Fedora Legacy Test Update Notification: gtk2

Dominic Hargreaves <dom@xxxxxxxx> · Thu, 24 Feb 2005 09:53:43 +0000

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2073
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2073
2005-02-23
---------------------------------------------------------------------

Name        : gtk2
Versions    : rh7.3: gtk2-2.0.2-4.1.legacy.1
              rh9: gtk2-2.2.1-4.1.legacy.1
Summary     : The GIMP ToolKit (GTK+), a library for creating GUIs for X.
Description :
The gtk+ package contains the GIMP ToolKit (GTK+), a library for
creating graphical user interfaces for the X Window System. GTK+ was
originally written for the GIMP (GNU Image Manipulation Program) image
processing program, but is now used by several other programs as well.

---------------------------------------------------------------------
Update Information:

Updated gtk2 pacakges that fix security issues are now available.

gtk2, the Gimp Toolkit, is a library for creating GUIs for X.

During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was
discovered in the BMP image processor of gtk2. An attacker could create a
carefully crafted BMP file which would cause an application to enter an
infinite loop and not respond to user input when the file was opened by a
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0753 to this issue.

During a security audit Chris Evans discovered a stack and a heap overflow
in the XPM image decoder. An attacker could create a carefully crafted XPM
file which could cause an application linked with gtk2 to crash or possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer overflow in the ICO image decoder.
An attacker could create a carefully crafted ICO file which could cause an
application linked with gtk2 to crash when the file was opened by a victim.
(CAN-2004-0788)

---------------------------------------------------------------------
Changelogs

rh73:
* Thu Feb 17 2005 Dominic Hargreaves <dom@xxxxxxxx> 2.0.2-4.1.legacy.1

- Add gettext, libtool, autoconf build dep

* Sun Sep 19 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.0.2-4.1.lega
cy

- Added security patch for CAN-2004-0782, CAN-2004-0783, CAN-2004-0788

rh9:
* Wed Feb 23 2005 Dominic Hargreaves <dom@xxxxxxxx> 2.2.1-4.1.legacy.1

- Fix build requirement for automake

* Sun Sep 19 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.2.1-4.1.lega
cy

- add security fixes for CAN-2004-0753, CAN-2004-0782,
  CAN-2004-0783, CAN-2004-0788

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
40a04f9de6f6c3c25ee15a275f15b5905c584cd5  redhat/7.3/updates-testing/SRPMS/gtk2-2.0.2-4.1.legacy.1.src.rpm
804021fcabd265dbf90eaf0ea5b5fa8e8e60a12b  redhat/7.3/updates-testing/i386/gtk2-2.0.2-4.1.legacy.1.i386.rpm
3e1abc389122c5a5a76c4007d9c59584aabd0234  redhat/7.3/updates-testing/i386/gtk2-devel-2.0.2-4.1.legacy.1.i386.rpm

rh9:
0a6fd49149977d627fc14a8a4eebe4dfe69fcfd9  redhat/9/updates-testing/SRPMS/gtk2-2.2.1-4.1.legacy.1.src.rpm
eb8b595676024ccc5cb2f61eaeaa55e765cfa698  redhat/9/updates-testing/i386/gtk2-2.2.1-4.1.legacy.1.i386.rpm
b64b81500f5815becc4a264c640e91221f596d00  redhat/9/updates-testing/i386/gtk2-devel-2.2.1-4.1.legacy.1.i386.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.