Skip to navigation

Security Advisory gtk2 security update

Advisory: RHSA-2005:344-03
Type: Security Advisory
Severity: Important
Issued on: 2005-04-01
Last updated on: 2005-04-01
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-0891

Details

Updated gtk2 packages that fix a double free vulnerability are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating
graphical user interfaces for the X Window System.

A bug was found in the way gtk2 processes BMP images. It is possible
that a specially crafted BMP image could cause a denial of service attack
on applications linked against gtk2. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to
this issue.

Users of gtk2 are advised to upgrade to these packages, which contain
a backported patch and is not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

IA-32:
gtk2-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 98a763c907f9cde57d447ecc9ce69252
gtk2-devel-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 066bddc2276dccfd7bb0b72517637662
 
x86_64:
gtk2-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 98a763c907f9cde57d447ecc9ce69252
gtk2-2.2.4-15.x86_64.rpm
File outdated by:  RHSA-2005:811
    MD5: e4ab1dddc4d0dc5e2f6db0905be62819
gtk2-devel-2.2.4-15.x86_64.rpm
File outdated by:  RHSA-2005:811
    MD5: 90dabc5f8e3c4218b2e47c244b0bedbf
 
Red Hat Desktop (v. 4)

IA-32:
gtk2-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 48c40e37a9881922692c379a023f40c2
gtk2-devel-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: af3138588aa04815a27d638ecbcb6c8b
 
x86_64:
gtk2-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 48c40e37a9881922692c379a023f40c2
gtk2-2.4.13-14.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 0ce827bf741b096da96f49e0a461d228
gtk2-devel-2.4.13-14.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 11876fb98d0f3d6d4dc8b767110298f8
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
gtk2-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 98a763c907f9cde57d447ecc9ce69252
gtk2-devel-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 066bddc2276dccfd7bb0b72517637662
 
IA-64:
gtk2-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 98a763c907f9cde57d447ecc9ce69252
gtk2-2.2.4-15.ia64.rpm
File outdated by:  RHSA-2005:811
    MD5: baed53da0de7155699e61842ef41e3fc
gtk2-devel-2.2.4-15.ia64.rpm
File outdated by:  RHSA-2005:811
    MD5: 7a0b78f2dc0b6d31f2c9d1ed80f446e4
 
PPC:
gtk2-2.2.4-15.ppc.rpm
File outdated by:  RHSA-2005:811
    MD5: a99bbccf1f40a4623fed1b95c46add10
gtk2-2.2.4-15.ppc64.rpm
File outdated by:  RHSA-2005:811
    MD5: abfbf4e46c2a7d6493a6bfac1e4be816
gtk2-devel-2.2.4-15.ppc.rpm
File outdated by:  RHSA-2005:811
    MD5: 02ea01802becb94924e2eb6ee516cd32
 
s390:
gtk2-2.2.4-15.s390.rpm
File outdated by:  RHSA-2005:811
    MD5: 43b69fdf1aa8d9c2c887e3102de177b7
gtk2-devel-2.2.4-15.s390.rpm
File outdated by:  RHSA-2005:811
    MD5: 8af03aee1a14ec0369bd441a53921648
 
s390x:
gtk2-2.2.4-15.s390.rpm
File outdated by:  RHSA-2005:811
    MD5: 43b69fdf1aa8d9c2c887e3102de177b7
gtk2-2.2.4-15.s390x.rpm
File outdated by:  RHSA-2005:811
    MD5: a8a651570741b86471a63ed94183f210
gtk2-devel-2.2.4-15.s390x.rpm
File outdated by:  RHSA-2005:811
    MD5: 9c485a6e78fa1d1d153c8786e4cf5532
 
x86_64:
gtk2-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 98a763c907f9cde57d447ecc9ce69252
gtk2-2.2.4-15.x86_64.rpm
File outdated by:  RHSA-2005:811
    MD5: e4ab1dddc4d0dc5e2f6db0905be62819
gtk2-devel-2.2.4-15.x86_64.rpm
File outdated by:  RHSA-2005:811
    MD5: 90dabc5f8e3c4218b2e47c244b0bedbf
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
gtk2-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 48c40e37a9881922692c379a023f40c2
gtk2-devel-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: af3138588aa04815a27d638ecbcb6c8b
 
IA-64:
gtk2-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 48c40e37a9881922692c379a023f40c2
gtk2-2.4.13-14.ia64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 33d94f949a3b40af64c2b32d167ff228
gtk2-devel-2.4.13-14.ia64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 73608a9226dd9dd4659160f38ce0fee4
 
