-pixbuf-0.22.0-16.el4.s390.rpm
File outdated by:  RHSA-2005:810		     1864bf760c9f2dcbe7983df29099a225
gdk-pixbuf-devel-0.22.0-16.el4.s390.rpm
File outdated by:  RHSA-2005:810		     ed820e2cb04141a57ac381bca8d6332a
 
s390x:
gdk-pixbuf-0.22.0-16.el4.s390.rpm
File outdated by:  RHSA-2005:810		     1864bf760c9f2dcbe7983df29099a225
gdk-pixbuf-0.22.0-16.el4.s390x.rpm
File outdated by:  RHSA-2005:810		     a3f558d6b7370c864a6771412d1a2513
gdk-pixbuf-devel-0.22.0-16.el4.s390x.rpm
File outdated by:  RHSA-2005:810		     3c11f5939e9ac8d2e6eb5e6177b733d8
 
x86_64:
gdk-pixbuf-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     0871d792413b0c21bd4fff8a142bebb1
gdk-pixbuf-0.22.0-16.el4.x86_64.rpm
File outdated by:  RHSA-2005:810		     61f8e510098ebd12f32a7e479d0026d7
gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm
File outdated by:  RHSA-2005:810		     c94e5cee6ee5c19dd49f7371e8fddb78
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
gdk-pixbuf-0.22.0-12.el2.src.rpm     cd150c0707736057ed148da2f4f716c8
 
IA-32:
gdk-pixbuf-0.22.0-12.el2.i386.rpm
File outdated by:  RHSA-2005:810		     7dfdd5d16a91e64380970e56d490c471
gdk-pixbuf-devel-0.22.0-12.el2.i386.rpm
File outdated by:  RHSA-2005:810		     be7486b35d88c407fef24c541e525dc1
gdk-pixbuf-gnome-0.22.0-12.el2.i386.rpm
File outdated by:  RHSA-2005:810		     9af7825523aeeff36cb7633e3cdc4403
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
gdk-pixbuf-0.22.0-12.el3.src.rpm     976b86cf75b4e7a59bceee5b4edc9a97
 
IA-32:
gdk-pixbuf-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     2ffc1b52012b1f299c8d08519a669d88
gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     f865db4cd92f7395a9ef0769d6fd3c08
gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     c1d243418786af9aa77f93343feb4e9c
 
IA-64:
gdk-pixbuf-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     2ffc1b52012b1f299c8d08519a669d88
gdk-pixbuf-0.22.0-12.el3.ia64.rpm
File outdated by:  RHSA-2005:810		     41f620654091eee65af1e2a7caa4c629
gdk-pixbuf-devel-0.22.0-12.el3.ia64.rpm
File outdated by:  RHSA-2005:810		     e88d2b283b5ba14c9e17cf0fa0ff5632
gdk-pixbuf-gnome-0.22.0-12.el3.ia64.rpm
File outdated by:  RHSA-2005:810		     d0747f8cc77eff6781978f265417ed09
 
x86_64:
gdk-pixbuf-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     2ffc1b52012b1f299c8d08519a669d88
gdk-pixbuf-0.22.0-12.el3.x86_64.rpm
File outdated by:  RHSA-2005:810		     c1b4180a28bf65b5133c5eefa24b93a0
gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm
File outdated by:  RHSA-2005:810		     205637111511ee684cee2a7f55faa0f1
gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm
File outdated by:  RHSA-2005:810		     d6f7574029cdbdf29136463bf8034266
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
gdk-pixbuf-0.22.0-16.el4.src.rpm     d1ebd19ea75268ebcc3f06824a4a572c
 
IA-32:
gdk-pixbuf-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     0871d792413b0c21bd4fff8a142bebb1
gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     c8072476dff533717a389f6fb32f978d
 
IA-64:
gdk-pixbuf-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     0871d792413b0c21bd4fff8a142bebb1
gdk-pixbuf-0.22.0-16.el4.ia64.rpm
File outdated by:  RHSA-2005:810		     7ff5fe095b30974df15e143b0d7e929e
gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm
File outdated by:  RHSA-2005:810		     be7e5e039520062ff027c2f482728fde
 
x86_64:
gdk-pixbuf-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     0871d792413b0c21bd4fff8a142bebb1
gdk-pixbuf-0.22.0-16.el4.x86_64.rpm
File outdated by:  RHSA-2005:810		     61f8e510098ebd12f32a7e479d0026d7
gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm
File outdated by:  RHSA-2005:810		     c94e5cee6ee5c19dd49f7371e8fddb78
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
gdk-pixbuf-0.22.0-12.el2.src.rpm     cd150c0707736057ed148da2f4f716c8
 
