__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN gdk-pixbuf security update [RHSA-2005:810-9] November 16, 2005 19:00 GMT Number Q-054 [REVISED 29 Nov 2005] [REVISED 01 Dec 2005] ______________________________________________________________________________ PROBLEM: A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. PLATFORM: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor Debian GNU/Linux 3.0 and 3.1 (woody and sarge) SGI ProPack 3 Service Pack 6 DAMAGE: An attacker could execute arbitrary code. SOLUTION: Apply current patches. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. An attacker could execute arbitrary code. ASSESSMENT: ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-054.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2005-810.html ADDITIONAL LINKS: Debian Security Advisory DSA-911-1 and 913-1 http://www.debian.org/security/2005/dsa-911 http://www.debian.org/security/2005/dsa-913 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2005-2975 CVE-2005-2976 CVE-2005-3186 ______________________________________________________________________________ REVISION HISTORY: 11/29/05 - added links to Debian Security Advisory DSA-911 and SGI Security Update #51, providing updates addressing this vulnerability. 12/01/05 - added link to Debian Security Advisory DSA-913. [***** Start RHSA-2005:810-9 *****] Important: gdk-pixbuf security update Advisory: RHSA-2005:810-9 Type: Security Advisory Issued on: 2005-11-15 Last updated on: 2005-11-15 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor CVEs (cve.mitre.org): CVE-2005-2975 CVE-2005-2976 CVE-2005-3186 Details Updated gdk-pixbuf packages that fix several security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue. Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Users of gdk-pixbuf are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) SRPMS: gdk-pixbuf-0.22.0-13.el3.3.src.rpm ebe0b3e9475a081fb1e440859b18aa41 IA-32: gdk-pixbuf-0.22.0-13.el3.3.i386.rpm a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-devel-0.22.0-13.el3.3.i386.rpm b9a4428f150b1a2b254c28ec1ef3ad68 gdk-pixbuf-gnome-0.22.0-13.el3.3.i386.rpm 233cf43c7684265346a2870106827dbb x86_64: gdk-pixbuf-0.22.0-13.el3.3.i386.rpm a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.x86_64.rpm 6d71d761fb4c57b6929e45328b737430 gdk-pixbuf-devel-0.22.0-13.el3.3.x86_64.rpm fe71ef624d7d72e1088ecf99a0d8964e gdk-pixbuf-gnome-0.22.0-13.el3.3.x86_64.rpm 99361ad12142f6649862b34492d44161 Red Hat Desktop (v. 4) SRPMS: gdk-pixbuf-0.22.0-17.el4.3.src.rpm 8f98649a87e4b1cac5c2bec357f3e2d1 IA-32: gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm f530d05031db8603b003d27dd8bc315f x86_64: gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm 021d4b0918b36f768be0915bf25d3506 gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm 2bc4b69e7df26ca388139ac22b1488a1 Red Hat Enterprise Linux AS (v. 2.1) SRPMS: gdk-pixbuf-0.22.0-12.el2.3.src.rpm 5bea8970a777c2e2197c343d64669f1a IA-32: gdk-pixbuf-0.22.0-12.el2.3.i386.rpm 28ad503e6c7cf397277bf9d60b2b64b8 gdk-pixbuf-devel-0.22.0-12.el2.3.i386.rpm 7d4d3f1c4492eb2aaded956ad8028e2e gdk-pixbuf-gnome-0.22.0-12.el2.3.i386.rpm 54833c2b7785977352d13fa3fe534c24 IA-64: gdk-pixbuf-0.22.0-12.el2.3.ia64.rpm cc7b986a3d8513a9d6b851b7d6650158 gdk-pixbuf-devel-0.22.0-12.el2.3.ia64.rpm 3fe74f7116a28990f296154a45dfcdd7 gdk-pixbuf-gnome-0.22.0-12.el2.3.ia64.rpm 401c82d6c91904940173f42618b696ee Red Hat Enterprise Linux AS (v. 3) SRPMS: gdk-pixbuf-0.22.0-13.el3.3.src.rpm ebe0b3e9475a081fb1e440859b18aa41 IA-32: gdk-pixbuf-0.22.0-13.el3.3.i386.rpm a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-devel-0.22.0-13.el3.3.i386.rpm b9a4428f150b1a2b254c28ec1ef3ad68 