Red Hat alert RHSA-2004:103-01 (gdk-pixbuf)

From:
    	     
 
bugzilla@redhat.com
To:
    	     
 
enterprise-watch-list@redhat.com
Subject:
    	     
 
[RHSA-2004:103-01] Updated gdk-pixbuf packages fix crash
Date:
    	     
 
Wed, 10 Mar 2004 11:27 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated gdk-pixbuf packages fix crash
Advisory ID:       RHSA-2004:103-01
Issue date:        2004-03-10
Updated on:        2004-03-10
Product:           Red Hat Enterprise Linux
Keywords:          DoS
Cross references:  
Obsoletes:         
CVE Names:         CAN-2004-0111
- ---------------------------------------------------------------------

1. Topic:

Updated gdk-pixbuf packages that fix a crash are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 3 - i386
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The gdk-pixbuf package contains an image loading library used with the 
GNOME GUI desktop environment.  

Thomas Kristensen discovered a bitmap file that would cause versions of
gdk-pixbuf prior to 0.20 to crash.  To exploit this flaw, an attacker would
need to get a victim to open a carefully-crafted BMP file in an application
that used gdk-pixbuf.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0111 to this issue.

Users are advised to upgrade to these updated packages containing
gdk-pixbuf version 0.22, which is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate 
Errors, you need to install a version of the up2date client with an updated 
certificate.  The latest version of up2date is available from the Red Hat 
FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

116918 - CAN-2004-0111 gdk-pixbuf can crash with malicious BMP file

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm

i386:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.0.3.i386.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.0.3.i386.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.0.3.i386.rpm

ia64:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.0.3.ia64.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.0.3.ia64.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.0.3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm

ia64:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.0.3.ia64.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.0.3.ia64.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.0.3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm

i386:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.0.3.i386.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.0.3.i386.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.0.3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm

i386:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.0.3.i386.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.0.3.i386.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.0.3.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.1.1.src.rpm

i386:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.i386.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.i386.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.i386.rpm

ia64:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.ia64.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.ia64.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.ia64.rpm

ppc:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.ppc.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.ppc.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.ppc.rpm

s390:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.s390.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.s390.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.s390.rpm

s390x:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.s390x.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.s390x.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.s390x.rpm

x86_64:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.x86_64.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.x86_64.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gdk-pixbuf-0.22.0-6.1.1.src.rpm

i386:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.i386.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.i386.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.i386.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.1.1.src.rpm

i386:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.i386.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.i386.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.i386.rpm

ia64:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.ia64.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.ia64.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.ia64.rpm

x86_64:
Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.x86_64.rpm
Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.x86_64.rpm
Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.x86_64.rpm



7. Verification:

MD5 sum                          Package Name
- --------------------------------------------------------------------------

