Skip to navigation

Security Advisory gdk-pixbuf security update

Advisory: RHSA-2005:810-9
Type: Security Advisory
Severity: Important
Issued on: 2005-11-15
Last updated on: 2005-11-15
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-2975
CVE-2005-2976
CVE-2005-3186

Details

Updated gdk-pixbuf packages that fix several security issues are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment.

A bug was found in the way gdk-pixbuf processes XPM images. An attacker
could create a carefully crafted XPM file in such a way that it could cause
an application linked with gdk-pixbuf to execute arbitrary code when the
file was opened by a victim. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf
processes XPM images. An attacker could create a carefully crafted XPM file
in such a way that it could cause an application linked with gdk-pixbuf to
execute arbitrary code or crash when the file was opened by a victim. The
Common Vulnerabilities and Exposures project has assigned the name
CVE-2005-2976 to this issue.

Ludwig Nussel also discovered an infinite-loop denial of service bug in the
way gdk-pixbuf processes XPM images. An attacker could create a carefully
crafted XPM file in such a way that it could cause an application linked
with gdk-pixbuf to stop responding when the file was opened by a victim.
The Common Vulnerabilities and Exposures project has assigned the name
CVE-2005-2975 to this issue.

Users of gdk-pixbuf are advised to upgrade to these updated packages, which
contain backported patches and are not vulnerable to these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
gdk-pixbuf-0.22.0-13.el3.3.src.rpm     MD5: ebe0b3e9475a081fb1e440859b18aa41
 
IA-32:
gdk-pixbuf-0.22.0-13.el3.3.i386.rpm     MD5: a0a20b4a1f1a026ed4c27eb4d6dcd2dd
gdk-pixbuf-devel-0.22.0-13.el3.3.i386.rpm     MD5: b9a4428f150b1a2b254c28ec1ef3ad68
gdk-pixbuf-gnome-0.22.0-13.el3.3.i386.rpm     MD5: 233cf43c7684265346a2870106827dbb
 
x86_64:
gdk-pixbuf-0.22.0-13.el3.3.i386.rpm     MD5: a0a20b4a1f1a026ed4c27eb4d6dcd2dd
gdk-pixbuf-0.22.0-13.el3.3.x86_64.rpm     MD5: 6d71d761fb4c57b6929e45328b737430
gdk-pixbuf-devel-0.22.0-13.el3.3.x86_64.rpm     MD5: fe71ef624d7d72e1088ecf99a0d8964e
gdk-pixbuf-gnome-0.22.0-13.el3.3.x86_64.rpm     MD5: 99361ad12142f6649862b34492d44161
 
Red Hat Desktop (v. 4)

SRPMS:
gdk-pixbuf-0.22.0-17.el4.3.src.rpm     MD5: 8f98649a87e4b1cac5c2bec357f3e2d1
 
IA-32:
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm     MD5: 493e45512178d1341b15cb5d6d45cc0b
gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm     MD5: f530d05031db8603b003d27dd8bc315f
 
x86_64:
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm     MD5: 493e45512178d1341b15cb5d6d45cc0b
gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm     MD5: 021d4b0918b36f768be0915bf25d3506
gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm     MD5: 2bc4b69e7df26ca388139ac22b1488a1
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
gdk-pixbuf-0.22.0-12.el2.3.src.rpm     MD5: 5bea8970a777c2e2197c343d64669f1a
 
IA-32:
gdk-pixbuf-0.22.0-12.el2.3.i386.rpm     MD5: 28ad503e6c7cf397277bf9d60b2b64b8
gdk-pixbuf-devel-0.22.0-12.el2.3.i386.rpm     MD5: 7d4d3f1c4492eb2aaded956ad8028e2e
gdk-pixbuf-gnome-0.22.0-12.el2.3.i386.rpm     MD5: 54833c2b7785977352d13fa3fe534c24
 
IA-64:
gdk-pixbuf-0.22.0-12.el2.3.ia64.rpm     MD5: cc7b986a3d8513a9d6b851b7d6650158
gdk-pixbuf-devel-0.22.0-12.el2.3.ia64.rpm     MD5: 3fe74f7116a28990f296154a45dfcdd7
gdk-pixbuf-gnome-0.22.0-12.el2.3.ia64.rpm     MD5: 401c82d6c91904940173f42618b696ee
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
gdk-pixbuf-0.22.0-13.el3.3.src.rpm     MD5: ebe0b3e9475a081fb1e440859b18aa41
 
