Conectiva Linux Advisory: gtk+Oct 19, 2004, 15:14 (0 Talkback[s])
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : gtk+
A vulnerability found in the gdk-pixbuf bmp loader could allow a specially crafted BMP image to hang applications in an infinite loop (CAN-2004-0753).
Chris Evans found a heap-based overflow and a stack-based overflow on gdk-pixbuf's xpm loader (CAN-2004-0782 and CAN-2004-0783).
He also discovered an integer overflow in the ico loader of gdk-pixbuf (CAN-2004-0788).
IMPORTANT: all applications linked against gdk-pixbuf or gtk+2 must be restarted after the upgrade in order to close the vulnerabilities.
Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2004 Conectiva Inc.