Articles / Red Hat: New gtk2 packages …

Red Hat: New gtk2 packages fix a double free vulnerability

The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way gtk2 processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack on applications linked against gtk2. Fixed packages are available from updates.redhat.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: gtk2 security update
Advisory ID:       RHSA-2005:344-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-344.html
Issue date:        2005-04-01
Updated on:        2005-04-01
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0891
- ---------------------------------------------------------------------

1. Summary:

Updated gtk2 packages that fix a double free vulnerability are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating
graphical user interfaces for the X Window System. 

A bug was found in the way gtk2 processes BMP images. It is possible
that a specially crafted BMP image could cause a denial of service attack
on applications linked against gtk2. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to
this issue.

Users of gtk2 are advised to upgrade to these packages, which contain
a backported patch and is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

152317 - CAN-2005-0891 gdk-pixbuf BMP double free DoS

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gtk2-2.2.4-15.src.rpm
0a30c8ebefcfae17e5a19575bc328685  gtk2-2.2.4-15.src.rpm

i386:
98a763c907f9cde57d447ecc9ce69252  gtk2-2.2.4-15.i386.rpm
066bddc2276dccfd7bb0b72517637662  gtk2-devel-2.2.4-15.i386.rpm

ia64:
baed53da0de7155699e61842ef41e3fc  gtk2-2.2.4-15.ia64.rpm
98a763c907f9cde57d447ecc9ce69252  gtk2-2.2.4-15.i386.rpm
7a0b78f2dc0b6d31f2c9d1ed80f446e4  gtk2-devel-2.2.4-15.ia64.rpm

ppc:
a99bbccf1f40a4623fed1b95c46add10  gtk2-2.2.4-15.ppc.rpm
abfbf4e46c2a7d6493a6bfac1e4be816  gtk2-2.2.4-15.ppc64.rpm
02ea01802becb94924e2eb6ee516cd32  gtk2-devel-2.2.4-15.ppc.rpm

s390:
43b69fdf1aa8d9c2c887e3102de177b7  gtk2-2.2.4-15.s390.rpm
8af03aee1a14ec0369bd441a53921648  gtk2-devel-2.2.4-15.s390.rpm

s390x:
a8a651570741b86471a63ed94183f210  gtk2-2.2.4-15.s390x.rpm
43b69fdf1aa8d9c2c887e3102de177b7  gtk2-2.2.4-15.s390.rpm
9c485a6e78fa1d1d153c8786e4cf5532  gtk2-devel-2.2.4-15.s390x.rpm

x86_64:
e4ab1dddc4d0dc5e2f6db0905be62819  gtk2-2.2.4-15.x86_64.rpm
98a763c907f9cde57d447ecc9ce69252  gtk2-2.2.4-15.i386.rpm
90dabc5f8e3c4218b2e47c244b0bedbf  gtk2-devel-2.2.4-15.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gtk2-2.2.4-15.src.rpm
0a30c8ebefcfae17e5a19575bc328685  gtk2-2.2.4-15.src.rpm

i386:
98a763c907f9cde57d447ecc9ce69252  gtk2-2.2.4-15.i386.rpm
066bddc2276dccfd7bb0b72517637662  gtk2-devel-2.2.4-15.i386.rpm

x86_64:
e4ab1dddc4d0dc5e2f6db0905be62819  gtk2-2.2.4-15.x86_64.rpm
98a763c907f9cde57d447ecc9ce69252  gtk2-2.2.4-15.i386.rpm
90dabc5f8e3c4218b2e47c244b0bedbf  gtk2-devel-2.2.4-15.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gtk2-2.2.4-15.src.rpm
0a30c8ebefcfae17e5a19575bc328685  gtk2-2.2.4-15.src.rpm

i386:
98a763c907f9cde57d447ecc9ce69252  gtk2-2.2.4-15.i386.rpm
066bddc2276dccfd7bb0b72517637662  gtk2-devel-2.2.4-15.i386.rpm

ia64:
baed53da0de7155699e61842ef41e3fc  gtk2-2.2.4-15.ia64.rpm
98a763c907f9cde57d447ecc9ce69252  gtk2-2.2.4-15.i386.rpm
7a0b78f2dc0b6d31f2c9d1ed80f446e4  gtk2-devel-2.2.4-15.ia64.rpm

x86_64:
e4ab1dddc4d0dc5e2f6db0905be62819  gtk2-2.2.4-15.x86_64.rpm
98a763c907f9cde57d447ecc9ce69252  gtk2-2.2.4-15.i386.rpm
90dabc5f8e3c4218b2e47c244b0bedbf  gtk2-devel-2.2.4-15.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gtk2-2.2.4-15.src.rpm
0a30c8ebefcfae17e5a19575bc328685  gtk2-2.2.4-15.src.rpm

i386:
98a763c907f9cde57d447ecc9ce69252  gtk2-2.2.4-15.i386.rpm
066bddc2276dccfd7bb0b72517637662  gtk2-devel-2.2.4-15.i386.rpm

ia64:
baed53da0de7155699e61842ef41e3fc  gtk2-2.2.4-15.ia64.rpm
98a763c907f9cde57d447ecc9ce69252  gtk2-2.2.4-15.i386.rpm
7a0b78f2dc0b6d31f2c9d1ed80f446e4  gtk2-devel-2.2.4-15.ia64.rpm

