| Description: | Description:
The remote host is missing an update to gtk2
announced via advisory FEDORA-2004-289.
During testing of a previously fixed flaw in Qt (CVE-2004-0691), a flaw
was discovered in the BMP image processor of gtk2. An attacker could create
a carefully crafted BMP file which would cause an application to enter an
infinite loop and not respond to user input when the file was opened by
a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2004-0753 to this issue.
During a security audit Chris Evans discovered a stack and a heap
overflow in the XPM image decoder. An attacker could create a carefully crafted
XPM file which could cause an application linked with gtk2 to crash or
possibly execute arbitrary code when the file was opened by a victim.
(CVE-2004-0782, CVE-2004-0783)
Chris Evans also discovered an integer overflow in the ICO image
decoder. An attacker could create a carefully crafted ICO file which could cause
an application linked with gtk2 to crash when the file was opened by a
victim. (CVE-2004-0788)
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
75a86a6d678f76a2f6238a992463005f SRPMS/gtk2-2.4.7-2.4.src.rpm
f6923be90c1621e83a19df610213ff12 x86_64/gtk2-2.4.7-2.4.x86_64.rpm
e46b3ea2a153749dcf6d5cdf38603ea6 x86_64/gtk2-devel-2.4.7-2.4.x86_64.rpm
81f2cf32b341d60fa766e638624a201c x86_64/debug/gtk2-debuginfo-2.4.7-2.4.x86_64.rpm
b659bb38815921f415c45790d2c4b1c6 x86_64/gtk2-2.4.7-2.4.i386.rpm
b659bb38815921f415c45790d2c4b1c6 i386/gtk2-2.4.7-2.4.i386.rpm
9d38f480c8ccb6857fc6cbdb322ac073 i386/gtk2-devel-2.4.7-2.4.i386.rpm
5099d6ef8357b99e90e9fa2fd9c28695 i386/debug/gtk2-debuginfo-2.4.7-2.4.i386.rpm
This update can also be installed with the Update Agent
you can
launch the Update Agent with the 'up2date' command.
Solution: Apply the appropriate updates.
http://www.fedoranews.org/updates/FEDORA-2004-289.shtml
Risk factor : High
CVSS Score:
7.5
|
