Skip to navigation

Security Advisory gtk2 security update

Advisory: RHSA-2005:811-11
Type: Security Advisory
Severity: Important
Issued on: 2005-11-15
Last updated on: 2005-11-15
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-2975
CVE-2005-3186

Details

Updated gtk2 packages that fix two security issues are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating
graphical user interfaces for the X Window System.

A bug was found in the way gtk2 processes XPM images. An attacker could
create a carefully crafted XPM file in such a way that it could cause an
application linked with gtk2 to execute arbitrary code when the file was
opened by a victim. The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an infinite-loop denial of service bug in the way
gtk2 processes XPM images. An attacker could create a carefully crafted XPM
file in such a way that it could cause an application linked with gtk2 to
stop responding when the file was opened by a victim. The Common
Vulnerabilities and Exposures project has assigned the name CVE-2005-2975
to this issue.

Users of gtk2 are advised to upgrade to these updated packages, which
contain backported patches and are not vulnerable to these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
gtk2-2.2.4-19.src.rpm     MD5: 2beebc30bf5b45b0c2dc6d1261b67561
 
IA-32:
gtk2-2.2.4-19.i386.rpm     MD5: 7c4100ec2705bdd6ce1c2e494e6d7295
gtk2-devel-2.2.4-19.i386.rpm     MD5: c7fd878b56e54635eb842eb2ff72840a
 
x86_64:
gtk2-2.2.4-19.i386.rpm     MD5: 7c4100ec2705bdd6ce1c2e494e6d7295
gtk2-2.2.4-19.x86_64.rpm     MD5: f60a3e69986ad825cba4aad1254863ce
gtk2-devel-2.2.4-19.x86_64.rpm     MD5: 5600f666987f01f84450c5afd5b4b755
 
Red Hat Desktop (v. 4)

SRPMS:
gtk2-2.4.13-18.src.rpm
File outdated by:  RHBA-2008:0773
    MD5: 319e84b7ef7333e0fa701a82321f27d6
 
IA-32:
gtk2-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 38fc94c08b8709088f1faa742c598d1e
gtk2-devel-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 66f404a4f92b1d8edf4b7fe52efa7a95
 
x86_64:
gtk2-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 38fc94c08b8709088f1faa742c598d1e
gtk2-2.4.13-18.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 0e1c475684a72b6230eef4d1355bbeca
gtk2-devel-2.4.13-18.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 62fb0870357cd572bbdf2988005f388b
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
gtk2-2.2.4-19.src.rpm     MD5: 2beebc30bf5b45b0c2dc6d1261b67561
 
IA-32:
gtk2-2.2.4-19.i386.rpm     MD5: 7c4100ec2705bdd6ce1c2e494e6d7295
gtk2-devel-2.2.4-19.i386.rpm     MD5: c7fd878b56e54635eb842eb2ff72840a
 
IA-64:
gtk2-2.2.4-19.i386.rpm     MD5: 7c4100ec2705bdd6ce1c2e494e6d7295
gtk2-2.2.4-19.ia64.rpm     MD5: e6e0623450c1ad48ecf4f8b145bcc3b7
gtk2-devel-2.2.4-19.ia64.rpm     MD5: 38510603379a0018f524f1d4f1fab979
 
PPC:
gtk2-2.2.4-19.ppc.rpm     MD5: 1ffb585f9a10954d9447c8fbcb580065
gtk2-2.2.4-19.ppc64.rpm     MD5: 4d4b6cc89f7721e088d31403cb250b2c
gtk2-devel-2.2.4-19.ppc.rpm     MD5: e89f8a6c2f59762d256a7f98db702345
 
s390:
gtk2-2.2.4-19.s390.rpm     MD5: 0610f7c6ea96609ec70f042fe54f76d7
gtk2-devel-2.2.4-19.s390.rpm     MD5: c3ea0a99a0e5dbe7727442cab31aa735
 
