Skip to navigation

Security Advisory Low: gtk2 security and bug fix update

Advisory: RHSA-2013:0135-1
Type: Security Advisory
Severity: Low
Issued on: 2013-01-08
Last updated on: 2013-01-08
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2012-2370

Details

Updated gtk2 packages that fix one security issue and several bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

GIMP Toolkit (GTK+) is a multi-platform toolkit for creating graphical user
interfaces.

An integer overflow flaw was found in the X BitMap (XBM) image file loader
in GTK+. A remote attacker could provide a specially-crafted XBM image file
that, when opened in an application linked against GTK+ (such as Nautilus),
would cause the application to crash. (CVE-2012-2370)

This update also fixes the following bugs:

* Due to a bug in the Input Method GTK+ module, the usage of the Taiwanese
Big5 (zh_TW.Big-5) locale led to the unexpected termination of certain
applications, such as the GDM greeter. The bug has been fixed, and the
Taiwanese locale no longer causes applications to terminate unexpectedly.
(BZ#487630)

* When a file was initially selected after the GTK+ file chooser dialog was
opened and the Location field was visible, pressing the Enter key did not
open the file. With this update, the initially selected file is opened
regardless of the visibility of the Location field. (BZ#518483)

* When a file was initially selected after the GTK+ file chooser dialog was
opened and the Location field was visible, pressing the Enter key did not
change into the directory. With this update, the dialog changes into the
initially selected directory regardless of the visibility of the Location
field. (BZ#523657)

* Previously, the GTK Print dialog did not reflect the user-defined printer
preferences stored in the ~/.cups/lpoptions file, such as those set in the
Default Printer preferences panel. Consequently, the first device in the
printer list was always set as a default printer. With this update, the
underlying source code has been enhanced to parse the option file. As a
result, the default values in the print dialog are set to those previously
specified by the user. (BZ#603809)

* The GTK+ file chooser did not properly handle saving of nameless files.
Consequently, attempting to save a file without specifying a file name
caused GTK+ to become unresponsive. With this update, an explicit test for
this condition has been added into the underlying source code. As a result,
GTK+ no longer hangs in the described scenario. (BZ#702342)

* When using certain graphics tablets, the GTK+ library incorrectly
translated the input coordinates. Consequently, an offset occurred between
the position of the pen and the content drawn on the screen. This issue was
limited to the following configuration: a Wacom tablet with input
coordinates bound to a single monitor in a dual head configuration, drawing
with a pen with the pressure sensitivity option enabled. With this update,
the coordinate translation method has been changed, and the offset is no
longer present in the described configuration. (BZ#743658)

* Previously, performing drag and drop operations on tabs in applications
using the GtkNotebook widget could lead to releasing the same resource
twice. Eventually, this behavior caused the applications to terminate with
a segmentation fault. This bug has been fixed, and the applications using
GtkNotebook no longer terminate in the aforementioned scenario. (BZ#830901)

All users of GTK+ are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
gtk2-2.10.4-29.el5.src.rpm
File outdated by:  RHBA-2013:1366
    MD5: e4b413cc7740349e122c1d7cb0457012
SHA-256: 64e2da5d71557fd6012deaf5bcedfc07ee90565c9280682a419b37e7fdfa60c1
 
IA-32:
gtk2-debuginfo-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: 3b5e133616925d79b6c7e96efafc286e
SHA-256: 71842025ae83aa6fc3ab2a9bcd2cc749021ea6f20344284d3714457a3f7f311c
gtk2-devel-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: b30872fc438b43c39d0d1ea3a182d600
SHA-256: 342ecf3f523a341827331ccb4a7901249004e22318ace45ee42684b0699b2b2c
 
x86_64:
gtk2-debuginfo-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: 3b5e133616925d79b6c7e96efafc286e
SHA-256: 71842025ae83aa6fc3ab2a9bcd2cc749021ea6f20344284d3714457a3f7f311c
gtk2-debuginfo-2.10.4-29.el5.x86_64.rpm
File outdated by:  RHBA-2013:1366
    MD5: ee5f0a2d1f1640aa5c108e3368d7fc84
SHA-256: 27f355cb7da12000684fe2e799e43c3cd4a9fb8902088c53f19aeddb53234141
gtk2-devel-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: b30872fc438b43c39d0d1ea3a182d600
SHA-256: 342ecf3f523a341827331ccb4a7901249004e22318ace45ee42684b0699b2b2c
gtk2-devel-2.10.4-29.el5.x86_64.rpm
File outdated by:  RHBA-2013:1366
    MD5: 613570850a20281707cef652bc6b2bc7
SHA-256: 37697dbb206a62fcdd3ad386117d3617da988e599aac0217285883c5b5c9be7a
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
gtk2-2.10.4-29.el5.src.rpm
File outdated by:  RHBA-2013:1366
    MD5: e4b413cc7740349e122c1d7cb0457012
SHA-256: 64e2da5d71557fd6012deaf5bcedfc07ee90565c9280682a419b37e7fdfa60c1
 
