Debian GNU/Linux
Debian Security Advisory DSA 911-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
November 29th, 2005 http://www.debian.org/security/faq
Package : gtk+2.0
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-2975 CVE-2005-2976 CVE-2005-3186
BugTraq ID : 15428
Debian Bug : 339431
Several vulnerabilities have been found in gtk+2.0, the Gtk+
GdkPixBuf XPM image rendering library. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2005-2975
Ludwig Nussel discovered an infinite loop when processing XPM
images that allows an attacker to cause a denial of service via a
specially crafted XPM file.
CVE-2005-2976
Ludwig Nussel discovered an integer overflow in the way XPM
images are processed that could lead to the execution of arbitrary
code or crash the application via a specially crafted XPM file.
CVE-2005-3186
“infamous41md” discovered an integer in the XPM processing
routine that can be used to execute arbitrary code via a
traditional heap overflow.
The following matrix explains which versions fix these
problems:
| old stable (woody) | stable (sarge) | unstable (sid) | |
| gdk-pixbuf | 0.17.0-2woody3 | 0.22.0-8.1 | 0.22.0-11 |
| gtk+2.0 | 2.0.2-5woody3 | 2.6.4-3.1 | 2.6.10-2 |
We recommend that you upgrade your gtk+2.0 packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2-5woody3.dsc
Size/MD5 checksum: 863
2c19c0b3843d6003e5561830e80aec28
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2-5woody3.diff.gz
Size/MD5 checksum: 48155
4035c2ee98fd6c0dde2c6d73d252c6e4
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2.orig.tar.gz
Size/MD5 checksum: 7835836
dc80381b84458d944c5300a1672c099c
Architecture independent components:
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-doc_2.0.2-5woody3_all.deb
Size/MD5 checksum: 1379440
c1501024119c24ed506990384e52c660
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_alpha.deb
Size/MD5 checksum: 221376
ed09b3dbbed147b7be1820048f832593
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_alpha.deb
Size/MD5 checksum: 1104
ed3650ca259b534fc67c03a833a6a6f7
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_alpha.deb
Size/MD5 checksum: 1586026
7bda54cc76e8eefbb2395f397d3cc7c6
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_alpha.deb
Size/MD5 checksum: 595890
eca337b48cb5c2894bec95b0765ba65e
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_alpha.deb
Size/MD5 checksum: 5878258
5ea4f1fad5efe6d3344bfc13b3addc65
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_alpha.deb
Size/MD5 checksum: 178326
285885ccfc39722d26950f0bada6c867
ARM architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_arm.deb
Size/MD5 checksum: 215182
5be1bc9cfaa8086536f6e3a165fd930e
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_arm.deb
Size/MD5 checksum: 1100
0a29371fc6cac98e6545ff12b76d7847
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_arm.deb
Size/MD5 checksum: 1420128
02ddea0ef1473ea7775d912fb1e3b91c
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_arm.deb
Size/MD5 checksum: 595368
ff659a4540d523aac34decb6eff1f297
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_arm.deb
Size/MD5 checksum: 2903986
02aa5794bcfa4aa9599f7ce6f28f8d6d
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_arm.deb
Size/MD5 checksum: 177280
309dd451617141fb027c9bcd033790ea
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_i386.deb
Size/MD5 checksum: 215480
c82e1af319f9f5949caab2938717b8e4
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_i386.deb
Size/MD5 checksum: 1106
9d59680c9fa9ba60219f296d7959726b
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_i386.deb
Size/MD5 checksum: 1289508
e353ab4cf8ba7d8d3a85948d7160ce99
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_i386.deb
Size/MD5 checksum: 595390
82104b484be3b874e0af857cb37a790b
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_i386.deb
Size/MD5 checksum: 2722172
be34f43c3d39e4df7c9ac4ec558d8e75
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_i386.deb
Size/MD5 checksum: 177124
0c6e637485b5925c10180483ed989ba4
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_ia64.deb
Size/MD5 checksum: 231234
1ca5b216a2567c33ac780304dba4be5d
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_ia64.deb