s390x:
gtk2-2.2.4-19.s390.rpm     MD5: 0610f7c6ea96609ec70f042fe54f76d7
gtk2-2.2.4-19.s390x.rpm     MD5: 4ef78cf2393365df26bce2e0690fe9ca
gtk2-devel-2.2.4-19.s390x.rpm     MD5: 5f30d8dc16ee803ad9b49465b592f738
 
x86_64:
gtk2-2.2.4-19.i386.rpm     MD5: 7c4100ec2705bdd6ce1c2e494e6d7295
gtk2-2.2.4-19.x86_64.rpm     MD5: f60a3e69986ad825cba4aad1254863ce
gtk2-devel-2.2.4-19.x86_64.rpm     MD5: 5600f666987f01f84450c5afd5b4b755
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
gtk2-2.4.13-18.src.rpm
File outdated by:  RHBA-2008:0773
    MD5: 319e84b7ef7333e0fa701a82321f27d6
 
IA-32:
gtk2-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 38fc94c08b8709088f1faa742c598d1e
gtk2-devel-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 66f404a4f92b1d8edf4b7fe52efa7a95
 
IA-64:
gtk2-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 38fc94c08b8709088f1faa742c598d1e
gtk2-2.4.13-18.ia64.rpm
File outdated by:  RHBA-2008:0773
    MD5: e28a842bdc3df5ad91a871e5bf37830b
gtk2-devel-2.4.13-18.ia64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 6253d039252a0e032535eaf0bc980c45
 
PPC:
gtk2-2.4.13-18.ppc.rpm
File outdated by:  RHBA-2008:0773
    MD5: b8c74bd45ff3029778dbb4dacf81cb77
gtk2-2.4.13-18.ppc64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 267defc507f889c498f9f79bfd062175
gtk2-devel-2.4.13-18.ppc.rpm
File outdated by:  RHBA-2008:0773
    MD5: f0c599f36e0ac42b4f6c10c95b248833
 
s390:
gtk2-2.4.13-18.s390.rpm
File outdated by:  RHBA-2008:0773
    MD5: 7c83feddd2b894f7dc5dd0694c6ffb46
gtk2-devel-2.4.13-18.s390.rpm
File outdated by:  RHBA-2008:0773
    MD5: 91f83cb635117c6600f025782f1ab59d
 
s390x:
gtk2-2.4.13-18.s390.rpm
File outdated by:  RHBA-2008:0773
    MD5: 7c83feddd2b894f7dc5dd0694c6ffb46
gtk2-2.4.13-18.s390x.rpm
File outdated by:  RHBA-2008:0773
    MD5: 23bf1c1628f0be7fb9efac948ad135be
gtk2-devel-2.4.13-18.s390x.rpm
File outdated by:  RHBA-2008:0773
    MD5: c4d4fb513d4ff47cae9dd4935bc3b3f0
 
x86_64:
gtk2-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 38fc94c08b8709088f1faa742c598d1e
gtk2-2.4.13-18.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 0e1c475684a72b6230eef4d1355bbeca
gtk2-devel-2.4.13-18.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 62fb0870357cd572bbdf2988005f388b
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
gtk2-2.2.4-19.src.rpm     MD5: 2beebc30bf5b45b0c2dc6d1261b67561
 
IA-32:
gtk2-2.2.4-19.i386.rpm     MD5: 7c4100ec2705bdd6ce1c2e494e6d7295
gtk2-devel-2.2.4-19.i386.rpm     MD5: c7fd878b56e54635eb842eb2ff72840a
 
