|
|
Family: Red Hat Local Security Checks --> Category: infos
RHSA-2005-810: gdk Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the gdk packages
Detailed Explanation for this Vulnerability Test
Updated gdk-pixbuf packages that fix several security issues are now available.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment.
A bug was found in the way gdk-pixbuf processes XPM images. A possible hacker
could create a carefully crafted XPM file in such a way that it could cause
an application linked with gdk-pixbuf to execute arbitrary code when the
file was opened by a victim. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-3186 to this issue.
Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf
processes XPM images. A possible hacker could create a carefully crafted XPM file
in such a way that it could cause an application linked with gdk-pixbuf to
execute arbitrary code or crash when the file was opened by a victim. The
Common Vulnerabilities and Exposures project has assigned the name
CVE-2005-2976 to this issue.
Ludwig Nussel also discovered an infinite-loop denial of service bug in the
way gdk-pixbuf processes XPM images. A possible hacker could create a carefully
crafted XPM file in such a way that it could cause an application linked
with gdk-pixbuf to stop responding when the file was opened by a victim.
The Common Vulnerabilities and Exposures project has assigned the name
CVE-2005-2975 to this issue.
Users of gdk-pixbuf are advised to upgrade to these updated packages, which
contain backported patches and are not vulnerable to these issues.
Solution : http://rhn.redhat.com/errata/RHSA-2005-810.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