IA-32:
gdk-pixbuf-0.22.0-12.el2.i386.rpm
File outdated by:  RHSA-2005:810		     7dfdd5d16a91e64380970e56d490c471
gdk-pixbuf-devel-0.22.0-12.el2.i386.rpm
File outdated by:  RHSA-2005:810		     be7486b35d88c407fef24c541e525dc1
gdk-pixbuf-gnome-0.22.0-12.el2.i386.rpm
File outdated by:  RHSA-2005:810		     9af7825523aeeff36cb7633e3cdc4403
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
gdk-pixbuf-0.22.0-12.el3.src.rpm     976b86cf75b4e7a59bceee5b4edc9a97
 
IA-32:
gdk-pixbuf-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     2ffc1b52012b1f299c8d08519a669d88
gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     f865db4cd92f7395a9ef0769d6fd3c08
gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     c1d243418786af9aa77f93343feb4e9c
 
IA-64:
gdk-pixbuf-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     2ffc1b52012b1f299c8d08519a669d88
gdk-pixbuf-0.22.0-12.el3.ia64.rpm
File outdated by:  RHSA-2005:810		     41f620654091eee65af1e2a7caa4c629
gdk-pixbuf-devel-0.22.0-12.el3.ia64.rpm
File outdated by:  RHSA-2005:810		     e88d2b283b5ba14c9e17cf0fa0ff5632
gdk-pixbuf-gnome-0.22.0-12.el3.ia64.rpm
File outdated by:  RHSA-2005:810		     d0747f8cc77eff6781978f265417ed09
 
x86_64:
gdk-pixbuf-0.22.0-12.el3.i386.rpm
File outdated by:  RHSA-2005:810		     2ffc1b52012b1f299c8d08519a669d88
gdk-pixbuf-0.22.0-12.el3.x86_64.rpm
File outdated by:  RHSA-2005:810		     c1b4180a28bf65b5133c5eefa24b93a0
gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm
File outdated by:  RHSA-2005:810		     205637111511ee684cee2a7f55faa0f1
gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm
File outdated by:  RHSA-2005:810		     d6f7574029cdbdf29136463bf8034266
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
gdk-pixbuf-0.22.0-16.el4.src.rpm     d1ebd19ea75268ebcc3f06824a4a572c
 
IA-32:
gdk-pixbuf-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     0871d792413b0c21bd4fff8a142bebb1
gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     c8072476dff533717a389f6fb32f978d
 
IA-64:
gdk-pixbuf-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     0871d792413b0c21bd4fff8a142bebb1
gdk-pixbuf-0.22.0-16.el4.ia64.rpm
File outdated by:  RHSA-2005:810		     7ff5fe095b30974df15e143b0d7e929e
gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm
File outdated by:  RHSA-2005:810		     be7e5e039520062ff027c2f482728fde
 
x86_64:
gdk-pixbuf-0.22.0-16.el4.i386.rpm
File outdated by:  RHSA-2005:810		     0871d792413b0c21bd4fff8a142bebb1
gdk-pixbuf-0.22.0-16.el4.x86_64.rpm
File outdated by:  RHSA-2005:810		     61f8e510098ebd12f32a7e479d0026d7
gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm
File outdated by:  RHSA-2005:810		     c94e5cee6ee5c19dd49f7371e8fddb78
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
gdk-pixbuf-0.22.0-12.el2.src.rpm     cd150c0707736057ed148da2f4f716c8
 
IA-64:
gdk-pixbuf-0.22.0-12.el2.ia64.rpm
File outdated by:  RHSA-2005:810		     f6c266be7bb786fcaa6a7025719bd74f
gdk-pixbuf-devel-0.22.0-12.el2.ia64.rpm
File outdated by:  RHSA-2005:810		     6d344d3c48fac3320b5c7b4c34a28018
gdk-pixbuf-gnome-0.22.0-12.el2.ia64.rpm
File outdated by:  RHSA-2005:810		     f6cfeb5bcf4e5da379fc8dd31811224d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

152315 - CAN-2005-0891 gdk-pixbuf BMP double free DoS


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0891

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/