(Fedora Issues Fix for FC1) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1011314
|
|
SecurityTracker URL: http://securitytracker.com/id?1011314
|
|
CVE Reference: CAN-2004-0753
(Links to External Site)
|
Date: Sep 16 2004
|
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 0.22 and prior versions
|
Description: Several vulnerabilities were reported in gdk-pixbug. A remote user can create a specially crafted image file that, when processed
by an application using gdk-pixbug, will cause the application to crash or potentially execute arbitrary code.
Mandrake and Red Hat reported that a remote user can create a specially crafted BMP image file that will cause gdk-pixbug to enter
an infinite loop [CVE: CAN-2004-0753].
It is also reported that Chris Evans discovered several overflows. A heap-based overflow
and a stack-based overflow reside in the xpm loader [CVE: CAN-2004-0782, CAN-2004-0783]. An integer overflow resides in the ico
loader [CVE: CAN-2004-0788]. A remote user may be able to trigger the overflows to cause an application that uses gdk-pixbug to
crash or possibly execute arbitrary code.
|
Impact: A remote user may be able to cause an application using gdk-pixbug to crash or potentially execute arbitrary code with the privileges of the application.
|
Solution: Fedora has released a fix, available at:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
19315b68f5108834ded2239186fc1983
SRPMS/gdk-pixbuf-0.22.0-11.2.2.src.rpm
1e2e3afb3290bbb1f4bd14eec8d16f90 x86_64/gdk-pixbuf-0.22.0-11.2.2.x86_64.rpm
2e96329747230323c2f2583f3cbd4764
x86_64/gdk-pixbuf-devel-0.22.0-11.2.2.x86_64.rpm
39d0264223d1f0e29b6ddd1f0c04809a x86_64/gdk-pixbuf-gnome-0.22.0-11.2.2.x86_64.rpm
556265762760faffa27cf09a368e9c55
x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.2.x86_64.rpm
ee240507ab220388cd0b37ccdb59b63d i386/gdk-pixbuf-0.22.0-11.2.2.i386.rpm
0f445a5b5745edf4e6de74742ea4bd46
i386/gdk-pixbuf-devel-0.22.0-11.2.2.i386.rpm
874699ea4c8ba8d5d2a9b467016ffc0a i386/gdk-pixbuf-gnome-0.22.0-11.2.2.i386.rpm
bf148083099de37ab7332b2422d3331f
i386/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.2.i386.rpm
|
Vendor URL: ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/ (Links to External Site)
|
Cause: Boundary error, State error
|
Underlying OS: Linux (Red Hat Fedora)
|
Underlying OS Comments: FC1
|
Reported By: Matthias Clasen <mclasen@redhat.com>
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 15 Sep 2004 12:26:19 -0400
From: Matthias Clasen <mclasen@redhat.com>
Subject: [SECURITY] Fedora Core 1 Update: gdk-pixbuf-0.22.0-11.2.2
|
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-286
2004-09-15
---------------------------------------------------------------------
Product : Fedora Core 1
Name : gdk-pixbuf
Version : 0.22.0
Release : 11.2.2
Summary : An image loading library used with GNOME.
Description :
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.
---------------------------------------------------------------------
Update Information:
During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw
was
discovered in the BMP image processor of gdk-pixbuf. An attacker could
create a carefully crafted BMP file which would cause an application
to enter an infinite loop and not respond to user input when the file
was
opened by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0753 to this issue.
During a security audit, Chris Evans discovered a stack and a heap
overflow
in the XPM image decoder. An attacker could create a carefully crafted
XPM
file which could cause an application linked with gtk2 to crash or
possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)
Chris Evans also discovered an integer overflow in the ICO image
decoder.
An attacker could create a carefully crafted ICO file which could cause
an
application linked with gtk2 to crash when the file is opened by a
victim.
(CAN-2004-0788)
---------------------------------------------------------------------
* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.2.2
- Rebuild for FC1
* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.1.3
- Rebuild for RHEL3
* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> -
1:0.22.0-11.1.2E
- Fix issues in the xpm and ico loaders
found by Chris Evans (#130711)
* Fri Aug 20 2004 Owen Taylor <otaylor@redhat.com> - 1:0.22.0-10.0.2E
- Fix problem with infinite loop on bad BMP data (#130455,
test BMP from Chris Evans, fix from Manish Singh)
* Sun Aug 15 2004 Tim Waugh <twaugh@redhat.com> 1:0.22.0-9
- Fixed underquoted m4 definition.
* Mon Jun 21 2004 Matthias Clasen <mclasen@redhat.com>
- Make build
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Fri Mar 05 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.3
- Include /usr/lib/*.la for AS2.1
* Fri Mar 05 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.2E
- Add some additional defines to work with 2.1AS
* Thu Mar 04 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.1.1
- Bump and rebuild
* Thu Mar 04 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.1.0
- Redo package to build without libtool-1.5 patch
* Wed Mar 03 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.0
- Add a couple of bug-fixes backported from GTK+-2.x
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Thu Aug 28 2003 Owen Taylor <otaylor@redhat.com> 1:0.22.0-4.0
- Rebuild for RHEL
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
19315b68f5108834ded2239186fc1983 SRPMS/gdk-pixbuf-0.22.0-11.2.2.src.rpm
1e2e3afb3290bbb1f4bd14eec8d16f90
x86_64/gdk-pixbuf-0.22.0-11.2.2.x86_64.rpm
2e96329747230323c2f2583f3cbd4764
x86_64/gdk-pixbuf-devel-0.22.0-11.2.2.x86_64.rpm
39d0264223d1f0e29b6ddd1f0c04809a
x86_64/gdk-pixbuf-gnome-0.22.0-11.2.2.x86_64.rpm
556265762760faffa27cf09a368e9c55
x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.2.x86_64.rpm
ee240507ab220388cd0b37ccdb59b63d i386/gdk-pixbuf-0.22.0-11.2.2.i386.rpm
0f445a5b5745edf4e6de74742ea4bd46
i386/gdk-pixbuf-devel-0.22.0-11.2.2.i386.rpm
874699ea4c8ba8d5d2a9b467016ffc0a
i386/gdk-pixbuf-gnome-0.22.0-11.2.2.i386.rpm
bf148083099de37ab7332b2422d3331f
i386/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
|
|
