O-217: "gdk-pixbuf" Package vulnerability

O-217: "gdk-pixbuf" Package vulnerability Privacy and Legal Notice INFORMATION BULLETIN O-217: "gdk-pixbuf" Package vulnerability [Red Hat Advisory RHSA-2004:447-17] September 15, 2004 21:00 GMT
[REVISED 16 Sep 2004]
[REVISED 20 Sep 2004]
[REVISED 01 Oct 2004]
[REVISED 14 Jul 2005]


PROBLEM:	Several security vulnerabilities were found in the gdk-pixbuf packages. The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment.
PLATFORM:	Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor Debian GNU/Linux 3.0 (woody) GTK+2 SPARC Platform: GNOME 2.0 (for Solaris 8) without patch 114644-03 GNOME 2.0 (for Solaris 9) without patch 114686-03 GNOME 2.0.2 (for Solaris 9) without patch 115738-04 x86 Platform GNOME 2.0 (for Solaris 8) without patch 114645-03 GNOME 2.0 (for Solaris 9) without patch 114687-03 GNOME 2.0.2 (for Solaris 9) without patch 115739-04 Solaris 9 with JDS release 2 installed
DAMAGE:	An attacker could create a carefully crafted XPM file such that it could cause an application to execute arbitrary code when the file is opened. Further, this vulnerability may allow an attacker to create a carefully crafted BMP or ICO file that could cause an application to crash when opened.
SOLUTION:	Install the updated packages. NOTE: some vendors are suggesting that whole Gtk packages be replaced if available.

VULNERABILITY ASSESSMENT:	The risk is HIGH. A remote intruder could get root access if they can convince users to open an XPM file and the user is logged on as root. This is only a problem if you use gdk-pixbuf to render images.

LINKS:
CIAC BULLETIN:	http://www.ciac.org/ciac/bulletins/o-217.shtml
ORIGINAL BULLETIN:	https://rhn.redhat.com/errata/RHSA-2004-447.html
ADDITIONAL LINKS:	Debian Security Advisory DSA-546-1 http://www.debian.org/security/2004/dsa-546 (gdk) Debian Security Advisory DSA-549-1 http://www.debian.org/security/2004/dsa-549 (gtk) US-CERT Vulnerability Notes: VU#577654 http://www.kb.cert.org/vuls/id/577654 VU#825374 http://www.kb.cert.org/vuls/id/825374 VU#369358 http://www.kb.cert.org/vuls/id/369358 VU#729894 http://www.kb.cert.org/vuls/id/729894 Sun Alert ID: 101776 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101776-1&searchclause=security
CVE/CAN:	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2004-0753, CAN-2004-0782, CAN-2004-0783, CAN-2004-0788

REVISION HISTORY:
09/16/04 - added a link to Debian Security Advisory DSA-546-1 that provides 
           updated Gdk packages addressing this vulnerability.
09/20/04 - added a link to Debian Security Advisory DSA-549-1 that provides 
           updated Gtk packages addressing this vulnerability.
10/01/04 - add links to US-CERT Vulnerability Notes:  VU#577654, VU#825374, 
           VU#369358, and VU#729894.
07/14/05 - added a link to Sun Security Alert ID: 101776 that provides security
           updates for this vulnerability.
			 
			 
			 	 
[***** Start Red Hat Advisory RHSA-2004:447-17 *****]

 Updated gdk-pixbuf packages fix security flaws

Advisory: RHSA-2004:447-23 
Last updated on: 2004-09-15 

Affected Products: Red Hat Desktop (v. 3)
                   Red Hat Enterprise Linux AS (v. 2.1)
                   Red Hat Enterprise Linux AS (v. 3)
                   Red Hat Enterprise Linux ES (v. 2.1)
                   Red Hat Enterprise Linux ES (v. 3)
                   Red Hat Enterprise Linux WS (v. 2.1)
                   Red Hat Enterprise Linux WS (v. 3)
                   Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor 

CVEs (cve.mitre.org): CAN-2004-0753
                      CAN-2004-0782
                      CAN-2004-0783
                      CAN-2004-0788
 

Security Advisory 


Details:

Updated gdk-pixbuf packages that fix several security flaws are now available.

