|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:095-1: gdk-pixbuf/gtk+2 Vulnerability Scan
Vulnerability Scan Summary Check for the version of the gdk-pixbuf/gtk+2 package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:095-1 (gdk-pixbuf/gtk+2).
A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image
could send the bmp loader into an infinite loop (CVE-2004-0753).
Chris Evans found a heap-based overflow and a stack-based overflow in the xpm
loader of gdk-pixbuf (CVE-2004-0782 and CVE-2004-0783).
Chris Evans also discovered an integer overflow in the ico loader of gdk-pixbuf
(CVE-2004-0788).
All four problems have been corrected in these updated packages.
Update:
The previous package had an incorrect patch applied that would cause some
problems with other programs. The updated packages have the correct patch
applied.
As well, patched gtk+2 packages, which also contain gdk-pixbuf, are now
provided.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:095-1
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|