gdk-pixbuf-gnome-0.22.0-13.el3.3.i386.rpm 233cf43c7684265346a2870106827dbb IA-64: gdk-pixbuf-0.22.0-13.el3.3.i386.rpm a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.ia64.rpm 833a671af2cd66a28ce7e2bf12eee13e gdk-pixbuf-devel-0.22.0-13.el3.3.ia64.rpm 315df07a3664142ad20253967e745b88 gdk-pixbuf-gnome-0.22.0-13.el3.3.ia64.rpm 470d6728d82db236cdd4ca49fe39e290 PPC: gdk-pixbuf-0.22.0-13.el3.3.ppc.rpm a18a4ce7200859ec784b24715c91b7b0 gdk-pixbuf-0.22.0-13.el3.3.ppc64.rpm aeeeb699b739c135e0e5c8413a171ead gdk-pixbuf-devel-0.22.0-13.el3.3.ppc.rpm c6b914ee5245697f917438fe5cb72247 gdk-pixbuf-gnome-0.22.0-13.el3.3.ppc.rpm 418d51ffeb3c3b60ab3683a6b23d6b26 s390: gdk-pixbuf-0.22.0-13.el3.3.s390.rpm 1ee53f56d6e7a53e1b765dd67d6f21fb gdk-pixbuf-devel-0.22.0-13.el3.3.s390.rpm e5913217d5e52b6bcdfcccbd6f15bdbe gdk-pixbuf-gnome-0.22.0-13.el3.3.s390.rpm 143294a23f39a1cb9a2b2330135328a7 s390x: gdk-pixbuf-0.22.0-13.el3.3.s390.rpm 1ee53f56d6e7a53e1b765dd67d6f21fb gdk-pixbuf-0.22.0-13.el3.3.s390x.rpm 52a67a4ed71b6258dfd3d0cf6bc76489 gdk-pixbuf-devel-0.22.0-13.el3.3.s390x.rpm 337524639387626d21755bea87811ef9 gdk-pixbuf-gnome-0.22.0-13.el3.3.s390x.rpm d0bc2d8fe6ea6839e3688de896cf10fa x86_64: gdk-pixbuf-0.22.0-13.el3.3.i386.rpm a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.x86_64.rpm 6d71d761fb4c57b6929e45328b737430 gdk-pixbuf-devel-0.22.0-13.el3.3.x86_64.rpm fe71ef624d7d72e1088ecf99a0d8964e gdk-pixbuf-gnome-0.22.0-13.el3.3.x86_64.rpm 99361ad12142f6649862b34492d44161 Red Hat Enterprise Linux AS (v. 4) SRPMS: gdk-pixbuf-0.22.0-17.el4.3.src.rpm 8f98649a87e4b1cac5c2bec357f3e2d1 IA-32: gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm f530d05031db8603b003d27dd8bc315f IA-64: gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.ia64.rpm 95a393d1c23b080098567a541a3fd4a6 gdk-pixbuf-devel-0.22.0-17.el4.3.ia64.rpm 9ac8a15c9557de6011ac7e173c2e1dc6 PPC: gdk-pixbuf-0.22.0-17.el4.3.ppc.rpm 19f1900fcbeceee3ffba51a8fd1019eb gdk-pixbuf-0.22.0-17.el4.3.ppc64.rpm fd101356cae3f3703a86467223e3b4ff gdk-pixbuf-devel-0.22.0-17.el4.3.ppc.rpm ae4d063b07659d79778e38c39e8ce25d s390: gdk-pixbuf-0.22.0-17.el4.3.s390.rpm b71b326b9bd4b83313f3de589631e409 gdk-pixbuf-devel-0.22.0-17.el4.3.s390.rpm 0453a6c73cb58b51a94bf6d6c55a634f s390x: gdk-pixbuf-0.22.0-17.el4.3.s390.rpm b71b326b9bd4b83313f3de589631e409 gdk-pixbuf-0.22.0-17.el4.3.s390x.rpm 0d7fb9c7ee09cea545a601e22b84ccd3 gdk-pixbuf-devel-0.22.0-17.el4.3.s390x.rpm 7b7559e898bf3b9b95378b1f93dabbcd x86_64: gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm 021d4b0918b36f768be0915bf25d3506 gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm 2bc4b69e7df26ca388139ac22b1488a1 Red Hat Enterprise Linux ES (v. 2.1) SRPMS: gdk-pixbuf-0.22.0-12.el2.3.src.rpm 5bea8970a777c2e2197c343d64669f1a IA-32: gdk-pixbuf-0.22.0-12.el2.3.i386.rpm 28ad503e6c7cf397277bf9d60b2b64b8 gdk-pixbuf-devel-0.22.0-12.el2.3.i386.rpm 7d4d3f1c4492eb2aaded956ad8028e2e gdk-pixbuf-gnome-0.22.0-12.el2.3.i386.rpm 54833c2b7785977352d13fa3fe534c24 Red Hat Enterprise Linux ES (v. 3) SRPMS: gdk-pixbuf-0.22.0-13.el3.3.src.rpm ebe0b3e9475a081fb1e440859b18aa41 IA-32: gdk-pixbuf-0.22.0-13.el3.3.i386.rpm a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-devel-0.22.0-13.el3.3.i386.rpm b9a4428f150b1a2b254c28ec1ef3ad68 gdk-pixbuf-gnome-0.22.0-13.el3.3.i386.rpm 233cf43c7684265346a2870106827dbb IA-64: gdk-pixbuf-0.22.0-13.el3.3.i386.rpm a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.ia64.rpm 833a671af2cd66a28ce7e2bf12eee13e gdk-pixbuf-devel-0.22.0-13.el3.3.ia64.rpm 315df07a3664142ad20253967e745b88 gdk-pixbuf-gnome-0.22.0-13.el3.3.ia64.rpm 470d6728d82db236cdd4ca49fe39e290 x86_64: gdk-pixbuf-0.22.0-13.el3.3.i386.rpm