IA-32:
gdk-pixbuf-0.22.0-13.el3.3.i386.rpm     MD5: a0a20b4a1f1a026ed4c27eb4d6dcd2dd
gdk-pixbuf-devel-0.22.0-13.el3.3.i386.rpm     MD5: b9a4428f150b1a2b254c28ec1ef3ad68
gdk-pixbuf-gnome-0.22.0-13.el3.3.i386.rpm     MD5: 233cf43c7684265346a2870106827dbb
 
IA-64:
gdk-pixbuf-0.22.0-13.el3.3.i386.rpm     MD5: a0a20b4a1f1a026ed4c27eb4d6dcd2dd
gdk-pixbuf-0.22.0-13.el3.3.ia64.rpm     MD5: 833a671af2cd66a28ce7e2bf12eee13e
gdk-pixbuf-devel-0.22.0-13.el3.3.ia64.rpm     MD5: 315df07a3664142ad20253967e745b88
gdk-pixbuf-gnome-0.22.0-13.el3.3.ia64.rpm     MD5: 470d6728d82db236cdd4ca49fe39e290
 
PPC:
gdk-pixbuf-0.22.0-13.el3.3.ppc.rpm     MD5: a18a4ce7200859ec784b24715c91b7b0
gdk-pixbuf-0.22.0-13.el3.3.ppc64.rpm     MD5: aeeeb699b739c135e0e5c8413a171ead
gdk-pixbuf-devel-0.22.0-13.el3.3.ppc.rpm     MD5: c6b914ee5245697f917438fe5cb72247
gdk-pixbuf-gnome-0.22.0-13.el3.3.ppc.rpm     MD5: 418d51ffeb3c3b60ab3683a6b23d6b26
 
s390:
gdk-pixbuf-0.22.0-13.el3.3.s390.rpm     MD5: 1ee53f56d6e7a53e1b765dd67d6f21fb
gdk-pixbuf-devel-0.22.0-13.el3.3.s390.rpm     MD5: e5913217d5e52b6bcdfcccbd6f15bdbe
gdk-pixbuf-gnome-0.22.0-13.el3.3.s390.rpm     MD5: 143294a23f39a1cb9a2b2330135328a7
 
s390x:
gdk-pixbuf-0.22.0-13.el3.3.s390.rpm     MD5: 1ee53f56d6e7a53e1b765dd67d6f21fb
gdk-pixbuf-0.22.0-13.el3.3.s390x.rpm     MD5: 52a67a4ed71b6258dfd3d0cf6bc76489
gdk-pixbuf-devel-0.22.0-13.el3.3.s390x.rpm     MD5: 337524639387626d21755bea87811ef9
gdk-pixbuf-gnome-0.22.0-13.el3.3.s390x.rpm     MD5: d0bc2d8fe6ea6839e3688de896cf10fa
 
x86_64:
gdk-pixbuf-0.22.0-13.el3.3.i386.rpm     MD5: a0a20b4a1f1a026ed4c27eb4d6dcd2dd
gdk-pixbuf-0.22.0-13.el3.3.x86_64.rpm     MD5: 6d71d761fb4c57b6929e45328b737430
gdk-pixbuf-devel-0.22.0-13.el3.3.x86_64.rpm     MD5: fe71ef624d7d72e1088ecf99a0d8964e
gdk-pixbuf-gnome-0.22.0-13.el3.3.x86_64.rpm     MD5: 99361ad12142f6649862b34492d44161
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
gdk-pixbuf-0.22.0-17.el4.3.src.rpm     MD5: 8f98649a87e4b1cac5c2bec357f3e2d1
 
IA-32:
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm     MD5: 493e45512178d1341b15cb5d6d45cc0b
gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm     MD5: f530d05031db8603b003d27dd8bc315f
 
IA-64:
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm     MD5: 493e45512178d1341b15cb5d6d45cc0b
gdk-pixbuf-0.22.0-17.el4.3.ia64.rpm     MD5: 95a393d1c23b080098567a541a3fd4a6
gdk-pixbuf-devel-0.22.0-17.el4.3.ia64.rpm     MD5: 9ac8a15c9557de6011ac7e173c2e1dc6
 