Size/MD5 checksum: 1100
15327d5515c0d1a161cc5b61b86b22ce
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_ia64.deb
Size/MD5 checksum: 2077588
901d4767fb27fe07d7ed13725ccdd2b8
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_ia64.deb
Size/MD5 checksum: 596730
fd38392178172446f0bc716061be5209
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_ia64.deb
Size/MD5 checksum: 9450266
a17f9d4a6dab77314a1b93549f10a3bd
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_ia64.deb
Size/MD5 checksum: 178702
a1f72b3672cd240cd911d6b3a451f80e
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_hppa.deb
Size/MD5 checksum: 220956
edd51b44537f51e470d8b2943c309952
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_hppa.deb
Size/MD5 checksum: 1108
314dabcc5226bce8f63a8df5a252b584
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_hppa.deb
Size/MD5 checksum: 1718118
ca53b11b4294c94ff8c4f9f72437b6e7
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_hppa.deb
Size/MD5 checksum: 595688
50571f1e4793bdc9e169132defa1693a
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_hppa.deb
Size/MD5 checksum: 3317050
fef66e14343d589e06cb244b6374bb38
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_hppa.deb
Size/MD5 checksum: 177778
718d0b01ad8a46e50dd28b7999a84231
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_m68k.deb
Size/MD5 checksum: 215174
2fb7d0afdfac137895e5fb343f6861f9
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_m68k.deb
Size/MD5 checksum: 1106
fac1df7c4af7bc5b21680a3a6644ce67
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_m68k.deb
Size/MD5 checksum: 1331670
f55e5b35c28b2639eb13dc9bb32f1347
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_m68k.deb
Size/MD5 checksum: 595384
b36ebd35c01f490348ed9817079700d6
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_m68k.deb
Size/MD5 checksum: 2833584
c18bb1755fb31d6da4f8093fe3c03060
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_m68k.deb
Size/MD5 checksum: 177022
a159f5a1121c260673aee75b2e5bea2d
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_mips.deb
Size/MD5 checksum: 216496
c38396a00cb755ddaddc8047329a664a
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_mips.deb
Size/MD5 checksum: 1104
23407e61f23a3021ebd5871871013773
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_mips.deb
Size/MD5 checksum: 1384584
f740703f3077ecfce8c41f264a63cf1a
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_mips.deb
Size/MD5 checksum: 595738
0ae33fcedb001ade8548419a11492707
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_mips.deb
Size/MD5 checksum: 4934158
4289111f54a5c6023dfe37b081a8a22a
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_mips.deb
Size/MD5 checksum: 177506
e9f92a71bd505feb58ffe7e131e4244e
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_mipsel.deb
Size/MD5 checksum: 216170
16933f5e26cf8aa335958943e4a8bd98
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_mipsel.deb
Size/MD5 checksum: 1104
23657699ac0cced8d77adb7baffe1e78
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_mipsel.deb
Size/MD5 checksum: 1375132
9d605722fdab1a9dd5f9830af7da0e67
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_mipsel.deb
Size/MD5 checksum: 595706
648f12a77e737b06e14797407f6617ca
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_mipsel.deb
Size/MD5 checksum: 4789004
398536470f317e5e2d3f50fdfaab1bc5
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_mipsel.deb
Size/MD5 checksum: 177480
12f2e0288223289532430e4c96f76fd2
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_powerpc.deb
Size/MD5 checksum: 215246
bac105a786f6085110017cbfbc001ffb
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_powerpc.deb
Size/MD5 checksum: 1106
2e1df3200d2fa60f1480e8a62515d50d
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_powerpc.deb
Size/MD5 checksum: 1505610
9560968696c020d1d4b0d76fa07844d0
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_powerpc.deb
Size/MD5 checksum: 595432
12b496e50c8bd7c822d0e05fa378f6df
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_powerpc.deb
Size/MD5 checksum: 2980722
d112daa322581d876b7875f05f02aeca
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_powerpc.deb
Size/MD5 checksum: 177308
b192c4a7e154ac33571a0c0b31a2f5ac
