--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-1085 2005-11-15 --------------------------------------------------------------------- Product : Fedora Core 4 Name : gdk-pixbuf Version : 0.22.0 Release : 18.fc4.2 Summary : An image loading library used with GNOME. Description : The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. The GdkPixBuf library provides image loading facilities, the rendering of a GdkPixBuf into various formats (drawables or GdkRGB buffers), and a cache interface. --------------------------------------------------------------------- Update Information: The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue. Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Users of gdk-pixbuf are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. --------------------------------------------------------------------- * Mon Oct 31 2005 Matthias Clasen <mclasen@xxxxxxxxxx> - 1:0.22.0-18.fc4.2 - Prevent another integer overflow in the xpm loader (#171901, CVE-2005-2976) - Prevent an infinite loop in the xpm loader (#171901, CVE-2005-2976) * Wed Oct 19 2005 Matthias Clasen <mclasen@xxxxxxxxxx> - 1:0.22.0-18.fc4.1 - Prevent an integer overflow in the xpm loader (#171073, CVE-2005-3186) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ 7c780b05008f3e1999bf8abbb0bb7b7a SRPMS/gdk-pixbuf-0.22.0-18.fc4.2.src.rpm 599efb60ec868f5242a4ca353c0b1ef6 ppc/gdk-pixbuf-0.22.0-18.fc4.2.ppc.rpm 1f18e28bf51ab6e7fb6bd064d91cbd17 ppc/gdk-pixbuf-devel-0.22.0-18.fc4.2.ppc.rpm 1905bece6ab5f5b4c49de5ff2a39e201 ppc/gdk-pixbuf-gnome-0.22.0-18.fc4.2.ppc.rpm eefdf10dfdd1cd5ba10f81136e0c6662 ppc/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.ppc.rpm 4e478e20404e7167b5b6f30efcd80ed9 ppc/gdk-pixbuf-0.22.0-18.fc4.2.ppc64.rpm 7f2a934348fba04f2a8e9a210701406f x86_64/gdk-pixbuf-0.22.0-18.fc4.2.x86_64.rpm 861b6a186287685c4383e91f1353b77a x86_64/gdk-pixbuf-devel-0.22.0-18.fc4.2.x86_64.rpm 0e760f0a8385a1919962b9f684dabf1c x86_64/gdk-pixbuf-gnome-0.22.0-18.fc4.2.x86_64.rpm 9ef3e8849f5706bc6dc71559af1b056d x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.x86_64.rpm 212ce3ac8b0fe3f767048a2186cb3766 x86_64/gdk-pixbuf-0.22.0-18.fc4.2.i386.rpm 212ce3ac8b0fe3f767048a2186cb3766 i386/gdk-pixbuf-0.22.0-18.fc4.2.i386.rpm 7e0136afe88fd82d236a2e04ab76bc9a i386/gdk-pixbuf-devel-0.22.0-18.fc4.2.i386.rpm 8128ef8c06fcf1dfb952c84912cab910 i386/gdk-pixbuf-gnome-0.22.0-18.fc4.2.i386.rpm 1fa0933b6e9c7d21fca40b96a162a623 i386/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- fedora-announce-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-announce-list
