[Security Announce] [ MDKSA-2007:039 ] - Updated gtk+2.0 packages address DoS, LSB issues, several bugs
Posted on: 02/07/2007 10:10 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:039
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gtk+2.0
Date : February 7, 2007
Affected: 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2)
allows context-dependent attackers to cause a denial of service (crash)
via a malformed image file. (CVE-2007-0010)

The version of libgtk+2.0 shipped with Mandriva Linux 2007 fails
various portions of the lsb-test-desktop test suite, part of LSB 3.1
certification testing.

The updated packages also address the following issues:

The Home and Desktop entries in the GTK File Chooser are not always
visible (#26644).

GTK+-based applications (which includes all the Mandriva Linux
configuration tools, for example) crash (instead of falling back to the
default theme) when an invalid icon theme is selected. (#27013)

Additional patches from GNOME CVS have been included to address the
following issues from the GNOME bugzilla:

* 357132 - fix RGBA colormap issue

* 359537,357280,359052 - fix various printer bugs

* 357566,353736,357050,363437,379503 - fix various crashes

* 372527 - fix fileselector bug +

potential deadlock
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0010
http://qa.mandriva.com/show_bug.cgi?id644
http://qa.mandriva.com/show_bug.cgi?id'013
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
6b0b76ba984d8432cca4e8d938c51844 2007.0/i586/gtk+2.0-2.10.3-5.3mdv2007.0.i586.rpm
015aa62677f20cf6b9f89301014ccf4d 2007.0/i586/libgdk_pixbuf2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
8f6bc5e09ee08263633e3601d1d21069 2007.0/i586/libgdk_pixbuf2.0_0-devel-2.10.3-5.3mdv2007.0.i586.rpm
ef1f5a96362f5fafb982520897283919 2007.0/i586/libgtk+-x11-2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
b96eeb174cba468e8064890668b43a56 2007.0/i586/libgtk+2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
65f2ea83177a38b1682f4d4e5e633aea 2007.0/i586/libgtk+2.0_0-devel-2.10.3-5.3mdv2007.0.i586.rpm
4f15cba4c1c1b6e37dfe9f0b5b73401c 2007.0/SRPMS/gtk+2.0-2.10.3-5.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
b2470dc8cd884cf15dc47e29dbdb36de 2007.0/x86_64/gtk+2.0-2.10.3-5.3mdv2007.0.x86_64.rpm
11d3f44a7f55f4899984e33a07c8f722 2007.0/x86_64/lib64gdk_pixbuf2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
33c26bea1a14b147f41e45467d6894e3 2007.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.10.3-5.3mdv2007.0.x86_64.rpm
2e3855166383646465a01bd56e1529b7 2007.0/x86_64/lib64gtk+-x11-2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
4fea83682012ad4c5571e205b04dc7d1 2007.0/x86_64/lib64gtk+2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
04f7f152d4e99d6c71043554e2adfa3a 2007.0/x86_64/lib64gtk+2.0_0-devel-2.10.3-5.3mdv2007.0.x86_64.rpm
4f15cba4c1c1b6e37dfe9f0b5b73401c 2007.0/SRPMS/gtk+2.0-2.10.3-5.3mdv2007.0.src.rpm

