Support / Security / Advisories / Mandriva Linux 2007 / MDKSA-2007:039

Package name: gtk+2.0
Date: 2007-02-07
Advisory ID: MDKSA-2007:039
Affected versions: CS4.0 x86_64 , 2007.0 x86_64 , 2007.0 i586 , CS4.0 i586 , CS3.0 x86_64 , CS3.0 i586

Problem description

The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2)
allows context-dependent attackers to cause a denial of service (crash)
via a malformed image file. (CVE-2007-0010)

The version of libgtk+2.0 shipped with Mandriva Linux 2007 fails
various portions of the lsb-test-desktop test suite, part of LSB 3.1
certification testing.

The updated packages also address the following issues:

The Home and Desktop entries in the GTK File Chooser are not always
visible (#26644).

GTK+-based applications (which includes all the Mandriva Linux
configuration tools, for example) crash (instead of falling back to the
default theme) when an invalid icon theme is selected. (#27013)

Additional patches from GNOME CVS have been included to address the
following issues from the GNOME bugzilla:

* 357132 - fix RGBA colormap issue

* 359537,357280,359052 - fix various printer bugs

* 357566,353736,357050,363437,379503 - fix various crashes

* 372527 - fix fileselector bug +

potential deadlock

Updated packages

CS4.0 x86_64

 0e705604eb73b7c181d3b7663e39e664  corporate/4.0/x86_64/gtk+2.0-2.8.3-4.3.20060mlcs4.x86_64.rpm
 808a4be8218c00b62057de06edae248c  corporate/4.0/x86_64/lib64gdk_pixbuf2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
 379c2977cf755ab760d5693dcaa28be0  corporate/4.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.8.3-4.3.20060mlcs4.x86_64.rpm
 193c57c8073552decc25d755536db21d  corporate/4.0/x86_64/lib64gtk+-x11-2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
 1c2e7713425fc786bd7a60b4fe106d28  corporate/4.0/x86_64/lib64gtk+2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
 b8436740a32a0fce48bdb9df3234b1f6  corporate/4.0/x86_64/lib64gtk+2.0_0-devel-2.8.3-4.3.20060mlcs4.x86_64.rpm 
 fd9738d1b171f76decea52a1abd344a2  corporate/4.0/SRPMS/gtk+2.0-2.8.3-4.3.20060mlcs4.src.rpm

2007.0 x86_64

 b2470dc8cd884cf15dc47e29dbdb36de  2007.0/x86_64/gtk+2.0-2.10.3-5.3mdv2007.0.x86_64.rpm
 11d3f44a7f55f4899984e33a07c8f722  2007.0/x86_64/lib64gdk_pixbuf2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
 33c26bea1a14b147f41e45467d6894e3  2007.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.10.3-5.3mdv2007.0.x86_64.rpm
 2e3855166383646465a01bd56e1529b7  2007.0/x86_64/lib64gtk+-x11-2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
 4fea83682012ad4c5571e205b04dc7d1  2007.0/x86_64/lib64gtk+2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
 04f7f152d4e99d6c71043554e2adfa3a  2007.0/x86_64/lib64gtk+2.0_0-devel-2.10.3-5.3mdv2007.0.x86_64.rpm 
 4f15cba4c1c1b6e37dfe9f0b5b73401c  2007.0/SRPMS/gtk+2.0-2.10.3-5.3mdv2007.0.src.rpm

2007.0 i586

 6b0b76ba984d8432cca4e8d938c51844  2007.0/i586/gtk+2.0-2.10.3-5.3mdv2007.0.i586.rpm
 015aa62677f20cf6b9f89301014ccf4d  2007.0/i586/libgdk_pixbuf2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
 8f6bc5e09ee08263633e3601d1d21069  2007.0/i586/libgdk_pixbuf2.0_0-devel-2.10.3-5.3mdv2007.0.i586.rpm
 ef1f5a96362f5fafb982520897283919  2007.0/i586/libgtk+-x11-2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
 b96eeb174cba468e8064890668b43a56  2007.0/i586/libgtk+2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
 65f2ea83177a38b1682f4d4e5e633aea  2007.0/i586/libgtk+2.0_0-devel-2.10.3-5.3mdv2007.0.i586.rpm 
 4f15cba4c1c1b6e37dfe9f0b5b73401c  2007.0/SRPMS/gtk+2.0-2.10.3-5.3mdv2007.0.src.rpm