IA-32:
gtk2-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: 6f4109066ae34a4701f33e95e39552a1
SHA-256: 4c09fa78eeaa626c75166ae0f1e2623e121d76de522981318145a1009532960b
gtk2-debuginfo-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: 3b5e133616925d79b6c7e96efafc286e
SHA-256: 71842025ae83aa6fc3ab2a9bcd2cc749021ea6f20344284d3714457a3f7f311c
gtk2-devel-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: b30872fc438b43c39d0d1ea3a182d600
SHA-256: 342ecf3f523a341827331ccb4a7901249004e22318ace45ee42684b0699b2b2c
 
IA-64:
gtk2-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: 6f4109066ae34a4701f33e95e39552a1
SHA-256: 4c09fa78eeaa626c75166ae0f1e2623e121d76de522981318145a1009532960b
gtk2-2.10.4-29.el5.ia64.rpm
File outdated by:  RHBA-2013:1366
    MD5: fafbf404b92e20006ffb61ae404b5831
SHA-256: 315acc13d01fc194eea84ec6dc41703d2884a9f303969ba41a34bb2e0ef922ab
gtk2-debuginfo-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: 3b5e133616925d79b6c7e96efafc286e
SHA-256: 71842025ae83aa6fc3ab2a9bcd2cc749021ea6f20344284d3714457a3f7f311c
gtk2-debuginfo-2.10.4-29.el5.ia64.rpm
File outdated by:  RHBA-2013:1366
    MD5: cff6543fa29be60522ea6da8364795d3
SHA-256: 48a0f8fe6dcd069b26902c18cdb52173392975484efb21b061d654f75ba5c79c
gtk2-devel-2.10.4-29.el5.ia64.rpm
File outdated by:  RHBA-2013:1366
    MD5: 5444429dda4e52180559944e4ae6a0ec
SHA-256: 65179fbb42be97416ed27ee80bb861f5c8bb5fb20df139682c8a753f98e6ab7f
 
PPC:
gtk2-2.10.4-29.el5.ppc.rpm
File outdated by:  RHBA-2013:1366
    MD5: 12a57b37fe4906029c9b250777c4857f
SHA-256: 28880714d0d75bddaff511832b06eec93c025cef4e50659adb7bd34db59acbd7
gtk2-2.10.4-29.el5.ppc64.rpm
File outdated by:  RHBA-2013:1366
    MD5: 99f66cd8eb970d572584eddaad70d067
SHA-256: 5a4d2b54a562bf00c866b504b376036f49272e548d8d090dd90d7bf0eab67c9f
gtk2-debuginfo-2.10.4-29.el5.ppc.rpm
File outdated by:  RHBA-2013:1366
    MD5: c434aaa5a85164ccea95137aa3c6d4d5
SHA-256: 61a30aa7aa8bedb3a749af2e7491ff2c3c218d5255208e300d2ab93a2009553f
gtk2-debuginfo-2.10.4-29.el5.ppc64.rpm
File outdated by:  RHBA-2013:1366
    MD5: 9235f908e762d54e9ce7ae333640d128
SHA-256: 3f4eb0c9cca523492fd3c7a5381b5260c357c1de80aef4ac3c3a834ec0d948c4
gtk2-devel-2.10.4-29.el5.ppc.rpm
File outdated by:  RHBA-2013:1366
    MD5: 72bd6f9fd9892b5e2a53609dea99ee08
SHA-256: fdc769128c6d00d23fa6b6f482219187959ecf394e83e6d43b265a39cb4bc1d9
gtk2-devel-2.10.4-29.el5.ppc64.rpm
File outdated by:  RHBA-2013:1366
    MD5: 0b3378093cfadd9dfe67ade19ed002eb
SHA-256: 2d11290edc1305807c7e1ea4a2106e6a34cd4c6ecc7c2ff90da01e96ebaf52e2
 