The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment.

[Updated 15th September 2004]
Packages have been updated to correct a bug which caused the xpm loader
to fail.

During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was
discovered in the BMP image processor of gdk-pixbuf. An attacker could
create a carefully crafted BMP file which would cause an application
to enter an infinite loop and not respond to user input when the file was
opened by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0753 to this issue.

During a security audit, Chris Evans discovered a stack and a heap overflow
in the XPM image decoder. An attacker could create a carefully crafted XPM
file which could cause an application linked with gtk2 to crash or possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer overflow in the ICO image decoder.
An attacker could create a carefully crafted ICO file which could cause an
application linked with gtk2 to crash when the file is opened by a victim.
(CAN-2004-0788)

These packages have also been updated to correct a bug which caused the xpm
loader to fail.

Users of gdk-pixbuf are advised to upgrade to these packages, which
contain backported patches and are not vulnerable to these issues.



Updated packages:

Red Hat Desktop (v. 3) 

--------------------------------------------------------------------------------
 
AMD64: 
gdk-pixbuf-0.22.0-11.3.3.x86_64.rpm     0678c0efeb2cceae8fee9dbb8797f2af 
gdk-pixbuf-devel-0.22.0-11.3.3.x86_64.rpm     160fa97f945efec1ce56ea494541c520 
gdk-pixbuf-gnome-0.22.0-11.3.3.x86_64.rpm     92b07889b33dc280fdb136b02325c53e 
  
SRPMS: 
gdk-pixbuf-0.22.0-11.3.3.src.rpm     adde2ead86237f92b7a346394dfb93bc 
  
i386: 
gdk-pixbuf-0.22.0-11.3.3.i386.rpm     92fadd028df0850e6b61e01b440ade70 
gdk-pixbuf-devel-0.22.0-11.3.3.i386.rpm     4c80a32cb8573720bdcc06b39475754f 
gdk-pixbuf-gnome-0.22.0-11.3.3.i386.rpm     6e50dafb95a1efef5e3676663c38c0a0 
  
Red Hat Enterprise Linux AS (v. 2.1) 

--------------------------------------------------------------------------------
 
SRPMS: 
gdk-pixbuf-0.22.0-11.2.2E.src.rpm     fda43700c69af3535e9d3bc9e6b4f1b9 
  
i386: 
gdk-pixbuf-0.22.0-11.2.2E.i386.rpm     8334282664dfc3f87a377fbf7b733d41 
gdk-pixbuf-devel-0.22.0-11.2.2E.i386.rpm     30dab937b29109544bcb0bf68d8b9fc0 
gdk-pixbuf-gnome-0.22.0-11.2.2E.i386.rpm     d1c6a6a7b4baa3219ac66040b684b133 
  
ia64: 
gdk-pixbuf-0.22.0-11.2.2E.ia64.rpm     68926c28e87cbbea60ce8eacb163c98e 
gdk-pixbuf-devel-0.22.0-11.2.2E.ia64.rpm     f0100561fb5c22ce3bf71dc08e7a88b9 
gdk-pixbuf-gnome-0.22.0-11.2.2E.ia64.rpm     0fa01166e066f322a78fc8e3b97085e9 
  
Red Hat Enterprise Linux AS (v. 3) 

--------------------------------------------------------------------------------
 
AMD64: 
gdk-pixbuf-0.22.0-11.3.3.x86_64.rpm     0678c0efeb2cceae8fee9dbb8797f2af 
gdk-pixbuf-devel-0.22.0-11.3.3.x86_64.rpm     160fa97f945efec1ce56ea494541c520 
gdk-pixbuf-gnome-0.22.0-11.3.3.x86_64.rpm     92b07889b33dc280fdb136b02325c53e 
  