CS4.0 i586

 ab946717fc68226a2fbb8964fa4a9cb4  corporate/4.0/i586/gtk+2.0-2.8.3-4.3.20060mlcs4.i586.rpm
 28f5073f9effbb65613c2f7b6ceae180  corporate/4.0/i586/libgdk_pixbuf2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
 0b32eb04192333a7ae6c297befca476f  corporate/4.0/i586/libgdk_pixbuf2.0_0-devel-2.8.3-4.3.20060mlcs4.i586.rpm
 d2054c43e2fcc262c35ae3bd18736b69  corporate/4.0/i586/libgtk+-x11-2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
 28f6ac38124b6a46a22e83f870c93693  corporate/4.0/i586/libgtk+2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
 f9cd95997500fe783119dd1fe797bf85  corporate/4.0/i586/libgtk+2.0_0-devel-2.8.3-4.3.20060mlcs4.i586.rpm 
 fd9738d1b171f76decea52a1abd344a2  corporate/4.0/SRPMS/gtk+2.0-2.8.3-4.3.20060mlcs4.src.rpm

CS3.0 x86_64

 bed655ae3c4d6635e87488eefebe7e12  corporate/3.0/x86_64/gtk+2.0-2.2.4-10.6.C30mdk.x86_64.rpm
 369daff90b35687abae6ad34cf513af3  corporate/3.0/x86_64/lib64gdk_pixbuf2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
 3675f57dd8e738cd1674db6518cd7c0d  corporate/3.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
 28dfaebd73dacca8fc2497caeac619a5  corporate/3.0/x86_64/lib64gtk+-linuxfb-2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
 22b487085911cce6fa8a5f2d6557009b  corporate/3.0/x86_64/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
 e0cf2152fc480ab73e4236de7a186d23  corporate/3.0/x86_64/lib64gtk+-x11-2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
 512547fd9c3efca43b7c000fdbaedec3  corporate/3.0/x86_64/lib64gtk+2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
 4aac840549a80fa69f5f527ce6b09421  corporate/3.0/x86_64/lib64gtk+2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm 
 dbe156cf5e976fc744b635eab3e88884  corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.6.C30mdk.src.rpm

CS3.0 i586

 7d4501132efb62d24276152ccc23a2e0  corporate/3.0/i586/gtk+2.0-2.2.4-10.6.C30mdk.i586.rpm
 f8828f652ae310e3de135f181e3c6f19  corporate/3.0/i586/libgdk_pixbuf2.0_0-2.2.4-10.6.C30mdk.i586.rpm
 d99f6327006f96e8b170c20500d64985  corporate/3.0/i586/libgdk_pixbuf2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
 f2a98b2036167b780e87e2cd0d105983  corporate/3.0/i586/libgtk+-linuxfb-2.0_0-2.2.4-10.6.C30mdk.i586.rpm
 e28fbfc9664db29c37517ca8957647c0  corporate/3.0/i586/libgtk+-linuxfb-2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
 8b80464f88674e0bf5f7ed06efafcb72  corporate/3.0/i586/libgtk+-x11-2.0_0-2.2.4-10.6.C30mdk.i586.rpm
 b154589c077c790b1f71379194ed84a6  corporate/3.0/i586/libgtk+2.0_0-2.2.4-10.6.C30mdk.i586.rpm
 819ee9fa563420c37d7cae612c3a6bec  corporate/3.0/i586/libgtk+2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm 
 dbe156cf5e976fc744b635eab3e88884  corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.6.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0010