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_s390.deb
Size/MD5 checksum: 218074
f82c50d7854a0b52005d702f6f969d64
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_s390.deb
Size/MD5 checksum: 1102
43c949763c6a96d0e6cb9ec1f24c388d
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_s390.deb
Size/MD5 checksum: 1447638
47636343d961b7a0a64c006dd97a15a2
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_s390.deb
Size/MD5 checksum: 595634
097a1c2b9090ede08fd57cd7c4b7c0bd
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_s390.deb
Size/MD5 checksum: 3004574
56fbb2eb95210ce8547ccbaab380df19
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_s390.deb
Size/MD5 checksum: 177374
d6e449c54fa3ae768932382b09801ed8
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_sparc.deb
Size/MD5 checksum: 216190
70d05edded855a56b8ed92b735a54e1b
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_sparc.deb
Size/MD5 checksum: 1104
35d308fd4d0171f8363f09cfce189f63
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_sparc.deb
Size/MD5 checksum: 1434226
7b892592d104c9965240d6ac66bca9ba
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_sparc.deb
Size/MD5 checksum: 595324
1392262c2a82832aae38b5c78f04f3bb
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_sparc.deb
Size/MD5 checksum: 2872174
6ead4c78c5cc9c008cd4f05ab3823ba3
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_sparc.deb
Size/MD5 checksum: 177182
2be94de14832d7bf602c942fea220204
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.1.dsc
Size/MD5 checksum: 2000
876d42d456f4c65949fe326d4603d0a6
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.1.diff.gz
Size/MD5 checksum: 49387
743d43246b74d208e704b0a8212625df
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4.orig.tar.gz
Size/MD5 checksum: 16354198
a3ab72c9c80384fb707b992eb8b43c13
Architecture independent components:
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.6.4-3.1_all.deb
Size/MD5 checksum: 2983652
b84d91a0e62bc5294208e39a10d8f875
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-doc_2.6.4-3.1_all.deb
Size/MD5 checksum: 2317798
2b12f72ddc801222745fba5784f0d30a
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_alpha.deb
Size/MD5 checksum: 62274
8efa86fa72b71c8e1ffdcf569bdd3bf9
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_alpha.deb
Size/MD5 checksum: 268572
aa3ae47b77c14ae4e1763c8199994264
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_alpha.deb
Size/MD5 checksum: 2463284
b46cb55a251b626f39c88484175a4eda
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_alpha.deb
Size/MD5 checksum: 17691386
e42711f63e75be8961dd277a882c6331
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_alpha.deb
Size/MD5 checksum: 20884
a150efa24ea5521aac282fb289f7cb90
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_alpha.deb
Size/MD5 checksum: 8475038
57a1cdf6dd1a43188bdab145f472ee75
AMD64 architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_amd64.deb
Size/MD5 checksum: 55272
4807db987b4f1ae1a1ce83f995e15b85
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_amd64.deb
Size/MD5 checksum: 263204
ec67df85400b5970d1d983928537e5cf
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_amd64.deb
Size/MD5 checksum: 2199236
84e0e79ee05b3f8368e28a3f7566df45
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_amd64.deb
Size/MD5 checksum: 17653866
b0c569bd51812ed574e59095637d6e73
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_amd64.deb
Size/MD5 checksum: 19672
6909052aa7ba8ee968b58b8e89bf2388
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_amd64.deb
Size/MD5 checksum: 7615034
65cf59aefee1022990492a18d4a132ab
ARM architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_arm.deb
Size/MD5 checksum: 52910
b44bfd00c91685e787729ab6e3f7e9a6
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_arm.deb
Size/MD5 checksum: 255640
1e9e352aeaf2652cfe18dcfa69668543
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_arm.deb
Size/MD5 checksum: 2042744
f23c0f10108b093dd7159f2fc250f54e
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_arm.deb
Size/MD5 checksum: 17599402
b2db72cde1646ff9c137db8d4c519e86
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_arm.deb
Size/MD5 checksum: 18138
