-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : gtk+2.0 Date : February 7, 2007 Affected: 2007.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. (CVE-2007-0010)
The version of libgtk+2.0 shipped with Mandriva Linux 2007 fails various portions of the lsb-test-desktop test suite, part of LSB 3.1 certification testing. The updated packages also address the following issues: The Home and Desktop entries in the GTK File Chooser are not always visible (#26644). GTK+-based applications (which includes all the Mandriva Linux configuration tools, for example) crash (instead of falling back to the default theme) when an invalid icon theme is selected. (#27013) Additional patches from GNOME CVS have been included to address the following issues from the GNOME bugzilla: * 357132 - fix RGBA colormap issue * 359537,357280,359052 - fix various printer bugs * 357566,353736,357050,363437,379503 - fix various crashes * 372527 - fix fileselector bug + potential deadlock _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0010 http://qa.mandriva.com/show_bug.cgi?id=26644 http://qa.mandriva.com/show_bug.cgi?id=27013 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 6b0b76ba984d8432cca4e8d938c51844 2007.0/i586/gtk+2.0-2.10.3-5.3mdv2007.0.i586.rpm 015aa62677f20cf6b9f89301014ccf4d 2007.0/i586/libgdk_pixbuf2.0_0-2.10.3-5.3mdv2007.0.i586.rpm 8f6bc5e09ee08263633e3601d1d21069 2007.0/i586/libgdk_pixbuf2.0_0-devel-2.10.3-5.3mdv2007.0.i586.rpm ef1f5a96362f5fafb982520897283919 2007.0/i586/libgtk+-x11-2.0_0-2.10.3-5.3mdv2007.0.i586.rpm b96eeb174cba468e8064890668b43a56 2007.0/i586/libgtk+2.0_0-2.10.3-5.3mdv2007.0.i586.rpm 65f2ea83177a38b1682f4d4e5e633aea 2007.0/i586/libgtk+2.0_0-devel-2.10.3-5.3mdv2007.0.i586.rpm 4f15cba4c1c1b6e37dfe9f0b5b73401c 2007.0/SRPMS/gtk+2.0-2.10.3-5.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: b2470dc8cd884cf15dc47e29dbdb36de 2007.0/x86_64/gtk+2.0-2.10.3-5.3mdv2007.0.x86_64.rpm 11d3f44a7f55f4899984e33a07c8f722 2007.0/x86_64/lib64gdk_pixbuf2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm 33c26bea1a14b147f41e45467d6894e3 2007.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.10.3-5.3mdv2007.0.x86_64.rpm 2e3855166383646465a01bd56e1529b7 2007.0/x86_64/lib64gtk+-x11-2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm 4fea83682012ad4c5571e205b04dc7d1 2007.0/x86_64/lib64gtk+2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm 04f7f152d4e99d6c71043554e2adfa3a 2007.0/x86_64/lib64gtk+2.0_0-devel-2.10.3-5.3mdv2007.0.x86_64.rpm 4f15cba4c1c1b6e37dfe9f0b5b73401c 2007.0/SRPMS/gtk+2.0-2.10.3-5.3mdv2007.0.src.rpm Corporate 3.0: 7d4501132efb62d24276152ccc23a2e0 corporate/3.0/i586/gtk+2.0-2.2.4-10.6.C30mdk.i586.rpm f8828f652ae310e3de135f181e3c6f19 corporate/3.0/i586/libgdk_pixbuf2.0_0-2.2.4-10.6.C30mdk.i586.rpm d99f6327006f96e8b170c20500d64985 corporate/3.0/i586/libgdk_pixbuf2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm f2a98b2036167b780e87e2cd0d105983 corporate/3.0/i586/libgtk+-linuxfb-2.0_0-2.2.4-10.6.C30mdk.i586.rpm e28fbfc9664db29c37517ca8957647c0 corporate/3.0/i586/libgtk+-linuxfb-2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm 8b80464f88674e0bf5f7ed06efafcb72 corporate/3.0/i586/libgtk+-x11-2.0_0-2.2.4-10.6.C30mdk.i586.rpm b154589c077c790b1f71379194ed84a6 corporate/3.0/i586/libgtk+2.0_0-2.2.4-10.6.C30mdk.i586.rpm 819ee9fa563420c37d7cae612c3a6bec corporate/3.0/i586/libgtk+2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm dbe156cf5e976fc744b635eab3e88884 corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.6.C30mdk.src.rpm Corporate 3.0/X86_64: bed655ae3c4d6635e87488eefebe7e12 corporate/3.0/x86_64/gtk+2.0-2.2.4-10.6.C30mdk.x86_64.rpm 369daff90b35687abae6ad34cf513af3 corporate/3.0/x86_64/lib64gdk_pixbuf2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm 3675f57dd8e738cd1674db6518cd7c0d corporate/3.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm 28dfaebd73dacca8fc2497caeac619a5 corporate/3.0/x86_64/lib64gtk+-linuxfb-2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm 22b487085911cce6fa8a5f2d6557009b corporate/3.0/x86_64/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm e0cf2152fc480ab73e4236de7a186d23 corporate/3.0/x86_64/lib64gtk+-x11-2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm 512547fd9c3efca43b7c000fdbaedec3 corporate/3.0/x86_64/lib64gtk+2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm 4aac840549a80fa69f5f527ce6b09421 corporate/3.0/x86_64/lib64gtk+2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm dbe156cf5e976fc744b635eab3e88884 corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.6.C30mdk.src.rpm Corporate 4.0: ab946717fc68226a2fbb8964fa4a9cb4 corporate/4.0/i586/gtk+2.0-2.8.3-4.3.20060mlcs4.i586.rpm 28f5073f9effbb65613c2f7b6ceae180 corporate/4.0/i586/libgdk_pixbuf2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm 0b32eb04192333a7ae6c297befca476f corporate/4.0/i586/libgdk_pixbuf2.0_0-devel-2.8.3-4.3.20060mlcs4.i586.rpm d2054c43e2fcc262c35ae3bd18736b69 corporate/4.0/i586/libgtk+-x11-2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm 28f6ac38124b6a46a22e83f870c93693 corporate/4.0/i586/libgtk+2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm f9cd95997500fe783119dd1fe797bf85 corporate/4.0/i586/libgtk+2.0_0-devel-2.8.3-4.3.20060mlcs4.i586.rpm fd9738d1b171f76decea52a1abd344a2 corporate/4.0/SRPMS/gtk+2.0-2.8.3-4.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 0e705604eb73b7c181d3b7663e39e664 corporate/4.0/x86_64/gtk+2.0-2.8.3-4.3.20060mlcs4.x86_64.rpm 808a4be8218c00b62057de06edae248c corporate/4.0/x86_64/lib64gdk_pixbuf2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm 379c2977cf755ab760d5693dcaa28be0 corporate/4.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.8.3-4.3.20060mlcs4.x86_64.rpm 193c57c8073552decc25d755536db21d corporate/4.0/x86_64/lib64gtk+-x11-2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm 1c2e7713425fc786bd7a60b4fe106d28 corporate/4.0/x86_64/lib64gtk+2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm b8436740a32a0fce48bdb9df3234b1f6 corporate/4.0/x86_64/lib64gtk+2.0_0-devel-2.8.3-4.3.20060mlcs4.x86_64.rpm fd9738d1b171f76decea52a1abd344a2 corporate/4.0/SRPMS/gtk+2.0-2.8.3-4.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFyf3/mqjQ0CJFipgRAtYmAJ9uAEfC6fiUknh970LL+YOl0FZYmACfZ7o/ 3HjHNMoqq7j5xfaqomAcy34= =M9jU -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/