Corporate 3.0:
7d4501132efb62d24276152ccc23a2e0 corporate/3.0/i586/gtk+2.0-2.2.4-10.6.C30mdk.i586.rpm
f8828f652ae310e3de135f181e3c6f19 corporate/3.0/i586/libgdk_pixbuf2.0_0-2.2.4-10.6.C30mdk.i586.rpm
d99f6327006f96e8b170c20500d64985 corporate/3.0/i586/libgdk_pixbuf2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
f2a98b2036167b780e87e2cd0d105983 corporate/3.0/i586/libgtk+-linuxfb-2.0_0-2.2.4-10.6.C30mdk.i586.rpm
e28fbfc9664db29c37517ca8957647c0 corporate/3.0/i586/libgtk+-linuxfb-2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
8b80464f88674e0bf5f7ed06efafcb72 corporate/3.0/i586/libgtk+-x11-2.0_0-2.2.4-10.6.C30mdk.i586.rpm
b154589c077c790b1f71379194ed84a6 corporate/3.0/i586/libgtk+2.0_0-2.2.4-10.6.C30mdk.i586.rpm
819ee9fa563420c37d7cae612c3a6bec corporate/3.0/i586/libgtk+2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
dbe156cf5e976fc744b635eab3e88884 corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
bed655ae3c4d6635e87488eefebe7e12 corporate/3.0/x86_64/gtk+2.0-2.2.4-10.6.C30mdk.x86_64.rpm
369daff90b35687abae6ad34cf513af3 corporate/3.0/x86_64/lib64gdk_pixbuf2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
3675f57dd8e738cd1674db6518cd7c0d corporate/3.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
28dfaebd73dacca8fc2497caeac619a5 corporate/3.0/x86_64/lib64gtk+-linuxfb-2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
22b487085911cce6fa8a5f2d6557009b corporate/3.0/x86_64/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
e0cf2152fc480ab73e4236de7a186d23 corporate/3.0/x86_64/lib64gtk+-x11-2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
512547fd9c3efca43b7c000fdbaedec3 corporate/3.0/x86_64/lib64gtk+2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
4aac840549a80fa69f5f527ce6b09421 corporate/3.0/x86_64/lib64gtk+2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
dbe156cf5e976fc744b635eab3e88884 corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.6.C30mdk.src.rpm

Corporate 4.0:
ab946717fc68226a2fbb8964fa4a9cb4 corporate/4.0/i586/gtk+2.0-2.8.3-4.3.20060mlcs4.i586.rpm
28f5073f9effbb65613c2f7b6ceae180 corporate/4.0/i586/libgdk_pixbuf2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
0b32eb04192333a7ae6c297befca476f corporate/4.0/i586/libgdk_pixbuf2.0_0-devel-2.8.3-4.3.20060mlcs4.i586.rpm
d2054c43e2fcc262c35ae3bd18736b69 corporate/4.0/i586/libgtk+-x11-2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
28f6ac38124b6a46a22e83f870c93693 corporate/4.0/i586/libgtk+2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
f9cd95997500fe783119dd1fe797bf85 corporate/4.0/i586/libgtk+2.0_0-devel-2.8.3-4.3.20060mlcs4.i586.rpm
fd9738d1b171f76decea52a1abd344a2 corporate/4.0/SRPMS/gtk+2.0-2.8.3-4.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
0e705604eb73b7c181d3b7663e39e664 corporate/4.0/x86_64/gtk+2.0-2.8.3-4.3.20060mlcs4.x86_64.rpm
808a4be8218c00b62057de06edae248c corporate/4.0/x86_64/lib64gdk_pixbuf2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
379c2977cf755ab760d5693dcaa28be0 corporate/4.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.8.3-4.3.20060mlcs4.x86_64.rpm
193c57c8073552decc25d755536db21d corporate/4.0/x86_64/lib64gtk+-x11-2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
1c2e7713425fc786bd7a60b4fe106d28 corporate/4.0/x86_64/lib64gtk+2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
b8436740a32a0fce48bdb9df3234b1f6 corporate/4.0/x86_64/lib64gtk+2.0_0-devel-2.8.3-4.3.20060mlcs4.x86_64.rpm
fd9738d1b171f76decea52a1abd344a2 corporate/4.0/SRPMS/gtk+2.0-2.8.3-4.3.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFyf3/mqjQ0CJFipgRAtYmAJ9uAEfC6fiUknh970LL+YOl0FZYmACfZ7o/
3HjHNMoqq7j5xfaqomAcy34=
=M9jU
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007039__updated_gtk20_packages_address_doslsb_issuesseveral_bugs.html)