PPC:
gdk-pixbuf-0.22.0-17.el4.3.ppc.rpm     MD5: 19f1900fcbeceee3ffba51a8fd1019eb
gdk-pixbuf-0.22.0-17.el4.3.ppc64.rpm     MD5: fd101356cae3f3703a86467223e3b4ff
gdk-pixbuf-devel-0.22.0-17.el4.3.ppc.rpm     MD5: ae4d063b07659d79778e38c39e8ce25d
 
s390:
gdk-pixbuf-0.22.0-17.el4.3.s390.rpm     MD5: b71b326b9bd4b83313f3de589631e409
gdk-pixbuf-devel-0.22.0-17.el4.3.s390.rpm     MD5: 0453a6c73cb58b51a94bf6d6c55a634f
 
s390x:
gdk-pixbuf-0.22.0-17.el4.3.s390.rpm     MD5: b71b326b9bd4b83313f3de589631e409
gdk-pixbuf-0.22.0-17.el4.3.s390x.rpm     MD5: 0d7fb9c7ee09cea545a601e22b84ccd3
gdk-pixbuf-devel-0.22.0-17.el4.3.s390x.rpm     MD5: 7b7559e898bf3b9b95378b1f93dabbcd
 
x86_64:
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm     MD5: 493e45512178d1341b15cb5d6d45cc0b
gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm     MD5: 021d4b0918b36f768be0915bf25d3506
gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm     MD5: 2bc4b69e7df26ca388139ac22b1488a1
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
gdk-pixbuf-0.22.0-12.el2.3.src.rpm     MD5: 5bea8970a777c2e2197c343d64669f1a
 
IA-32:
gdk-pixbuf-0.22.0-12.el2.3.i386.rpm     MD5: 28ad503e6c7cf397277bf9d60b2b64b8
gdk-pixbuf-devel-0.22.0-12.el2.3.i386.rpm     MD5: 7d4d3f1c4492eb2aaded956ad8028e2e
gdk-pixbuf-gnome-0.22.0-12.el2.3.i386.rpm     MD5: 54833c2b7785977352d13fa3fe534c24
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
gdk-pixbuf-0.22.0-13.el3.3.src.rpm     MD5: ebe0b3e9475a081fb1e440859b18aa41
 
IA-32:
gdk-pixbuf-0.22.0-13.el3.3.i386.rpm     MD5: a0a20b4a1f1a026ed4c27eb4d6dcd2dd
gdk-pixbuf-devel-0.22.0-13.el3.3.i386.rpm     MD5: b9a4428f150b1a2b254c28ec1ef3ad68
gdk-pixbuf-gnome-0.22.0-13.el3.3.i386.rpm     MD5: 233cf43c7684265346a2870106827dbb
 
IA-64:
gdk-pixbuf-0.22.0-13.el3.3.i386.rpm     MD5: a0a20b4a1f1a026ed4c27eb4d6dcd2dd
gdk-pixbuf-0.22.0-13.el3.3.ia64.rpm     MD5: 833a671af2cd66a28ce7e2bf12eee13e
gdk-pixbuf-devel-0.22.0-13.el3.3.ia64.rpm     MD5: 315df07a3664142ad20253967e745b88
gdk-pixbuf-gnome-0.22.0-13.el3.3.ia64.rpm     MD5: 470d6728d82db236cdd4ca49fe39e290
 
x86_64:
gdk-pixbuf-0.22.0-13.el3.3.i386.rpm     MD5: a0a20b4a1f1a026ed4c27eb4d6dcd2dd
gdk-pixbuf-0.22.0-13.el3.3.x86_64.rpm     MD5: 6d71d761fb4c57b6929e45328b737430
gdk-pixbuf-devel-0.22.0-13.el3.3.x86_64.rpm     MD5: fe71ef624d7d72e1088ecf99a0d8964e
gdk-pixbuf-gnome-0.22.0-13.el3.3.x86_64.rpm     MD5: 99361ad12142f6649862b34492d44161
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
gdk-pixbuf-0.22.0-17.el4.3.src.rpm     MD5: 8f98649a87e4b1cac5c2bec357f3e2d1
 
IA-32:
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm     MD5: 493e45512178d1341b15cb5d6d45cc0b
gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm     MD5: f530d05031db8603b003d27dd8bc315f
 
IA-64:
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm     MD5: 493e45512178d1341b15cb5d6d45cc0b
gdk-pixbuf-0.22.0-17.el4.3.ia64.rpm     MD5: 95a393d1c23b080098567a541a3fd4a6
gdk-pixbuf-devel-0.22.0-17.el4.3.ia64.rpm     MD5: 9ac8a15c9557de6011ac7e173c2e1dc6
 
x86_64:
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm     MD5: 493e45512178d1341b15cb5d6d45cc0b
gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm     MD5: 021d4b0918b36f768be0915bf25d3506
gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm     MD5: 2bc4b69e7df26ca388139ac22b1488a1
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
gdk-pixbuf-0.22.0-12.el2.3.src.rpm     MD5: 5bea8970a777c2e2197c343d64669f1a
 