128970a02d0b6b3b6dd753e677fa9db8 2.1AS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm
084ca13b2aa023e61d8acb6c637a9fdd 2.1AS/en/os/i386/gdk-pixbuf-0.22.0-6.0.3.i386.rpm
5dc773beabca6a1dcc5fe2e08989514c 2.1AS/en/os/i386/gdk-pixbuf-devel-0.22.0-6.0.3.i386.rpm
87701753099582e758e51e811f878ecc 2.1AS/en/os/i386/gdk-pixbuf-gnome-0.22.0-6.0.3.i386.rpm
0282b12c24d29dbd107f60309fc26c95 2.1AS/en/os/ia64/gdk-pixbuf-0.22.0-6.0.3.ia64.rpm
c7e702ed2b2868d67e7e2a6e299ca0f9 2.1AS/en/os/ia64/gdk-pixbuf-devel-0.22.0-6.0.3.ia64.rpm
229cd0ae2acc0cde6289eec8a7f352c7 2.1AS/en/os/ia64/gdk-pixbuf-gnome-0.22.0-6.0.3.ia64.rpm
128970a02d0b6b3b6dd753e677fa9db8 2.1AW/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm
0282b12c24d29dbd107f60309fc26c95 2.1AW/en/os/ia64/gdk-pixbuf-0.22.0-6.0.3.ia64.rpm
c7e702ed2b2868d67e7e2a6e299ca0f9 2.1AW/en/os/ia64/gdk-pixbuf-devel-0.22.0-6.0.3.ia64.rpm
229cd0ae2acc0cde6289eec8a7f352c7 2.1AW/en/os/ia64/gdk-pixbuf-gnome-0.22.0-6.0.3.ia64.rpm
128970a02d0b6b3b6dd753e677fa9db8 2.1ES/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm
084ca13b2aa023e61d8acb6c637a9fdd 2.1ES/en/os/i386/gdk-pixbuf-0.22.0-6.0.3.i386.rpm
5dc773beabca6a1dcc5fe2e08989514c 2.1ES/en/os/i386/gdk-pixbuf-devel-0.22.0-6.0.3.i386.rpm
87701753099582e758e51e811f878ecc 2.1ES/en/os/i386/gdk-pixbuf-gnome-0.22.0-6.0.3.i386.rpm
128970a02d0b6b3b6dd753e677fa9db8 2.1WS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm
084ca13b2aa023e61d8acb6c637a9fdd 2.1WS/en/os/i386/gdk-pixbuf-0.22.0-6.0.3.i386.rpm
5dc773beabca6a1dcc5fe2e08989514c 2.1WS/en/os/i386/gdk-pixbuf-devel-0.22.0-6.0.3.i386.rpm
87701753099582e758e51e811f878ecc 2.1WS/en/os/i386/gdk-pixbuf-gnome-0.22.0-6.0.3.i386.rpm
a49877536890e2e1cd1e55ff600ae263 3AS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.1.1.src.rpm
fa03a5b2b441bae8338a17f884d0ad5d 3AS/en/os/i386/gdk-pixbuf-0.22.0-6.1.1.i386.rpm
9b1e815c0dc937c03c3095c9299b99e0 3AS/en/os/i386/gdk-pixbuf-devel-0.22.0-6.1.1.i386.rpm
92a8e1f2a6743dc1e4a3abac6db25c58 3AS/en/os/i386/gdk-pixbuf-gnome-0.22.0-6.1.1.i386.rpm
224507a5e24f6072b248371a266af5e9 3AS/en/os/ia64/gdk-pixbuf-0.22.0-6.1.1.ia64.rpm
47370691824a745e336dd00ec4a4fd4f 3AS/en/os/ia64/gdk-pixbuf-devel-0.22.0-6.1.1.ia64.rpm
3f12660f4158b339571f2adeeffb68d1 3AS/en/os/ia64/gdk-pixbuf-gnome-0.22.0-6.1.1.ia64.rpm
e0e7a3e905768769e2a8928f68996748 3AS/en/os/ppc/gdk-pixbuf-0.22.0-6.1.1.ppc.rpm
72610308a9609c69ec8bd880c2baaf0a 3AS/en/os/ppc/gdk-pixbuf-devel-0.22.0-6.1.1.ppc.rpm
a4f425224ffd6a79a433364e2ba5b48a 3AS/en/os/ppc/gdk-pixbuf-gnome-0.22.0-6.1.1.ppc.rpm
ade26a54f2f46b023375208faabe330d 3AS/en/os/s390/gdk-pixbuf-0.22.0-6.1.1.s390.rpm
8d5831f05f263aa2ad8351a073acb4e5 3AS/en/os/s390/gdk-pixbuf-devel-0.22.0-6.1.1.s390.rpm
34d8e15b8ed3ebc40ecafef2d8d31495 3AS/en/os/s390/gdk-pixbuf-gnome-0.22.0-6.1.1.s390.rpm
9447f1d9aa3085787fca10483448a08b 3AS/en/os/s390x/gdk-pixbuf-0.22.0-6.1.1.s390x.rpm
bd64e3669337df7f5c25447cd47804a4 3AS/en/os/s390x/gdk-pixbuf-devel-0.22.0-6.1.1.s390x.rpm
78d6d4f9a4338b909f3e44b5f49e9127 3AS/en/os/s390x/gdk-pixbuf-gnome-0.22.0-6.1.1.s390x.rpm
2ba13b1af3f8eec7ec8320be10310073 3AS/en/os/x86_64/gdk-pixbuf-0.22.0-6.1.1.x86_64.rpm
292efbac89a92e2caab6d57e85568877 3AS/en/os/x86_64/gdk-pixbuf-devel-0.22.0-6.1.1.x86_64.rpm
847dad18037832f5642a9b2ef7a139ab 3AS/en/os/x86_64/gdk-pixbuf-gnome-0.22.0-6.1.1.x86_64.rpm
a49877536890e2e1cd1e55ff600ae263 3ES/en/os/SRPMS/gdk-pixbuf-0.22.0-6.1.1.src.rpm
fa03a5b2b441bae8338a17f884d0ad5d 3ES/en/os/i386/gdk-pixbuf-0.22.0-6.1.1.i386.rpm
9b1e815c0dc937c03c3095c9299b99e0 3ES/en/os/i386/gdk-pixbuf-devel-0.22.0-6.1.1.i386.rpm
92a8e1f2a6743dc1e4a3abac6db25c58 3ES/en/os/i386/gdk-pixbuf-gnome-0.22.0-6.1.1.i386.rpm
a49877536890e2e1cd1e55ff600ae263 3WS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.1.1.src.rpm
fa03a5b2b441bae8338a17f884d0ad5d 3WS/en/os/i386/gdk-pixbuf-0.22.0-6.1.1.i386.rpm
9b1e815c0dc937c03c3095c9299b99e0 3WS/en/os/i386/gdk-pixbuf-devel-0.22.0-6.1.1.i386.rpm
92a8e1f2a6743dc1e4a3abac6db25c58 3WS/en/os/i386/gdk-pixbuf-gnome-0.22.0-6.1.1.i386.rpm
224507a5e24f6072b248371a266af5e9 3WS/en/os/ia64/gdk-pixbuf-0.22.0-6.1.1.ia64.rpm
47370691824a745e336dd00ec4a4fd4f 3WS/en/os/ia64/gdk-pixbuf-devel-0.22.0-6.1.1.ia64.rpm
3f12660f4158b339571f2adeeffb68d1 3WS/en/os/ia64/gdk-pixbuf-gnome-0.22.0-6.1.1.ia64.rpm
2ba13b1af3f8eec7ec8320be10310073 3WS/en/os/x86_64/gdk-pixbuf-0.22.0-6.1.1.x86_64.rpm
292efbac89a92e2caab6d57e85568877 3WS/en/os/x86_64/gdk-pixbuf-devel-0.22.0-6.1.1.x86_64.rpm
847dad18037832f5642a9b2ef7a139ab 3WS/en/os/x86_64/gdk-pixbuf-gnome-0.22.0-6.1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key is
available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0111

9. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAT0HYXlSAg2UNWIIRAh+IAJ9GKtHxNcUpPrS/irIxs+nBJdwSWACeLQ7i
+UNHB2Fx7j4wvwEDQZjrTs8=
=BzDy
-----END PGP SIGNATURE-----

-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list