USN-108-1: GDK vulnerability
Posted on: 04/05/2005 02:42 PM

A GDK security update is available for Ubuntu Linux 4.10

==========================================================
Ubuntu Security Notice USN-108-1 April 05, 2005
gtk+2.0, gdk-pixbuf vulnerabilities
CAN-2005-0891
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libgdk-pixbuf2
libgtk2.0-0

The problem can be corrected by upgrading the affected package to version 0.22.0-7ubuntu1.1 (libgdk-pixbuf2) and 2.4.10-1ubuntu1.1 (libgtk2.0-0). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Matthias Clasen discovered a Denial of Service vulnerability in the BMP image module of gdk. Processing a specially crafted BMP image with an application using gdk-pixbuf caused an allocated memory block to be free()'ed twice, leading to a crash of the application. However, it is believed that this cannot be exploited to execute arbitrary
attacker provided code.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-7ubuntu1.1.diff.gz
Size/MD5: 371559 6eda65660063879e8fcb9c13f32acc8a
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-7ubuntu1.1.dsc
Size/MD5: 723 1733720ee9e346a1564ae45c4e5ab2b2
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0.orig.tar.gz
Size/MD5: 519266 4db0503b5a62533db68b03908b981751
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10-1ubuntu1.1.diff.gz
Size/MD5: 46203 8a6ebac91a341bfec1a4e40e22c6e4e2
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10-1ubuntu1.1.dsc
Size/MD5: 1936 45ca99b8b54fb1a34716380edcdc22d2
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10.orig.tar.gz
Size/MD5: 14140860 b1876ebde3b85bceb576ee5e2ecfd60b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-common_2.4.10-1ubuntu1.1_all.deb
Size/MD5: 2778688 7817b2b2187db31d21ee3c3d72ef6c64
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-doc_2.4.10-1ubuntu1.1_all.deb
Size/MD5: 1877562 392cfa514cdfac3307a5c051a1d83be9

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 261990 acd7487241d60424bf0901a36ea49c20
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_amd64.deb
Size/MD5: 155396 824fb12f5f2c808d1fe9be57d18cc24b
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_amd64.deb
Size/MD5: 8524 1e22ab97a0f2ea92f13f61f1dd8e7901
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_amd64.deb
Size/MD5: 7944 83ccb50f72b4adf65e8dd83cc3112d28
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_amd64.deb
Size/MD5: 183296 412c10985e923bb6f965bba344b1b584
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 2183922 2f95da8893c36ef012daacb33b64a68b
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 13934 3f15e4e19464edee9bec3e03bceb6a5a
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 10299776 69bee0e979b89a26fc2bdfb0d0936da0
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 2841746 da7656c49d7a53144fdcc0cc30e10300

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 258614 b4143d9c3f9508a4d02b321a83587a13
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_i386.deb
Size/MD5: 147238 b753bfcecffb4694572a1fd23f365f25
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_i386.deb
Size/MD5: 7636 69e339f1559495af69bd1e2729a969ae
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_i386.deb
Size/MD5: 7188 fd233fc7c62a0ccb3353d802aa3e347e
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_i386.deb
Size/MD5: 167464 85d56ca9adbbf4b12d90665f14cbab9d
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 2000760 a48d7ccb98352bdec84cb066fb6cad14
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 13288 812f0d4bd1e6fbc7c1b0d85caa11c228
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 10067810 6d984fa1f6b3abaf4a1861aaa955820f
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 2484426 b283dce0ceebe5cfdff2ac86960445b5

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 260412 de11296455cd7b06eea78e6f49a7bcd2
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_powerpc.deb
Size/MD5: 163118 fbde558bcf35a4334b431e362ab854ac
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_powerpc.deb
Size/MD5: 9162 6dd4f1856a9ccd034bb09a4aa691ca0e
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_powerpc.deb
Size/MD5: 9494 af0e66ba1520dedf6f4edd1bddc62a17
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_powerpc.deb
Size/MD5: 192186 88f579eeff03b81ce45ff03dfb260df5
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 2118578 3be811e254b9f042267f937a3b9f8171
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 16056 8f00fc4931970ff94ef915194d81031f
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 10329060 9dfecd1aab94c16f2c8cf90d5e94c91d
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 3084834 2e84877a938df6886104119ba59c8e2a


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_108_1_gdk_vulnerability.html)