f77d55c822f498beefb001ec9cc469fa
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_arm.deb
Size/MD5 checksum: 7478104
89254e98a3da4f85de96a84b927cbde9
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_i386.deb
Size/MD5 checksum: 51142
54ac82ff996e06087721a12edca85ca0
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_i386.deb
Size/MD5 checksum: 260184
9562defc5dd5d78d3eac97ac79c0f1b6
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_i386.deb
Size/MD5 checksum: 2097270
8dedb3a4d88d4aeb64f0b3be221b25e2
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_i386.deb
Size/MD5 checksum: 17534636
1f90e641d602fb9aef7233c8f2fdc374
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_i386.deb
Size/MD5 checksum: 18194
eb658bed31f5fa07d5ac7fe194dbd50e
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_i386.deb
Size/MD5 checksum: 7234930
bb53cc8a482cf455ea1b0c913d6cd2cb
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_ia64.deb
Size/MD5 checksum: 68508
d73110728702e8c59323435310b78aa2
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_ia64.deb
Size/MD5 checksum: 276954
94f3ec8cdf10daa527e65993f39834ad
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_ia64.deb
Size/MD5 checksum: 2894720
05a6507d6de9eaebd36168a293b8077d
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_ia64.deb
Size/MD5 checksum: 17741224
ad54e2f45926cd52618f0eecdd9ebe34
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_ia64.deb
Size/MD5 checksum: 22406
bc869ec76246419c8d0921b8cd79942b
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_ia64.deb
Size/MD5 checksum: 8622734
06e087a2328df617cc742e301df62753
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_hppa.deb
Size/MD5 checksum: 60060
99a7e167fcba943ebeff9f4268055623
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_hppa.deb
Size/MD5 checksum: 263712
2cbbaede3e2498c6a7a27cf6b36186e2
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_hppa.deb
Size/MD5 checksum: 2464528
bbf763c89d4f57fcd9e00b679d5d28ac
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_hppa.deb
Size/MD5 checksum: 17801132
f1ee34b603b0fd82d0f5c884a80b65c3
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_hppa.deb
Size/MD5 checksum: 19744
13930708ce9c937d039755ee09a65324
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_hppa.deb
Size/MD5 checksum: 8408548
321bc004724d528e249865c03a4e6aab
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_m68k.deb
Size/MD5 checksum: 47752
8721dd7e1931aefd72ff6c23e667355a
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_m68k.deb
Size/MD5 checksum: 255414
b8e6fd4222ca20dec668bfab34024211
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_m68k.deb
Size/MD5 checksum: 2045046
a74b3ecc5d12d6566bb3def13eea2ee4
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_m68k.deb
Size/MD5 checksum: 17822784
dccea1d9ae943c4efaf1f556c5e7d16c
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_m68k.deb
Size/MD5 checksum: 18100
e2fcdfba8eae770d0d091a16147b02be
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_m68k.deb
Size/MD5 checksum: 7584802
a8f06db2e97fdca5d7131641cb87e6fc
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_mips.deb
Size/MD5 checksum: 55698
2e233ae546e0e6bd0b0b0acdb97dc280
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_mips.deb
Size/MD5 checksum: 259924
3290adf3c203e0d44ba2a80f8bbb4f6e
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_mips.deb
Size/MD5 checksum: 2122598
205e050434251cc386a5ed78f1be4dec
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_mips.deb
Size/MD5 checksum: 17885036
ef05b92517ee66fea11ad51e8737d9b6
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_mips.deb
Size/MD5 checksum: 22858
58f33e26cba9e2c570aa3f71c4a86d1b
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_mips.deb
Size/MD5 checksum: 8298762
f5eb185ce2ff53a530ee35b7aadd0d69
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_mipsel.deb
Size/MD5 checksum: 55630
3ffbc3c391c376a88b59127dbd3d9811
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_mipsel.deb
Size/MD5 checksum: 259836
605358dfcd79e6d26af498a71266df91
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_mipsel.deb
Size/MD5 checksum: 2123080
91894a08c3dc6607e27c373281b6d9c8
