Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2004.0582 -- RHSA-2004:466-01
Updated gtk2 packages fix security flaws and bugs
16 September 2004
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: gtk2
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Linux variants
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CAN-2004-0788 CAN-2004-0783 CAN-2004-0782
CAN-2004-0753 CAN-2004-0691
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated gtk2 packages fix security flaws and bugs
Advisory ID: RHSA-2004:466-01
Issue date: 2004-09-15
Updated on: 2004-09-15
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0753 CAN-2004-0782 CAN-2004-0783 CAN-2004-0788
- - ---------------------------------------------------------------------
1. Summary:
Updated gtk2 packages that fix several security flaws and bugs are now
available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating
graphical user interfaces for the X Window System.
During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was
discovered in the BMP image processor of gtk2. An attacker could create a
carefully crafted BMP file which would cause an application to enter an
infinite loop and not respond to user input when the file was opened by a
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0753 to this issue.
During a security audit Chris Evans discovered a stack and a heap overflow
in the XPM image decoder. An attacker could create a carefully crafted XPM
file which could cause an application linked with gtk2 to crash or possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)
Chris Evans also discovered an integer overflow in the ICO image decoder.
An attacker could create a carefully crafted ICO file which could cause an
application linked with gtk2 to crash when the file was opened by a victim.
(CAN-2004-0788)
This updated gtk2 package also fixes a few key combination bugs on various
X servers, such as Hummingbird, ReflectionX, and X-Win32. If a server was
configured to use the Swiss German, Swiss French, or France French keyboard
layouts, Mode_Switched characters were unable to be entered within GTK
based applications.
Users of gtk2 are advised to upgrade to these packages which contain
backported patches and are not vulnerable to these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):
130450 - CAN-2004-0753 bmp image loader DOS
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gtk2-2.2.4-8.1.src.rpm
6ac62a2aeab6c7a99ff4b3a657530f89 gtk2-2.2.4-8.1.src.rpm
i386:
37607c300bef5d9dd9858474031f582c gtk2-2.2.4-8.1.i386.rpm
2d0c1fe11fc0a9a165debb0cbac24b4e gtk2-devel-2.2.4-8.1.i386.rpm
ia64:
b3b57ef2a9b4c577cad9639fd194db14 gtk2-2.2.4-8.1.ia64.rpm
cf89006e9943f4b23aeb7a410c91c542 gtk2-devel-2.2.4-8.1.ia64.rpm
ppc:
766df9da1dca48a5f110dc96b9c29015 gtk2-2.2.4-8.1.ppc.rpm
eadbbab509000019eae608a8748cfbde gtk2-devel-2.2.4-8.1.ppc.rpm
s390:
a3692edac044b25e4c8c2012437888e7 gtk2-2.2.4-8.1.s390.rpm
f1821966b229cd61264b9af61fafdb88 gtk2-devel-2.2.4-8.1.s390.rpm
s390x:
e45909f903fc90707ef451051d31853c gtk2-2.2.4-8.1.s390x.rpm
4190a6fdeed17fe104def7551c1ea51e gtk2-devel-2.2.4-8.1.s390x.rpm
x86_64:
7c5c8d7447e340310576c2909985268c gtk2-2.2.4-8.1.x86_64.rpm
37607c300bef5d9dd9858474031f582c gtk2-2.2.4-8.1.i386.rpm
8ebd7aea9fe419a1e60c1405fae01f5a gtk2-devel-2.2.4-8.1.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gtk2-2.2.4-8.1.src.rpm
6ac62a2aeab6c7a99ff4b3a657530f89 gtk2-2.2.4-8.1.src.rpm
i386:
37607c300bef5d9dd9858474031f582c gtk2-2.2.4-8.1.i386.rpm
2d0c1fe11fc0a9a165debb0cbac24b4e gtk2-devel-2.2.4-8.1.i386.rpm
x86_64:
7c5c8d7447e340310576c2909985268c gtk2-2.2.4-8.1.x86_64.rpm
37607c300bef5d9dd9858474031f582c gtk2-2.2.4-8.1.i386.rpm
8ebd7aea9fe419a1e60c1405fae01f5a gtk2-devel-2.2.4-8.1.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gtk2-2.2.4-8.1.src.rpm
6ac62a2aeab6c7a99ff4b3a657530f89 gtk2-2.2.4-8.1.src.rpm
i386:
37607c300bef5d9dd9858474031f582c gtk2-2.2.4-8.1.i386.rpm
2d0c1fe11fc0a9a165debb0cbac24b4e gtk2-devel-2.2.4-8.1.i386.rpm
ia64:
b3b57ef2a9b4c577cad9639fd194db14 gtk2-2.2.4-8.1.ia64.rpm
cf89006e9943f4b23aeb7a410c91c542 gtk2-devel-2.2.4-8.1.ia64.rpm
x86_64:
7c5c8d7447e340310576c2909985268c gtk2-2.2.4-8.1.x86_64.rpm
37607c300bef5d9dd9858474031f582c gtk2-2.2.4-8.1.i386.rpm
8ebd7aea9fe419a1e60c1405fae01f5a gtk2-devel-2.2.4-8.1.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gtk2-2.2.4-8.1.src.rpm
6ac62a2aeab6c7a99ff4b3a657530f89 gtk2-2.2.4-8.1.src.rpm
i386:
37607c300bef5d9dd9858474031f582c gtk2-2.2.4-8.1.i386.rpm
2d0c1fe11fc0a9a165debb0cbac24b4e gtk2-devel-2.2.4-8.1.i386.rpm
ia64:
b3b57ef2a9b4c577cad9639fd194db14 gtk2-2.2.4-8.1.ia64.rpm
cf89006e9943f4b23aeb7a410c91c542 gtk2-devel-2.2.4-8.1.ia64.rpm
x86_64:
7c5c8d7447e340310576c2909985268c gtk2-2.2.4-8.1.x86_64.rpm
37607c300bef5d9dd9858474031f582c gtk2-2.2.4-8.1.i386.rpm
8ebd7aea9fe419a1e60c1405fae01f5a gtk2-devel-2.2.4-8.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package
7. References:
http://bugzilla.gnome.org/show_bug.cgi?id=150601
http://bugzilla.gnome.org/show_bug.cgi?id=144808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0788
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact.html
Copyright 2004 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBSGQcXlSAg2UNWIIRAu2kAKC+tlzedDiSRT79O4rlLaKjy6E6twCfcmzH
nvsTVhfTUPG5xC9CtaBX1zY=
=m7td
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQUkyHih9+71yA2DNAQJOygP7BgDTJ0FcMC+zkL9kj7m4UJVblOecTGGM
5eRwFf5bGilF2lirbdcIb5s0+zl/vGM1e2MioLkB77FWF3XbBu/c5+Z/1JyZ7ou7
bRWVHbZaydS896AmHtMXq6kZKqTTnAyIocRSWAhT38JnmOsr/CNYtEVcA+k8pqKJ
IxTSvOvaGIk=
=e3l8
-----END PGP SIGNATURE-----