IA-64:
gtk2-2.2.4-19.i386.rpm     MD5: 7c4100ec2705bdd6ce1c2e494e6d7295
gtk2-2.2.4-19.ia64.rpm     MD5: e6e0623450c1ad48ecf4f8b145bcc3b7
gtk2-devel-2.2.4-19.ia64.rpm     MD5: 38510603379a0018f524f1d4f1fab979
 
x86_64:
gtk2-2.2.4-19.i386.rpm     MD5: 7c4100ec2705bdd6ce1c2e494e6d7295
gtk2-2.2.4-19.x86_64.rpm     MD5: f60a3e69986ad825cba4aad1254863ce
gtk2-devel-2.2.4-19.x86_64.rpm     MD5: 5600f666987f01f84450c5afd5b4b755
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
gtk2-2.4.13-18.src.rpm
File outdated by:  RHBA-2008:0773
    MD5: 319e84b7ef7333e0fa701a82321f27d6
 
IA-32:
gtk2-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 38fc94c08b8709088f1faa742c598d1e
gtk2-devel-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 66f404a4f92b1d8edf4b7fe52efa7a95
 
IA-64:
gtk2-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 38fc94c08b8709088f1faa742c598d1e
gtk2-2.4.13-18.ia64.rpm
File outdated by:  RHBA-2008:0773
    MD5: e28a842bdc3df5ad91a871e5bf37830b
gtk2-devel-2.4.13-18.ia64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 6253d039252a0e032535eaf0bc980c45
 
x86_64:
gtk2-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 38fc94c08b8709088f1faa742c598d1e
gtk2-2.4.13-18.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 0e1c475684a72b6230eef4d1355bbeca
gtk2-devel-2.4.13-18.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 62fb0870357cd572bbdf2988005f388b
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
gtk2-2.2.4-19.src.rpm     MD5: 2beebc30bf5b45b0c2dc6d1261b67561
 
IA-32:
gtk2-2.2.4-19.i386.rpm     MD5: 7c4100ec2705bdd6ce1c2e494e6d7295
gtk2-devel-2.2.4-19.i386.rpm     MD5: c7fd878b56e54635eb842eb2ff72840a
 
IA-64:
gtk2-2.2.4-19.i386.rpm     MD5: 7c4100ec2705bdd6ce1c2e494e6d7295
gtk2-2.2.4-19.ia64.rpm     MD5: e6e0623450c1ad48ecf4f8b145bcc3b7
gtk2-devel-2.2.4-19.ia64.rpm     MD5: 38510603379a0018f524f1d4f1fab979
 
x86_64:
gtk2-2.2.4-19.i386.rpm     MD5: 7c4100ec2705bdd6ce1c2e494e6d7295
gtk2-2.2.4-19.x86_64.rpm     MD5: f60a3e69986ad825cba4aad1254863ce
gtk2-devel-2.2.4-19.x86_64.rpm     MD5: 5600f666987f01f84450c5afd5b4b755
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
gtk2-2.4.13-18.src.rpm
File outdated by:  RHBA-2008:0773
    MD5: 319e84b7ef7333e0fa701a82321f27d6
 
IA-32:
gtk2-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 38fc94c08b8709088f1faa742c598d1e
gtk2-devel-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 66f404a4f92b1d8edf4b7fe52efa7a95
 
IA-64:
gtk2-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 38fc94c08b8709088f1faa742c598d1e
gtk2-2.4.13-18.ia64.rpm
File outdated by:  RHBA-2008:0773
    MD5: e28a842bdc3df5ad91a871e5bf37830b
gtk2-devel-2.4.13-18.ia64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 6253d039252a0e032535eaf0bc980c45
 
x86_64:
gtk2-2.4.13-18.i386.rpm
File outdated by:  RHBA-2008:0773
    MD5: 38fc94c08b8709088f1faa742c598d1e
gtk2-2.4.13-18.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 0e1c475684a72b6230eef4d1355bbeca
gtk2-devel-2.4.13-18.x86_64.rpm
File outdated by:  RHBA-2008:0773
    MD5: 62fb0870357cd572bbdf2988005f388b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

171073 - CVE-2005-3186 XPM buffer overflow
171904 - CVE-2005-2975 gtk2 XPM DoS


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/