s390x:
gtk2-2.10.4-29.el5.s390.rpm
File outdated by:  RHBA-2013:1366
    MD5: 958c2ba56d0ba4c98eae259478ae5449
SHA-256: 1431f3d8492d83f1cd4a5961e5eddb23825000e62ec9df45d0d43e39f9a016ba
gtk2-2.10.4-29.el5.s390x.rpm
File outdated by:  RHBA-2013:1366
    MD5: f310bb9f80ae4ba2e67f529d3e11e9c5
SHA-256: e2ae9596dee494869019d8144f6fb4cf4ab5b049d075f2537ea7129bd8f64d05
gtk2-debuginfo-2.10.4-29.el5.s390.rpm
File outdated by:  RHBA-2013:1366
    MD5: 12ccfc5755927f9908988a17df02be4f
SHA-256: 2c16565ce18cc6c08b1f410ff1e6f76704a185f810ed406a4df90d83954cc5b1
gtk2-debuginfo-2.10.4-29.el5.s390x.rpm
File outdated by:  RHBA-2013:1366
    MD5: 907c463d1adc011737c4c0e3beb983d8
SHA-256: 48423b3db1d4e9b8685e6a62a256900cb8644ebcef2139a7d7a09baced649b0f
gtk2-devel-2.10.4-29.el5.s390.rpm
File outdated by:  RHBA-2013:1366
    MD5: 2c79430b6fa98e73a4774eaf74a2bf2c
SHA-256: fb7373eaacfeeecd98424b49aa7bb28aa7ac87afe31062ec43d9228c5b84365d
gtk2-devel-2.10.4-29.el5.s390x.rpm
File outdated by:  RHBA-2013:1366
    MD5: 5462d49e0cc9866ad29266ab0abde2f8
SHA-256: a7ee2ea9a89f7446381ba0273bea792d24749726777dde08ee35a46846711f6b
 
x86_64:
gtk2-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: 6f4109066ae34a4701f33e95e39552a1
SHA-256: 4c09fa78eeaa626c75166ae0f1e2623e121d76de522981318145a1009532960b
gtk2-2.10.4-29.el5.x86_64.rpm
File outdated by:  RHBA-2013:1366
    MD5: c58f54d1a2981d2742d2f67844166b7f
SHA-256: b6aee96e30c413af7b716c6f72b3de84d372d93b6cc3936cbed3a72164153d7b
gtk2-debuginfo-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: 3b5e133616925d79b6c7e96efafc286e
SHA-256: 71842025ae83aa6fc3ab2a9bcd2cc749021ea6f20344284d3714457a3f7f311c
gtk2-debuginfo-2.10.4-29.el5.x86_64.rpm
File outdated by:  RHBA-2013:1366
    MD5: ee5f0a2d1f1640aa5c108e3368d7fc84
SHA-256: 27f355cb7da12000684fe2e799e43c3cd4a9fb8902088c53f19aeddb53234141
gtk2-devel-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: b30872fc438b43c39d0d1ea3a182d600
SHA-256: 342ecf3f523a341827331ccb4a7901249004e22318ace45ee42684b0699b2b2c
gtk2-devel-2.10.4-29.el5.x86_64.rpm
File outdated by:  RHBA-2013:1366
    MD5: 613570850a20281707cef652bc6b2bc7
SHA-256: 37697dbb206a62fcdd3ad386117d3617da988e599aac0217285883c5b5c9be7a
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
gtk2-2.10.4-29.el5.src.rpm
File outdated by:  RHBA-2013:1366
    MD5: e4b413cc7740349e122c1d7cb0457012
SHA-256: 64e2da5d71557fd6012deaf5bcedfc07ee90565c9280682a419b37e7fdfa60c1
 
IA-32:
gtk2-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: 6f4109066ae34a4701f33e95e39552a1
SHA-256: 4c09fa78eeaa626c75166ae0f1e2623e121d76de522981318145a1009532960b
gtk2-debuginfo-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: 3b5e133616925d79b6c7e96efafc286e
SHA-256: 71842025ae83aa6fc3ab2a9bcd2cc749021ea6f20344284d3714457a3f7f311c
 
x86_64:
gtk2-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: 6f4109066ae34a4701f33e95e39552a1
SHA-256: 4c09fa78eeaa626c75166ae0f1e2623e121d76de522981318145a1009532960b
gtk2-2.10.4-29.el5.x86_64.rpm
File outdated by:  RHBA-2013:1366
    MD5: c58f54d1a2981d2742d2f67844166b7f
SHA-256: b6aee96e30c413af7b716c6f72b3de84d372d93b6cc3936cbed3a72164153d7b
gtk2-debuginfo-2.10.4-29.el5.i386.rpm
File outdated by:  RHBA-2013:1366
    MD5: 3b5e133616925d79b6c7e96efafc286e
SHA-256: 71842025ae83aa6fc3ab2a9bcd2cc749021ea6f20344284d3714457a3f7f311c
gtk2-debuginfo-2.10.4-29.el5.x86_64.rpm
File outdated by:  RHBA-2013:1366
    MD5: ee5f0a2d1f1640aa5c108e3368d7fc84
SHA-256: 27f355cb7da12000684fe2e799e43c3cd4a9fb8902088c53f19aeddb53234141
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

487630 - [zh_CN.Big-5] gdm imcontext crash
518483 - file chooser does not open the default selected file if the Location field is visible
603809 - GtkPrintUnixDialog (OpenOffice.org|evince) fails to use a user configured default cups printer (~/.cups/lpoptions)
822468 - CVE-2012-2370 gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/