Fedora Legacy Test Update Notification: gtk2
Dominic Hargreaves
dom at earth.li
Thu Feb 24 09:53:43 UTC 2005
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2073
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2073
2005-02-23
---------------------------------------------------------------------
Name : gtk2
Versions : rh7.3: gtk2-2.0.2-4.1.legacy.1
rh9: gtk2-2.2.1-4.1.legacy.1
Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X.
Description :
The gtk+ package contains the GIMP ToolKit (GTK+), a library for
creating graphical user interfaces for the X Window System. GTK+ was
originally written for the GIMP (GNU Image Manipulation Program) image
processing program, but is now used by several other programs as well.
---------------------------------------------------------------------
Update Information:
Updated gtk2 pacakges that fix security issues are now available.
gtk2, the Gimp Toolkit, is a library for creating GUIs for X.
During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was
discovered in the BMP image processor of gtk2. An attacker could create a
carefully crafted BMP file which would cause an application to enter an
infinite loop and not respond to user input when the file was opened by a
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0753 to this issue.
During a security audit Chris Evans discovered a stack and a heap overflow
in the XPM image decoder. An attacker could create a carefully crafted XPM
file which could cause an application linked with gtk2 to crash or possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)
Chris Evans also discovered an integer overflow in the ICO image decoder.
An attacker could create a carefully crafted ICO file which could cause an
application linked with gtk2 to crash when the file was opened by a victim.
(CAN-2004-0788)
---------------------------------------------------------------------
Changelogs
rh73:
* Thu Feb 17 2005 Dominic Hargreaves <dom at earth.li> 2.0.2-4.1.legacy.1
- Add gettext, libtool, autoconf build dep
* Sun Sep 19 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 2.0.2-4.1.lega
cy
- Added security patch for CAN-2004-0782, CAN-2004-0783, CAN-2004-0788
rh9:
* Wed Feb 23 2005 Dominic Hargreaves <dom at earth.li> 2.2.1-4.1.legacy.1
- Fix build requirement for automake
* Sun Sep 19 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 2.2.1-4.1.lega
cy
- add security fixes for CAN-2004-0753, CAN-2004-0782,
CAN-2004-0783, CAN-2004-0788
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
rh7.3:
40a04f9de6f6c3c25ee15a275f15b5905c584cd5 redhat/7.3/updates-testing/SRPMS/gtk2-2.0.2-4.1.legacy.1.src.rpm
804021fcabd265dbf90eaf0ea5b5fa8e8e60a12b redhat/7.3/updates-testing/i386/gtk2-2.0.2-4.1.legacy.1.i386.rpm
3e1abc389122c5a5a76c4007d9c59584aabd0234 redhat/7.3/updates-testing/i386/gtk2-devel-2.0.2-4.1.legacy.1.i386.rpm
rh9:
0a6fd49149977d627fc14a8a4eebe4dfe69fcfd9 redhat/9/updates-testing/SRPMS/gtk2-2.2.1-4.1.legacy.1.src.rpm
eb8b595676024ccc5cb2f61eaeaa55e765cfa698 redhat/9/updates-testing/i386/gtk2-2.2.1-4.1.legacy.1.i386.rpm
b64b81500f5815becc4a264c640e91221f596d00 redhat/9/updates-testing/i386/gtk2-devel-2.2.1-4.1.legacy.1.i386.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050224/5afdaca1/attachment.sig>
More information about the fedora-legacy-list
mailing list