SRPMS: 
gdk-pixbuf-0.22.0-11.3.3.src.rpm     adde2ead86237f92b7a346394dfb93bc 
  
i386: 
gdk-pixbuf-0.22.0-11.3.3.i386.rpm     92fadd028df0850e6b61e01b440ade70 
gdk-pixbuf-devel-0.22.0-11.3.3.i386.rpm     4c80a32cb8573720bdcc06b39475754f 
gdk-pixbuf-gnome-0.22.0-11.3.3.i386.rpm     6e50dafb95a1efef5e3676663c38c0a0 
  
ia64: 
gdk-pixbuf-0.22.0-11.3.3.ia64.rpm     c50021c89b9369377247cf69141361bb 
gdk-pixbuf-devel-0.22.0-11.3.3.ia64.rpm     d465a6ac9407dd1fc97f7336218b2350 
gdk-pixbuf-gnome-0.22.0-11.3.3.ia64.rpm     a925e983040b0cb85b7d3491d2928e1d 
  
ppc: 
gdk-pixbuf-0.22.0-11.3.3.ppc.rpm     3464b39ac9ccca779f3b8b77ba3086d7 
gdk-pixbuf-devel-0.22.0-11.3.3.ppc.rpm     742f21c2cf58a00d2e4aecfc54c1cde8 
gdk-pixbuf-gnome-0.22.0-11.3.3.ppc.rpm     600e801b22806cfbc11d3d5b9f175624 
  
s390: 
gdk-pixbuf-0.22.0-11.3.3.s390.rpm     d9ad5bb3ef55ef9a4d453091ea53d414 
gdk-pixbuf-devel-0.22.0-11.3.3.s390.rpm     90e70ff542f9b859d7ca586ea6aba099 
gdk-pixbuf-gnome-0.22.0-11.3.3.s390.rpm     0722d84359e5b752ae811d7db557c473 
  
s390x: 
gdk-pixbuf-0.22.0-11.3.3.s390x.rpm     d787c1c1cec4ed5135066a3930cd6d05 
gdk-pixbuf-devel-0.22.0-11.3.3.s390x.rpm     9f0c0dd1515ae16c5596b0c23288701f 
gdk-pixbuf-gnome-0.22.0-11.3.3.s390x.rpm     f73fb0a596c337e6e3b4e4033df84989 
  
Red Hat Enterprise Linux ES (v. 2.1) 

--------------------------------------------------------------------------------
 
SRPMS: 
gdk-pixbuf-0.22.0-11.2.2E.src.rpm     fda43700c69af3535e9d3bc9e6b4f1b9 
  
i386: 
gdk-pixbuf-0.22.0-11.2.2E.i386.rpm     8334282664dfc3f87a377fbf7b733d41 
gdk-pixbuf-devel-0.22.0-11.2.2E.i386.rpm     30dab937b29109544bcb0bf68d8b9fc0 
gdk-pixbuf-gnome-0.22.0-11.2.2E.i386.rpm     d1c6a6a7b4baa3219ac66040b684b133 
  
Red Hat Enterprise Linux ES (v. 3) 

--------------------------------------------------------------------------------
 
AMD64: 
gdk-pixbuf-0.22.0-11.3.3.x86_64.rpm     0678c0efeb2cceae8fee9dbb8797f2af 
gdk-pixbuf-devel-0.22.0-11.3.3.x86_64.rpm     160fa97f945efec1ce56ea494541c520 
gdk-pixbuf-gnome-0.22.0-11.3.3.x86_64.rpm     92b07889b33dc280fdb136b02325c53e 
  
SRPMS: 
gdk-pixbuf-0.22.0-11.3.3.src.rpm     adde2ead86237f92b7a346394dfb93bc 
  
i386: 
gdk-pixbuf-0.22.0-11.3.3.i386.rpm     92fadd028df0850e6b61e01b440ade70 
gdk-pixbuf-devel-0.22.0-11.3.3.i386.rpm     4c80a32cb8573720bdcc06b39475754f 
gdk-pixbuf-gnome-0.22.0-11.3.3.i386.rpm     6e50dafb95a1efef5e3676663c38c0a0 
  
ia64: 
gdk-pixbuf-0.22.0-11.3.3.ia64.rpm     c50021c89b9369377247cf69141361bb 
gdk-pixbuf-devel-0.22.0-11.3.3.ia64.rpm     d465a6ac9407dd1fc97f7336218b2350 
gdk-pixbuf-gnome-0.22.0-11.3.3.ia64.rpm     a925e983040b0cb85b7d3491d2928e1d 
  
