| Description: | Description:
The remote host is missing an update to gtk2
announced via advisory FEDORA-2005-1088.
Update Information:
The gtk2 package contains the GIMP ToolKit (GTK+), a library
for creating graphical user interfaces for the X Window System.
A bug was found in the way gtk2 processes XPM images. An
attacker could create a carefully crafted XPM file in such a
way that it could cause an application linked with gtk2 to
execute arbitrary code when the file was opened by a victim.
The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-3186 to this issue.
Ludwig Nussel discovered an infinite-loop denial of service
bug in the way gtk2 processes XPM images. An attacker could
create a carefully crafted XPM file in such a way that it
could cause an application linked with gtk2 to stop
responding when the file was opened by a victim. The Common
Vulnerabilities and Exposures project has assigned the name
CVE-2005-2975 to this issue.
Users of gtk2 are advised to upgrade to these updated
packages, which contain backported patches and are not
vulnerable to these issues.
* Mon Oct 31 2005 Matthias Clasen - 2.6.10-2.fc4.4
- Prevent an infinite loop in the xpm loader (#171905, CVE-2005-2975)
* Wed Oct 19 2005 Matthias Clasen - 2.6.10-2.fc4.2
- Prevent an integer overflow in the xpm loader (#171075, CVE-2005-3186)
Solution: Apply the appropriate updates.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
This update can also be installed with the Update Agent
you can
launch the Update Agent with the 'up2date' command.
http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2005-1088
Risk factor : High
CVSS Score:
7.8
|
