drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in GTK+ (Fedora Core 2)
Name: |
Mehrere Probleme in GTK+ (Fedora Core 2)
|
|
ID: |
FEDORA-2004-289 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora Core 2 |
|
Datum: |
Do, 16. September 2004, 13:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0788 |
|
Applikationen: |
GTK |
|
Originalnachricht |
--------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-289 2004-09-15 ---------------------------------------------------------------------
Product : Fedora Core 2 Name : gtk2 Version : 2.4.7 Release : 2.4 Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X. Description : GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small one-off tools to complete application suites.
--------------------------------------------------------------------- Update Information:
During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was discovered in the BMP image processor of gtk2. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0753 to this issue.
During a security audit Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CAN-2004-0782, CAN-2004-0783)
Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file was opened by a victim. (CAN-2004-0788)
--------------------------------------------------------------------- * Tue Sep 07 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.7-2.4
- Fix issues in the xpm and ico loaders found by Chris Evans (#130711)
* Fri Aug 20 2004 Owen Taylor <otaylor@redhat.com> - 2.4.7-2.2
- Fix problem with infinite loop on bad BMP data (#130450, test BMP from Chris Evans, fix from Manish Singh)
* Sat Aug 14 2004 Matthias Clasen <mclasen@redhat.com> 2.4.7-1
- update to 2.4.7
* Fri Aug 13 2004 Matthias Clasen <mclasen@redhat.com> 2.4.6-1
- update to 2.4.6 - call libtoolize --force to win .so's back...
* Fri Jul 30 2004 Jonathan Blandford <jrb@redhat.com> 2.4.4-4
- add typeahead patch to GtkTreeView - automake-1.9
* Tue Jul 27 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-3
- Use -64 suffix on powerpc64. (#128605)
* Fri Jul 16 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-2
- Fix permissions of gdk-pixbuf-csource script. - Escape macros in %changelog
* Fri Jul 09 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-1
- Update to 2.4.4
* Thu Jul 08 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-5
- Look for the gtk.immodules file in the right location. (#127073)
* Thu Jul 08 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-4
- Add a wrapper for gdk-pixbuf-csource.
* Wed Jun 23 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-3
- Don't install testgtk and testtext - Rename binaries to -32/-64 (#124478) - Move arch-dependent config files to /etc/gtk-2.0/$host (#124482) - Add wrappers for updating the arch-dependent config files
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Thu May 20 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-1
- Upgrade to 2.4.1
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
75a86a6d678f76a2f6238a992463005f SRPMS/gtk2-2.4.7-2.4.src.rpm f6923be90c1621e83a19df610213ff12 x86_64/gtk2-2.4.7-2.4.x86_64.rpm e46b3ea2a153749dcf6d5cdf38603ea6 x86_64/gtk2-devel-2.4.7-2.4.x86_64.rpm 81f2cf32b341d60fa766e638624a201c x86_64/debug/gtk2-debuginfo-2.4.7-2.4.x86_64.rpm b659bb38815921f415c45790d2c4b1c6 x86_64/gtk2-2.4.7-2.4.i386.rpm b659bb38815921f415c45790d2c4b1c6 i386/gtk2-2.4.7-2.4.i386.rpm 9d38f480c8ccb6857fc6cbdb322ac073 i386/gtk2-devel-2.4.7-2.4.i386.rpm 5099d6ef8357b99e90e9fa2fd9c28695 i386/debug/gtk2-debuginfo-2.4.7-2.4.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------
-- fedora-announce-list mailing list fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list
|
|
|
|