Network Security Audits / Vulnerability Assessments by SecuritySpace

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-99
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 27 Dec 2005
Last revised: 27 Dec 2005

Package: gtk2

Summary: Two vulnerabilities discovered in gtk2

More information:
    The gtk+ package contains the GIMP ToolKit (GTK+), a library for
    creating graphical user interfaces for the X Window System
    Two vulnerabilities have been discovered in the handling of libXpm
    for gtk2.

Impact:
    These vulnerabilities may allow remote attackers to execute arbitrary
    code via malformed XPM image files.

Affected Products:
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux Multimedia
    - Turbolinux Personal

Solution:
    Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home,
  Turbolinux Multimedia, Turbolinux Personal]
# turbopkg
or
# zabom -u gtk2 gtk2-devel
---------------------------------------------

<Turbolinux FUJI>

   Source Packages
   Size: MD5

   gtk2-2.6.10-3.src.rpm
     11528385 89ae6e796666efa80d5235f83665dfbe

   Binary Packages
   Size: MD5

   gtk2-2.6.10-3.i686.rpm
      4983529 bc55c35b946eb719b1920743d17f80b3
   gtk2-devel-2.6.10-3.i686.rpm
      4849779 de556f923518988f77865d70f7eabb06

<Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/gtk2-2.4.7-6.src.rpm
      8937688 3ec927bf8c2f06d53c8649a77d804b58
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/gtk2-32bit-2.4.7-6_2005120101.src.rpm
      4117292 07889404546c749ea2e6ce0ab8a4d388

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/gtk2-2.4.7-6.x86_64.rpm
      3338335 e4dee2a43be627a620557cc9db7bfe5f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/gtk2-32bit-2.4.7-6_2005120101.x86_64.rpm
      1850693 5dd69fc58beb2109ef7b09c811f31342
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/gtk2-debug-2.4.7-6.x86_64.rpm
      8587926 1c262fc533caab05d4c9e376c59eae89
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/gtk2-devel-2.4.7-6.x86_64.rpm
      3199010 9f2814fd6b92c42e45c3edd404719313

<Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/gtk2-2.4.7-6.src.rpm
      8937688 a1f22c0bfe8e2a99c1efdf67cae11519

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/gtk2-2.4.7-6.i586.rpm
      3128724 e58d8e6e215aa34cc8a712ec935967dc
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/gtk2-debug-2.4.7-6.i586.rpm
      8599768 93494c4826d1db592389ec8c8acd7e55
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/gtk2-devel-2.4.7-6.i586.rpm
      3058197 e655fb0dad728886bae4003cac6d2871

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/gtk2-2.2.4-5.src.rpm
      7219906 4df2fbc3b2851737ed29952556328e0c

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/gtk2-2.2.4-5.i586.rpm
      2323354 8bf6755f4e0e6c298ecd082ececc160c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/gtk2-devel-2.2.4-5.i586.rpm
      2812511 06757292dc8f21d51d3874455ba96790

References:

CVE
   [CAN-2005-2975]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2975
   [CAN-2005-3186]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3186

--------------------------------------------------------------------------
Revision History
    27 Dec 2005 Initial release
--------------------------------------------------------------------------

Copyright(C) 2005 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFDsMhVK0LzjOqIJMwRAm7cAKC6Tzg3V4Qq3N0abkQz6iwnIRb+9wCfW98O
hXMfsSLigQChJlbX4By6AlE=
=Ix15
-----END PGP SIGNATURE-----