x86_64:
e4ab1dddc4d0dc5e2f6db0905be62819  gtk2-2.2.4-15.x86_64.rpm
98a763c907f9cde57d447ecc9ce69252  gtk2-2.2.4-15.i386.rpm
90dabc5f8e3c4218b2e47c244b0bedbf  gtk2-devel-2.2.4-15.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gtk2-2.4.13-14.src.rpm
118cc192bec153115de78c71cfac9bba  gtk2-2.4.13-14.src.rpm

i386:
48c40e37a9881922692c379a023f40c2  gtk2-2.4.13-14.i386.rpm
af3138588aa04815a27d638ecbcb6c8b  gtk2-devel-2.4.13-14.i386.rpm

ia64:
33d94f949a3b40af64c2b32d167ff228  gtk2-2.4.13-14.ia64.rpm
48c40e37a9881922692c379a023f40c2  gtk2-2.4.13-14.i386.rpm
73608a9226dd9dd4659160f38ce0fee4  gtk2-devel-2.4.13-14.ia64.rpm

ppc:
8c84158372ac0bcca09ab775eed2fee2  gtk2-2.4.13-14.ppc.rpm
3a61040d1dd81afa0dbca8ead7e125ee  gtk2-2.4.13-14.ppc64.rpm
c9e7694d7514c897373ef6883abaebc5  gtk2-devel-2.4.13-14.ppc.rpm

s390:
3c1076cdca18a62dccab35d5e03371e2  gtk2-2.4.13-14.s390.rpm
1e0c97c0e3a75b7e6431de79dc471683  gtk2-devel-2.4.13-14.s390.rpm

s390x:
35b3be76b835158f9c0fb8046753ff47  gtk2-2.4.13-14.s390x.rpm
3c1076cdca18a62dccab35d5e03371e2  gtk2-2.4.13-14.s390.rpm
c3e93e8160bc0b79e101a959ebc55cfd  gtk2-devel-2.4.13-14.s390x.rpm

x86_64:
0ce827bf741b096da96f49e0a461d228  gtk2-2.4.13-14.x86_64.rpm
48c40e37a9881922692c379a023f40c2  gtk2-2.4.13-14.i386.rpm
11876fb98d0f3d6d4dc8b767110298f8  gtk2-devel-2.4.13-14.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gtk2-2.4.13-14.src.rpm
118cc192bec153115de78c71cfac9bba  gtk2-2.4.13-14.src.rpm

i386:
48c40e37a9881922692c379a023f40c2  gtk2-2.4.13-14.i386.rpm
af3138588aa04815a27d638ecbcb6c8b  gtk2-devel-2.4.13-14.i386.rpm

x86_64:
0ce827bf741b096da96f49e0a461d228  gtk2-2.4.13-14.x86_64.rpm
48c40e37a9881922692c379a023f40c2  gtk2-2.4.13-14.i386.rpm
11876fb98d0f3d6d4dc8b767110298f8  gtk2-devel-2.4.13-14.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gtk2-2.4.13-14.src.rpm
118cc192bec153115de78c71cfac9bba  gtk2-2.4.13-14.src.rpm

i386:
48c40e37a9881922692c379a023f40c2  gtk2-2.4.13-14.i386.rpm
af3138588aa04815a27d638ecbcb6c8b  gtk2-devel-2.4.13-14.i386.rpm

ia64:
33d94f949a3b40af64c2b32d167ff228  gtk2-2.4.13-14.ia64.rpm
48c40e37a9881922692c379a023f40c2  gtk2-2.4.13-14.i386.rpm
73608a9226dd9dd4659160f38ce0fee4  gtk2-devel-2.4.13-14.ia64.rpm

x86_64:
0ce827bf741b096da96f49e0a461d228  gtk2-2.4.13-14.x86_64.rpm
48c40e37a9881922692c379a023f40c2  gtk2-2.4.13-14.i386.rpm
11876fb98d0f3d6d4dc8b767110298f8  gtk2-devel-2.4.13-14.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gtk2-2.4.13-14.src.rpm
118cc192bec153115de78c71cfac9bba  gtk2-2.4.13-14.src.rpm

i386:
48c40e37a9881922692c379a023f40c2  gtk2-2.4.13-14.i386.rpm
af3138588aa04815a27d638ecbcb6c8b  gtk2-devel-2.4.13-14.i386.rpm

ia64:
33d94f949a3b40af64c2b32d167ff228  gtk2-2.4.13-14.ia64.rpm
48c40e37a9881922692c379a023f40c2  gtk2-2.4.13-14.i386.rpm
73608a9226dd9dd4659160f38ce0fee4  gtk2-devel-2.4.13-14.ia64.rpm

x86_64:
0ce827bf741b096da96f49e0a461d228  gtk2-2.4.13-14.x86_64.rpm
48c40e37a9881922692c379a023f40c2  gtk2-2.4.13-14.i386.rpm
11876fb98d0f3d6d4dc8b767110298f8  gtk2-devel-2.4.13-14.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0891

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCTV9nXlSAg2UNWIIRAqyUAJ4nX8OyUx4oplTnaP8Cd7xX9/7FbACfWeI+
qNkO6dqzlYCVfySatzndq7M=
=Eb3j
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.