a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.x86_64.rpm 6d71d761fb4c57b6929e45328b737430 gdk-pixbuf-devel-0.22.0-13.el3.3.x86_64.rpm fe71ef624d7d72e1088ecf99a0d8964e gdk-pixbuf-gnome-0.22.0-13.el3.3.x86_64.rpm 99361ad12142f6649862b34492d44161 Red Hat Enterprise Linux ES (v. 4) SRPMS: gdk-pixbuf-0.22.0-17.el4.3.src.rpm 8f98649a87e4b1cac5c2bec357f3e2d1 IA-32: gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm f530d05031db8603b003d27dd8bc315f IA-64: gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.ia64.rpm 95a393d1c23b080098567a541a3fd4a6 gdk-pixbuf-devel-0.22.0-17.el4.3.ia64.rpm 9ac8a15c9557de6011ac7e173c2e1dc6 x86_64: gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm 021d4b0918b36f768be0915bf25d3506 gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm 2bc4b69e7df26ca388139ac22b1488a1 Red Hat Enterprise Linux WS (v. 2.1) SRPMS: gdk-pixbuf-0.22.0-12.el2.3.src.rpm 5bea8970a777c2e2197c343d64669f1a IA-32: gdk-pixbuf-0.22.0-12.el2.3.i386.rpm 28ad503e6c7cf397277bf9d60b2b64b8 gdk-pixbuf-devel-0.22.0-12.el2.3.i386.rpm 7d4d3f1c4492eb2aaded956ad8028e2e gdk-pixbuf-gnome-0.22.0-12.el2.3.i386.rpm 54833c2b7785977352d13fa3fe534c24 Red Hat Enterprise Linux WS (v. 3) SRPMS: gdk-pixbuf-0.22.0-13.el3.3.src.rpm ebe0b3e9475a081fb1e440859b18aa41 IA-32: gdk-pixbuf-0.22.0-13.el3.3.i386.rpm a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-devel-0.22.0-13.el3.3.i386.rpm b9a4428f150b1a2b254c28ec1ef3ad68 gdk-pixbuf-gnome-0.22.0-13.el3.3.i386.rpm 233cf43c7684265346a2870106827dbb IA-64: gdk-pixbuf-0.22.0-13.el3.3.i386.rpm a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.ia64.rpm 833a671af2cd66a28ce7e2bf12eee13e gdk-pixbuf-devel-0.22.0-13.el3.3.ia64.rpm 315df07a3664142ad20253967e745b88 gdk-pixbuf-gnome-0.22.0-13.el3.3.ia64.rpm 470d6728d82db236cdd4ca49fe39e290 x86_64: gdk-pixbuf-0.22.0-13.el3.3.i386.rpm a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.x86_64.rpm 6d71d761fb4c57b6929e45328b737430 gdk-pixbuf-devel-0.22.0-13.el3.3.x86_64.rpm fe71ef624d7d72e1088ecf99a0d8964e gdk-pixbuf-gnome-0.22.0-13.el3.3.x86_64.rpm 99361ad12142f6649862b34492d44161 Red Hat Enterprise Linux WS (v. 4) SRPMS: gdk-pixbuf-0.22.0-17.el4.3.src.rpm 8f98649a87e4b1cac5c2bec357f3e2d1 IA-32: gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm f530d05031db8603b003d27dd8bc315f IA-64: gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.ia64.rpm 95a393d1c23b080098567a541a3fd4a6 gdk-pixbuf-devel-0.22.0-17.el4.3.ia64.rpm 9ac8a15c9557de6011ac7e173c2e1dc6 x86_64: gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm 021d4b0918b36f768be0915bf25d3506 gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm 2bc4b69e7df26ca388139ac22b1488a1 Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor SRPMS: gdk-pixbuf-0.22.0-12.el2.3.src.rpm 5bea8970a777c2e2197c343d64669f1a IA-64: gdk-pixbuf-0.22.0-12.el2.3.ia64.rpm cc7b986a3d8513a9d6b851b7d6650158 gdk-pixbuf-devel-0.22.0-12.el2.3.ia64.rpm 3fe74f7116a28990f296154a45dfcdd7 gdk-pixbuf-gnome-0.22.0-12.el2.3.ia64.rpm 401c82d6c91904940173f42618b696ee (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 171071 - CVE-2005-3186 XPM buffer overflow 171900 - CVE-2005-2975 Multiple XPM processing issues (CVE-2005-2976) References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186 [***** End RHSA-2005:810-9 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-044: openvpn Q-045: clamav Q-046: Vulnerabilities in Graphics Rendering Engine Q-047: VERITAS Cluster Server for UNIX Q-048: VERITAS NetBackup 5.x Q-049: HP-UX envd Local Execution of Privileged Code Q-050: awstats Q-051: Flash Player 7 Improper Memory Access Vulnerability Q-052: awstats Q-053: HP-UX Running xterm Local Unauthorized Access