PPC:
gtk2-2.4.13-14.ppc.rpm
File outdated by:  RHBA-2008:0773
    MD5: 8c84158372ac0bcca09ab775eed2fee2
gtk2-2.4.13-14.ppc64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 3a61040d1dd81afa0dbca8ead7e125ee
gtk2-devel-2.4.13-14.ppc.rpm
File outdated by:  RHBA-2008:0773
    MD5: c9e7694d7514c897373ef6883abaebc5
 
s390:
gtk2-2.4.13-14.s390.rpm
File outdated by:  RHBA-2008:0773
    MD5: 3c1076cdca18a62dccab35d5e03371e2
gtk2-devel-2.4.13-14.s390.rpm
File outdated by:  RHBA-2008:0773
    MD5: 1e0c97c0e3a75b7e6431de79dc471683
 
s390x:
gtk2-2.4.13-14.s390.rpm
File outdated by:  RHBA-2008:0773
    MD5: 3c1076cdca18a62dccab35d5e03371e2
gtk2-2.4.13-14.s390x.rpm
File outdated by:  RHBA-2008:0773
    MD5: 35b3be76b835158f9c0fb8046753ff47
gtk2-devel-2.4.13-14.s390x.rpm
File outdated by:  RHBA-2008:0773
    MD5: c3e93e8160bc0b79e101a959ebc55cfd
 
x86_64:
gtk2-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 48c40e37a9881922692c379a023f40c2
gtk2-2.4.13-14.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 0ce827bf741b096da96f49e0a461d228
gtk2-devel-2.4.13-14.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 11876fb98d0f3d6d4dc8b767110298f8
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
gtk2-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 98a763c907f9cde57d447ecc9ce69252
gtk2-devel-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 066bddc2276dccfd7bb0b72517637662
 
IA-64:
gtk2-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 98a763c907f9cde57d447ecc9ce69252
gtk2-2.2.4-15.ia64.rpm
File outdated by:  RHSA-2005:811
    MD5: baed53da0de7155699e61842ef41e3fc
gtk2-devel-2.2.4-15.ia64.rpm
File outdated by:  RHSA-2005:811
    MD5: 7a0b78f2dc0b6d31f2c9d1ed80f446e4
 
x86_64:
gtk2-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 98a763c907f9cde57d447ecc9ce69252
gtk2-2.2.4-15.x86_64.rpm
File outdated by:  RHSA-2005:811
    MD5: e4ab1dddc4d0dc5e2f6db0905be62819
gtk2-devel-2.2.4-15.x86_64.rpm
File outdated by:  RHSA-2005:811
    MD5: 90dabc5f8e3c4218b2e47c244b0bedbf
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
gtk2-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 48c40e37a9881922692c379a023f40c2
gtk2-devel-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: af3138588aa04815a27d638ecbcb6c8b
 
IA-64:
gtk2-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 48c40e37a9881922692c379a023f40c2
gtk2-2.4.13-14.ia64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 33d94f949a3b40af64c2b32d167ff228
gtk2-devel-2.4.13-14.ia64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 73608a9226dd9dd4659160f38ce0fee4
 
x86_64:
gtk2-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 48c40e37a9881922692c379a023f40c2
gtk2-2.4.13-14.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 0ce827bf741b096da96f49e0a461d228
gtk2-devel-2.4.13-14.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 11876fb98d0f3d6d4dc8b767110298f8
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
gtk2-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 98a763c907f9cde57d447ecc9ce69252
gtk2-devel-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 066bddc2276dccfd7bb0b72517637662
 
IA-64:
gtk2-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 98a763c907f9cde57d447ecc9ce69252
gtk2-2.2.4-15.ia64.rpm
File outdated by:  RHSA-2005:811
    MD5: baed53da0de7155699e61842ef41e3fc
gtk2-devel-2.2.4-15.ia64.rpm
File outdated by:  RHSA-2005:811
    MD5: 7a0b78f2dc0b6d31f2c9d1ed80f446e4
 
x86_64:
gtk2-2.2.4-15.i386.rpm
File outdated by:  RHSA-2005:811
    MD5: 98a763c907f9cde57d447ecc9ce69252
gtk2-2.2.4-15.x86_64.rpm
File outdated by:  RHSA-2005:811
    MD5: e4ab1dddc4d0dc5e2f6db0905be62819
gtk2-devel-2.2.4-15.x86_64.rpm
File outdated by:  RHSA-2005:811
    MD5: 90dabc5f8e3c4218b2e47c244b0bedbf
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
gtk2-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 48c40e37a9881922692c379a023f40c2
gtk2-devel-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: af3138588aa04815a27d638ecbcb6c8b
 
IA-64:
gtk2-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 48c40e37a9881922692c379a023f40c2
gtk2-2.4.13-14.ia64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 33d94f949a3b40af64c2b32d167ff228
gtk2-devel-2.4.13-14.ia64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 73608a9226dd9dd4659160f38ce0fee4
 
x86_64:
gtk2-2.4.13-14.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 48c40e37a9881922692c379a023f40c2
gtk2-2.4.13-14.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 0ce827bf741b096da96f49e0a461d228
gtk2-devel-2.4.13-14.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 11876fb98d0f3d6d4dc8b767110298f8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

152317 - CAN-2005-0891 gdk-pixbuf BMP double free DoS


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/