--------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-286 2004-09-15 --------------------------------------------------------------------- Product : Fedora Core 1 Name : gdk-pixbuf Version : 0.22.0 Release : 11.2.2 Summary : An image loading library used with GNOME. Description : The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. The GdkPixBuf library provides image loading facilities, the rendering of a GdkPixBuf into various formats (drawables or GdkRGB buffers), and a cache interface. --------------------------------------------------------------------- Update Information: During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was discovered in the BMP image processor of gdk-pixbuf. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0753 to this issue. During a security audit, Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CAN-2004-0782, CAN-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file is opened by a victim. (CAN-2004-0788) --------------------------------------------------------------------- * Fri Sep 03 2004 Matthias Clasen <mclasen@xxxxxxxxxx> - 1:0.22.0-11.2.2 - Rebuild for FC1 * Fri Sep 03 2004 Matthias Clasen <mclasen@xxxxxxxxxx> - 1:0.22.0-11.1.3 - Rebuild for RHEL3 * Fri Sep 03 2004 Matthias Clasen <mclasen@xxxxxxxxxx> - 1:0.22.0-11.1.2E - Fix issues in the xpm and ico loaders found by Chris Evans (#130711) * Fri Aug 20 2004 Owen Taylor <otaylor@xxxxxxxxxx> - 1:0.22.0-10.0.2E - Fix problem with infinite loop on bad BMP data (#130455, test BMP from Chris Evans, fix from Manish Singh) * Sun Aug 15 2004 Tim Waugh <twaugh@xxxxxxxxxx> 1:0.22.0-9 - Fixed underquoted m4 definition. * Mon Jun 21 2004 Matthias Clasen <mclasen@xxxxxxxxxx> - Make build * Tue Jun 15 2004 Elliot Lee <sopwith@xxxxxxxxxx> - rebuilt * Fri Mar 05 2004 Owen Taylor <otaylor@xxxxxxxxxx> 1:0.22.0-6.0.3 - Include /usr/lib/*.la for AS2.1 * Fri Mar 05 2004 Owen Taylor <otaylor@xxxxxxxxxx> 1:0.22.0-6.0.2E - Add some additional defines to work with 2.1AS * Thu Mar 04 2004 Owen Taylor <otaylor@xxxxxxxxxx> 1:0.22.0-6.1.1 - Bump and rebuild * Thu Mar 04 2004 Owen Taylor <otaylor@xxxxxxxxxx> 1:0.22.0-6.1.0 - Redo package to build without libtool-1.5 patch * Wed Mar 03 2004 Owen Taylor <otaylor@xxxxxxxxxx> 1:0.22.0-6.0.0 - Add a couple of bug-fixes backported from GTK+-2.x * Tue Mar 02 2004 Elliot Lee <sopwith@xxxxxxxxxx> - rebuilt * Fri Feb 13 2004 Elliot Lee <sopwith@xxxxxxxxxx> - rebuilt * Thu Aug 28 2003 Owen Taylor <otaylor@xxxxxxxxxx> 1:0.22.0-4.0 - Rebuild for RHEL --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 19315b68f5108834ded2239186fc1983 SRPMS/gdk-pixbuf-0.22.0-11.2.2.src.rpm 1e2e3afb3290bbb1f4bd14eec8d16f90 x86_64/gdk-pixbuf-0.22.0-11.2.2.x86_64.rpm 2e96329747230323c2f2583f3cbd4764 x86_64/gdk-pixbuf-devel-0.22.0-11.2.2.x86_64.rpm 39d0264223d1f0e29b6ddd1f0c04809a x86_64/gdk-pixbuf-gnome-0.22.0-11.2.2.x86_64.rpm 556265762760faffa27cf09a368e9c55 x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.2.x86_64.rpm ee240507ab220388cd0b37ccdb59b63d i386/gdk-pixbuf-0.22.0-11.2.2.i386.rpm 0f445a5b5745edf4e6de74742ea4bd46 i386/gdk-pixbuf-devel-0.22.0-11.2.2.i386.rpm 874699ea4c8ba8d5d2a9b467016ffc0a i386/gdk-pixbuf-gnome-0.22.0-11.2.2.i386.rpm bf148083099de37ab7332b2422d3331f i386/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------