IA-32:
gdk-pixbuf-0.22.0-12.el2.3.i386.rpm     MD5: 28ad503e6c7cf397277bf9d60b2b64b8
gdk-pixbuf-devel-0.22.0-12.el2.3.i386.rpm     MD5: 7d4d3f1c4492eb2aaded956ad8028e2e
gdk-pixbuf-gnome-0.22.0-12.el2.3.i386.rpm     MD5: 54833c2b7785977352d13fa3fe534c24
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
gdk-pixbuf-0.22.0-13.el3.3.src.rpm     MD5: ebe0b3e9475a081fb1e440859b18aa41
 
IA-32:
gdk-pixbuf-0.22.0-13.el3.3.i386.rpm     MD5: a0a20b4a1f1a026ed4c27eb4d6dcd2dd
gdk-pixbuf-devel-0.22.0-13.el3.3.i386.rpm     MD5: b9a4428f150b1a2b254c28ec1ef3ad68
gdk-pixbuf-gnome-0.22.0-13.el3.3.i386.rpm     MD5: 233cf43c7684265346a2870106827dbb
 
IA-64:
gdk-pixbuf-0.22.0-13.el3.3.i386.rpm     MD5: a0a20b4a1f1a026ed4c27eb4d6dcd2dd
gdk-pixbuf-0.22.0-13.el3.3.ia64.rpm     MD5: 833a671af2cd66a28ce7e2bf12eee13e
gdk-pixbuf-devel-0.22.0-13.el3.3.ia64.rpm     MD5: 315df07a3664142ad20253967e745b88
gdk-pixbuf-gnome-0.22.0-13.el3.3.ia64.rpm     MD5: 470d6728d82db236cdd4ca49fe39e290
 
x86_64:
gdk-pixbuf-0.22.0-13.el3.3.i386.rpm     MD5: a0a20b4a1f1a026ed4c27eb4d6dcd2dd
gdk-pixbuf-0.22.0-13.el3.3.x86_64.rpm     MD5: 6d71d761fb4c57b6929e45328b737430
gdk-pixbuf-devel-0.22.0-13.el3.3.x86_64.rpm     MD5: fe71ef624d7d72e1088ecf99a0d8964e
gdk-pixbuf-gnome-0.22.0-13.el3.3.x86_64.rpm     MD5: 99361ad12142f6649862b34492d44161
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
gdk-pixbuf-0.22.0-17.el4.3.src.rpm     MD5: 8f98649a87e4b1cac5c2bec357f3e2d1
 
IA-32:
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm     MD5: 493e45512178d1341b15cb5d6d45cc0b
gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm     MD5: f530d05031db8603b003d27dd8bc315f
 
IA-64:
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm     MD5: 493e45512178d1341b15cb5d6d45cc0b
gdk-pixbuf-0.22.0-17.el4.3.ia64.rpm     MD5: 95a393d1c23b080098567a541a3fd4a6
gdk-pixbuf-devel-0.22.0-17.el4.3.ia64.rpm     MD5: 9ac8a15c9557de6011ac7e173c2e1dc6
 
x86_64:
gdk-pixbuf-0.22.0-17.el4.3.i386.rpm     MD5: 493e45512178d1341b15cb5d6d45cc0b
gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm     MD5: 021d4b0918b36f768be0915bf25d3506
gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm     MD5: 2bc4b69e7df26ca388139ac22b1488a1
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
gdk-pixbuf-0.22.0-12.el2.3.src.rpm     MD5: 5bea8970a777c2e2197c343d64669f1a
 
IA-64:
gdk-pixbuf-0.22.0-12.el2.3.ia64.rpm     MD5: cc7b986a3d8513a9d6b851b7d6650158
gdk-pixbuf-devel-0.22.0-12.el2.3.ia64.rpm     MD5: 3fe74f7116a28990f296154a45dfcdd7
gdk-pixbuf-gnome-0.22.0-12.el2.3.ia64.rpm     MD5: 401c82d6c91904940173f42618b696ee
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

171071 - CVE-2005-3186 XPM buffer overflow
171900 - CVE-2005-2975 Multiple XPM processing issues (CVE-2005-2976)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/