Oval Definition:oval:com.redhat.rhsa:def:20050811
Revision Date:2005-11-15Version:502
Title:RHSA-2005:811: gtk2 security update (Important)
Description:The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System.

A bug was found in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an infinite-loop denial of service bug in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue.

Users of gtk2 are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
Family:unixClass:patch
Status:Reference(s):CVE-2005-2975
CVE-2005-3186
RHSA-2005:811-01
Platform(s):Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • gtk2 is earlier than 0:2.2.4-19
  • AND gtk2 is signed with Red Hat master key
  • gtk2-devel is earlier than 0:2.2.4-19
  • AND gtk2-devel is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • gtk2 is earlier than 0:2.4.13-18
  • AND gtk2 is signed with Red Hat master key
  • gtk2-devel is earlier than 0:2.4.13-18
  • AND gtk2-devel is signed with Red Hat master key
    • BACK