Test ID:	1.3.6.1.4.1.25623.1.0.50357
Category:	Fedora Local Security Checks
Title:	Fedora Core 1 FEDORA-2004-286 (gdk)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gdk announced via advisory FEDORA-2004-286. During testing of a previously fixed flaw in Qt (CVE-2004-0691), a flaw was discovered in the BMP image processor of gdk-pixbuf. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0753 to this issue. During a security audit, Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CVE-2004-0782, CVE-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file is opened by a victim. (CVE-2004-0788) This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 19315b68f5108834ded2239186fc1983 SRPMS/gdk-pixbuf-0.22.0-11.2.2.src.rpm 1e2e3afb3290bbb1f4bd14eec8d16f90 x86_64/gdk-pixbuf-0.22.0-11.2.2.x86_64.rpm 2e96329747230323c2f2583f3cbd4764 x86_64/gdk-pixbuf-devel-0.22.0-11.2.2.x86_64.rpm 39d0264223d1f0e29b6ddd1f0c04809a x86_64/gdk-pixbuf-gnome-0.22.0-11.2.2.x86_64.rpm 556265762760faffa27cf09a368e9c55 x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.2.x86_64.rpm ee240507ab220388cd0b37ccdb59b63d i386/gdk-pixbuf-0.22.0-11.2.2.i386.rpm 0f445a5b5745edf4e6de74742ea4bd46 i386/gdk-pixbuf-devel-0.22.0-11.2.2.i386.rpm 874699ea4c8ba8d5d2a9b467016ffc0a i386/gdk-pixbuf-gnome-0.22.0-11.2.2.i386.rpm bf148083099de37ab7332b2422d3331f i386/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.2.i386.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-286.shtml Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0691 Bugtraq: 20040818 CESA-2004-004: qt (Google Search) http://marc.info/?l=bugtraq&m=109295309008309&w=2 Debian Security Information: DSA-542 (Google Search) http://www.debian.org/security/2004/dsa-542 http://security.gentoo.org/glsa/glsa-200408-20.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9485 http://www.redhat.com/support/errata/RHSA-2004-414.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-201610-1 SuSE Security Announcement: SUSE-SA:2004:027 (Google Search) http://www.novell.com/linux/security/advisories/2004_27_qt3.html XForce ISS Database: qt-bmp-bo(17040) https://exchange.xforce.ibmcloud.com/vulnerabilities/17040 Common Vulnerability Exposure (CVE) ID: CVE-2004-0753 BugTraq ID: 11195 http://www.securityfocus.com/bid/11195 CERT/CC vulnerability note: VU#825374 http://www.kb.cert.org/vuls/id/825374 Conectiva Linux advisory: CLA-2004:875 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875 Debian Security Information: DSA-546 (Google Search) http://www.debian.org/security/2004/dsa-546 http://www.securityfocus.com/archive/1/419771/100/0/threaded https://bugzilla.fedora.us/show_bug.cgi?id=2005 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095 http://www.mandriva.com/security/advisories?name=MDKSA-2005:214 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10585 http://www.redhat.com/support/errata/RHSA-2004-447.html http://www.redhat.com/support/errata/RHSA-2004-466.html http://secunia.com/advisories/17657 XForce ISS Database: gtk-bmp-dos(17383) https://exchange.xforce.ibmcloud.com/vulnerabilities/17383 Common Vulnerability Exposure (CVE) ID: CVE-2004-0782 Bugtraq: 20040915 CESA-2004-005: gtk+ XPM decoder (Google Search) http://marc.info/?l=bugtraq&m=109528994916275&w=2 CERT/CC vulnerability note: VU#729894 http://www.kb.cert.org/vuls/id/729894 http://scary.beasts.org/security/CESA-2004-005.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11539 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1617 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101776-1 XForce ISS Database: gtk-xpm-pixbufcreatefromxpm-bo(17386) https://exchange.xforce.ibmcloud.com/vulnerabilities/17386 Common Vulnerability Exposure (CVE) ID: CVE-2004-0783 CERT/CC vulnerability note: VU#369358 http://www.kb.cert.org/vuls/id/369358 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1786 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9348 XForce ISS Database: gtk-xpm-xpmextractcolor-bo(17385) https://exchange.xforce.ibmcloud.com/vulnerabilities/17385 Common Vulnerability Exposure (CVE) ID: CVE-2004-0788 CERT/CC vulnerability note: VU#577654 http://www.kb.cert.org/vuls/id/577654 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10506 XForce ISS Database: gtk-ico-integer-bo(17387) https://exchange.xforce.ibmcloud.com/vulnerabilities/17387
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.