Fedora Linux 8773 Published by

A new update is available for Fedora Core - [SECURITY] Fedora Core 4 Update: gdk-pixbuf-0.22.0-18.fc4.2. Here the announcement:



Fedora Update Notification
FEDORA-2005-1085
2005-11-15
---------------------------------------------------------------------

Product : Fedora Core 4
Name : gdk-pixbuf
Version : 0.22.0
Release : 18.fc4.2
Summary : An image loading library used with GNOME.
Description :
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.

---------------------------------------------------------------------
Update Information:

The gdk-pixbuf package contains an image loading library
used with the GNOME GUI desktop environment.

A bug was found in the way gdk-pixbuf processes XPM images.
An attacker could create a carefully crafted XPM file in
such a way that it could cause an application linked with
gdk-pixbuf to execute arbitrary code when the file was
opened by a victim. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an integer overflow bug in the way
gdk-pixbuf processes XPM images. An attacker could create a
carefully crafted XPM file in such a way that it could cause
an application linked with gdk-pixbuf to execute arbitrary
code or crash when the file was opened by a victim. The
Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-2976 to this issue.

Ludwig Nussel also discovered an infinite-loop denial of
service bug in the way gdk-pixbuf processes XPM images. An
attacker could create a carefully crafted XPM file in such a
way that it could cause an application linked with
gdk-pixbuf to stop responding when the file was opened by a
victim. The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-2975 to this issue.

Users of gdk-pixbuf are advised to upgrade to these updated
packages, which contain backported patches and are not
vulnerable to these issues.
---------------------------------------------------------------------
* Mon Oct 31 2005 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-18.fc4.2
- Prevent another integer overflow in the xpm loader (#171901, CVE-2005-2976)
- Prevent an infinite loop in the xpm loader (#171901, CVE-2005-2976)

* Wed Oct 19 2005 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-18.fc4.1
- Prevent an integer overflow in the xpm loader (#171073, CVE-2005-3186)


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

7c780b05008f3e1999bf8abbb0bb7b7a SRPMS/gdk-pixbuf-0.22.0-18.fc4.2.src.rpm
599efb60ec868f5242a4ca353c0b1ef6 ppc/gdk-pixbuf-0.22.0-18.fc4.2.ppc.rpm
1f18e28bf51ab6e7fb6bd064d91cbd17 ppc/gdk-pixbuf-devel-0.22.0-18.fc4.2.ppc.rpm
1905bece6ab5f5b4c49de5ff2a39e201 ppc/gdk-pixbuf-gnome-0.22.0-18.fc4.2.ppc.rpm
eefdf10dfdd1cd5ba10f81136e0c6662 ppc/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.ppc.rpm
4e478e20404e7167b5b6f30efcd80ed9 ppc/gdk-pixbuf-0.22.0-18.fc4.2.ppc64.rpm
7f2a934348fba04f2a8e9a210701406f x86_64/gdk-pixbuf-0.22.0-18.fc4.2.x86_64.rpm
861b6a186287685c4383e91f1353b77a x86_64/gdk-pixbuf-devel-0.22.0-18.fc4.2.x86_64.rpm
0e760f0a8385a1919962b9f684dabf1c x86_64/gdk-pixbuf-gnome-0.22.0-18.fc4.2.x86_64.rpm
9ef3e8849f5706bc6dc71559af1b056d x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.x86_64.rpm
212ce3ac8b0fe3f767048a2186cb3766 x86_64/gdk-pixbuf-0.22.0-18.fc4.2.i386.rpm
212ce3ac8b0fe3f767048a2186cb3766 i386/gdk-pixbuf-0.22.0-18.fc4.2.i386.rpm
7e0136afe88fd82d236a2e04ab76bc9a i386/gdk-pixbuf-devel-0.22.0-18.fc4.2.i386.rpm
8128ef8c06fcf1dfb952c84912cab910 i386/gdk-pixbuf-gnome-0.22.0-18.fc4.2.i386.rpm
1fa0933b6e9c7d21fca40b96a162a623 i386/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.