Test ID:	1.3.6.1.4.1.25623.1.0.56001
Category:	Fedora Local Security Checks
Title:	Fedora Legacy Security Advisory FLSA-2005:155510
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory FLSA-2005:155510. During testing of a previously fixed flaw in Qt (CVE-2004-0691), a flaw was discovered in the BMP image processor of gtk2. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0753 to this issue. During a security audit Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CVE-2004-0782, CVE-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file was opened by a victim. (CVE-2004-0788) A bug was found in the way gtk2 processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack on applications linked against gtk2. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0891 to this issue. Users of gtk2 are advised to upgrade to these packages which contain backported patches and are not vulnerable to these issues. Affected platforms: Redhat 7.3 Redhat 9 Fedora Core 1 Solution: http://www.securityspace.com/smysecure/catid.html?in=FLSA-2005:155510 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0753 BugTraq ID: 11195 http://www.securityfocus.com/bid/11195 CERT/CC vulnerability note: VU#825374 http://www.kb.cert.org/vuls/id/825374 Conectiva Linux advisory: CLA-2004:875 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875 Debian Security Information: DSA-546 (Google Search) http://www.debian.org/security/2004/dsa-546 http://www.securityfocus.com/archive/1/419771/100/0/threaded https://bugzilla.fedora.us/show_bug.cgi?id=2005 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095 http://www.mandriva.com/security/advisories?name=MDKSA-2005:214 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10585 http://www.redhat.com/support/errata/RHSA-2004-447.html http://www.redhat.com/support/errata/RHSA-2004-466.html http://secunia.com/advisories/17657 XForce ISS Database: gtk-bmp-dos(17383) https://exchange.xforce.ibmcloud.com/vulnerabilities/17383 Common Vulnerability Exposure (CVE) ID: CVE-2004-0782 Bugtraq: 20040915 CESA-2004-005: gtk+ XPM decoder (Google Search) http://marc.info/?l=bugtraq&m=109528994916275&w=2 CERT/CC vulnerability note: VU#729894 http://www.kb.cert.org/vuls/id/729894 http://scary.beasts.org/security/CESA-2004-005.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11539 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1617 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101776-1 XForce ISS Database: gtk-xpm-pixbufcreatefromxpm-bo(17386) https://exchange.xforce.ibmcloud.com/vulnerabilities/17386 Common Vulnerability Exposure (CVE) ID: CVE-2004-0783 CERT/CC vulnerability note: VU#369358 http://www.kb.cert.org/vuls/id/369358 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1786 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9348 XForce ISS Database: gtk-xpm-xpmextractcolor-bo(17385) https://exchange.xforce.ibmcloud.com/vulnerabilities/17385 Common Vulnerability Exposure (CVE) ID: CVE-2004-0788 CERT/CC vulnerability note: VU#577654 http://www.kb.cert.org/vuls/id/577654 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10506 XForce ISS Database: gtk-ico-integer-bo(17387) https://exchange.xforce.ibmcloud.com/vulnerabilities/17387 Common Vulnerability Exposure (CVE) ID: CVE-2005-0891 12950 http://www.securityfocus.com/bid/12950 17657 CLSA-2005:958 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000958 FLSA-2005:155510 MDKSA-2005:214 RHSA-2005:343 http://www.redhat.com/support/errata/RHSA-2005-343.html RHSA-2005:344 http://www.redhat.com/support/errata/RHSA-2005-344.html oval:org.mitre.oval:def:9710 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9710 Common Vulnerability Exposure (CVE) ID: CVE-2004-0691 Bugtraq: 20040818 CESA-2004-004: qt (Google Search) http://marc.info/?l=bugtraq&m=109295309008309&w=2 Debian Security Information: DSA-542 (Google Search) http://www.debian.org/security/2004/dsa-542 http://security.gentoo.org/glsa/glsa-200408-20.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9485 http://www.redhat.com/support/errata/RHSA-2004-414.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-201610-1 SuSE Security Announcement: SUSE-SA:2004:027 (Google Search) http://www.novell.com/linux/security/advisories/2004_27_qt3.html XForce ISS Database: qt-bmp-bo(17040) https://exchange.xforce.ibmcloud.com/vulnerabilities/17040
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.