Red Hat Enterprise Linux WS (v. 2.1) 

--------------------------------------------------------------------------------
 
SRPMS: 
gdk-pixbuf-0.22.0-11.2.2E.src.rpm     fda43700c69af3535e9d3bc9e6b4f1b9 
  
i386: 
gdk-pixbuf-0.22.0-11.2.2E.i386.rpm     8334282664dfc3f87a377fbf7b733d41 
gdk-pixbuf-devel-0.22.0-11.2.2E.i386.rpm     30dab937b29109544bcb0bf68d8b9fc0 
gdk-pixbuf-gnome-0.22.0-11.2.2E.i386.rpm     d1c6a6a7b4baa3219ac66040b684b133 
  
Red Hat Enterprise Linux WS (v. 3) 

--------------------------------------------------------------------------------
 
AMD64: 
gdk-pixbuf-0.22.0-11.3.3.x86_64.rpm     0678c0efeb2cceae8fee9dbb8797f2af 
gdk-pixbuf-devel-0.22.0-11.3.3.x86_64.rpm     160fa97f945efec1ce56ea494541c520 
gdk-pixbuf-gnome-0.22.0-11.3.3.x86_64.rpm     92b07889b33dc280fdb136b02325c53e 
  
SRPMS: 
gdk-pixbuf-0.22.0-11.3.3.src.rpm     adde2ead86237f92b7a346394dfb93bc 
  
i386: 
gdk-pixbuf-0.22.0-11.3.3.i386.rpm     92fadd028df0850e6b61e01b440ade70 
gdk-pixbuf-devel-0.22.0-11.3.3.i386.rpm     4c80a32cb8573720bdcc06b39475754f 
gdk-pixbuf-gnome-0.22.0-11.3.3.i386.rpm     6e50dafb95a1efef5e3676663c38c0a0 
  
ia64: 
gdk-pixbuf-0.22.0-11.3.3.ia64.rpm     c50021c89b9369377247cf69141361bb 
gdk-pixbuf-devel-0.22.0-11.3.3.ia64.rpm     d465a6ac9407dd1fc97f7336218b2350 
gdk-pixbuf-gnome-0.22.0-11.3.3.ia64.rpm     a925e983040b0cb85b7d3491d2928e1d 
  
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor 

--------------------------------------------------------------------------------
 
SRPMS: 
gdk-pixbuf-0.22.0-11.2.2E.src.rpm     fda43700c69af3535e9d3bc9e6b4f1b9 
  
ia64: 
gdk-pixbuf-0.22.0-11.2.2E.ia64.rpm     68926c28e87cbbea60ce8eacb163c98e 
gdk-pixbuf-devel-0.22.0-11.2.2E.ia64.rpm     f0100561fb5c22ce3bf71dc08e7a88b9 
gdk-pixbuf-gnome-0.22.0-11.2.2E.ia64.rpm     0fa01166e066f322a78fc8e3b97085e9 
  
(The unlinked packages above are only available from the Red Hat Network)
 

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/



Bugs fixed:  (see bugzilla for more information)

130455 - CAN-2004-0753 bmp image loader DOS
130711 - CAN-2004-0782/3/8 GTK XPM decoder issues



References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0788

http://bugzilla.gnome.org/show_bug.cgi?id=150601 



[***** End Red Hat Advisory RHSA-2004:447-17 *****]

CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin.

CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC can be contacted at:

    Voice:          +1 925-422-8193 (7 x 24)
    FAX:            +1 925-423-8002
    STU-III:        +1 925-423-2604
    E-mail:          ciac@ciac.org
    World Wide Web:  http://www.ciac.org/
    Anonymous FTP:   ftp.ciac.org

This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.

UCRL-MI-119788
[Privacy and Legal Notice]