 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50358 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 1 FEDORA-2004-288 (gtk2) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to gtk2 announced via advisory FEDORA-2004-288. During testing of a previously fixed flaw in Qt (CVE-2004-0691), a flaw was discovered in the BMP image processor of gtk2. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0753 to this issue. During a security audit Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CVE-2004-0782, CVE-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file was opened by a victim. (CVE-2004-0788) * Fri Sep 03 2004 Matthias Clasen - Fix issues in the xpm and ico loaders found by Chris Evans (#130711) * Fri Aug 20 2004 Owen Taylor - Fix problem with infinite loop on bad BMP data (#130450, test BMP from Chris Evans, fix from Manish Singh) This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ d4ae88a59943ed19fb84c197b3800a43 SRPMS/gtk2-2.2.4-10.src.rpm cc87e91fff48e744beda9e0f3cbb9d22 x86_64/gtk2-2.2.4-10.x86_64.rpm eb595b4bd917e25abf6e7730bedcf5e0 x86_64/gtk2-devel-2.2.4-10.x86_64.rpm 85d64ebbf05e414c69d05195fc213704 x86_64/debug/gtk2-debuginfo-2.2.4-10.x86_64.rpm 04c0745cf4dde875344ed93ab38dae8a x86_64/gtk2-2.2.4-10.i386.rpm 04c0745cf4dde875344ed93ab38dae8a i386/gtk2-2.2.4-10.i386.rpm d66eac1eb88431474a089dee707eb0fc i386/gtk2-devel-2.2.4-10.i386.rpm 3d7cf237b8c83d0de2cc74c3c4060567 i386/debug/gtk2-debuginfo-2.2.4-10.i386.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-288.shtml Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0691 Bugtraq: 20040818 CESA-2004-004: qt (Google Search) http://marc.info/?l=bugtraq&m=109295309008309&w=2 Debian Security Information: DSA-542 (Google Search) http://www.debian.org/security/2004/dsa-542 http://security.gentoo.org/glsa/glsa-200408-20.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9485 http://www.redhat.com/support/errata/RHSA-2004-414.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-201610-1 SuSE Security Announcement: SUSE-SA:2004:027 (Google Search) http://www.novell.com/linux/security/advisories/2004_27_qt3.html XForce ISS Database: qt-bmp-bo(17040) https://exchange.xforce.ibmcloud.com/vulnerabilities/17040 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |