-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2005-98
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 27 Dec 2005
Last revised: 27 Dec 2005
Package: gdk-pixbuf
Summary: Integer overflow
More information:
The GdkPixBuf library provides a number of features.
Multiple vulnerabilities have been discovered in the handling of libXpm
for gdk-pixbuf.
Impact:
These vulnerabilities may allow remote attackers to execute arbitrary
code via malformed XPM image files.
Affected Products:
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home,
Turbolinux Multimedia, Turbolinux Personal]
# turbopkg
or
# zabom -u gdk-pixbuf gdk-pixbuf-devel
---------------------------------------------
<Turbolinux FUJI>
Source Packages
Size: MD5
gdk-pixbuf-0.22.0-7.src.rpm
412324 3c6ccbe808c2ba05576d8f1f0b651e71
Binary Packages
Size: MD5
gdk-pixbuf-0.22.0-7.i686.rpm
222053 1f17cdd0fb342c42ac51b180cc8ca1a8
gdk-pixbuf-devel-0.22.0-7.i686.rpm
189081 c11b79d00a881d32e15d05187f68a3d0
<Turbolinux 10 Server x64 Edition>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/gdk-pixbuf-0.22.0-7.src.rpm
412324 ef685431ad0f13e0d388c194b70f23a7
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/gdk-pixbuf-0.22.0-7.x86_64.rpm
200715 b0ec4b5cfa1a7c32eed49607c8431a3f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/gdk-pixbuf-devel-0.22.0-7.x86_64.rpm
153935 c88445a2fdd3bdddac0197d9b512c941
<Turbolinux 10 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/gdk-pixbuf-0.22.0-7.src.rpm
412324 3e623ef99fd1a0274781637f5af0f176
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/gdk-pixbuf-0.22.0-7.i586.rpm
187748 a8d35a822a43d2aed1bd4e76104018ab
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/gdk-pixbuf-devel-0.22.0-7.i586.rpm
149195 ce1a4cd8c375899d14e5b8467d9c3ecc
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/gdk-pixbuf-0.22.0-7.src.rpm
412324 8a485e97014d78ca43e45abdd124c412
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/gdk-pixbuf-0.22.0-7.i586.rpm
188170 6f7a4c7918d14442780ff5c9692bd7b6
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/gdk-pixbuf-devel-0.22.0-7.i586.rpm
149130 807824b68749b9958d96250db83a17f1
References:
CVE
[
CAN-2005-2976]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2005-2976
[
CAN-2005-3186]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2005-3186
--------------------------------------------------------------------------
Revision History
27 Dec 2005 Initial release
--------------------------------------------------------------------------
Copyright(C) 2005 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFDsMhMK0LzjOqIJMwRAt6QAKCcRIDQQTKFiOrTpm6TKa/UWgmFpgCfQMr7
w9c9s4uxc0ghrsE2l29iXwg=
=ihJf
-----END PGP SIGNATURE-----