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_mipsel.deb
Size/MD5 checksum: 17651848
1db2645552e19d37204c58a671ef89b6
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_mipsel.deb
Size/MD5 checksum: 22924
d6f5ba287f9569a3c45d14253895cf22
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_mipsel.deb
Size/MD5 checksum: 7745414
985800b5a5e3ffab531efefa2b896d2b
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_powerpc.deb
Size/MD5 checksum: 56914
ab390a6e0de776bfe600d9fda732152a
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_powerpc.deb
Size/MD5 checksum: 260204
e89efb3f0c1b01d1230efbf4e40c7e8b
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_powerpc.deb
Size/MD5 checksum: 2187944
66fc71b309ffa82890c607cd99a4fdf2
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_powerpc.deb
Size/MD5 checksum: 28593970
dc9734cbb0718815e33808ca4f82a143
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_powerpc.deb
Size/MD5 checksum: 22188
1e9a28597a9b214424878199b40e9fef
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_powerpc.deb
Size/MD5 checksum: 8260248
d9407df720a9bc7ebfdfea5e9be20a2d
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_s390.deb
Size/MD5 checksum: 55302
5a77b24f45d5a31c0cdd4ad24a3e0666
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_s390.deb
Size/MD5 checksum: 262564
75f285e192a63e8342fcd59f7e4b503f
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_s390.deb
Size/MD5 checksum: 2294784
4781127b291fe5ece91dc62c32f89757
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_s390.deb
Size/MD5 checksum: 18179652
087628d587f2c29d5a996778d99f1352
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_s390.deb
Size/MD5 checksum: 19580
002d9074502272e35fb17f26cd1497a1
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_s390.deb
Size/MD5 checksum: 8354106
f86a8301975bbd943bba7af3bb625ae3
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_sparc.deb
Size/MD5 checksum: 50952
0670511a0028098bb2b7e8a91d195220
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_sparc.deb
Size/MD5 checksum: 256562
d35492a1f6de84c96ea0f31ebf250c4c
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_sparc.deb
Size/MD5 checksum: 2137976
d2d31e848e05dc062336f80d3bdb310a
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_sparc.deb
Size/MD5 checksum: 17714380
0ae0a52d3c00e951b1b9d737d94d19a5
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_sparc.deb
Size/MD5 checksum: 17894
b9628edefc91fa4101780b56c69c86a8
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_sparc.deb
Size/MD5 checksum: 7951126
87b73953c3fa278472e0b4150c160326
These files will probably be moved into the stable distribution
on its next update.
Fedora Core
Fedora Update Notification
FEDORA-2005-1104
2005-11-28
Product : Fedora Core 4
Name : kernel
Version : 2.6.14
Release : 1.1644_FC4
Summary : The Linux kernel (the core of the Linux operating
system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of
any Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation,
device input and output, etc.
Update Information:
This update rebases to the latest upstream stable release, which
fixes a number of minor security issues.
- Sun Nov 27 2005 Dave Jones <davej@redhat.com>
[2.6.14-1.1644_FC4]- Port a change_page_attr() fix from x86-64 to i386.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
6fefe1e64084864b7c78e7ed26520b34
SRPMS/kernel-2.6.14-1.1644_FC4.src.rpm
b6f05027893594873cdfc92bd6ddfc4a
ppc/kernel-2.6.14-1.1644_FC4.ppc.rpm
5a0be52b63b672b2756ff2b3e8d4f457
ppc/kernel-devel-2.6.14-1.1644_FC4.ppc.rpm
7f7ce09114a462cc6470cca2169cefa5
ppc/kernel-smp-2.6.14-1.1644_FC4.ppc.rpm
5251acf23ee38b2a78fac484c8656df0
ppc/kernel-smp-devel-2.6.14-1.1644_FC4.ppc.rpm
21462d249487b6f7fbd5421f4b101534
ppc/debug/kernel-debuginfo-2.6.14-1.1644_FC4.ppc.rpm
df6958a969664675f2542582d5c19719
ppc/kernel-2.6.14-1.1644_FC4.ppc64.rpm
df3aa9878d99ab43a8741e11fc19b906
ppc/kernel-devel-2.6.14-1.1644_FC4.ppc64.rpm
e735d74c63bb02f94d42c4d4eea5172d
x86_64/kernel-2.6.14-1.1644_FC4.x86_64.rpm
37d15707427f950567c4542fc6bd9533
x86_64/kernel-devel-2.6.14-1.1644_FC4.x86_64.rpm
898874c5b22a61876a3ac89a4b1b053f
x86_64/kernel-smp-2.6.14-1.1644_FC4.x86_64.rpm
5b6f61a8e6b6270493838f311705ebce
x86_64/kernel-smp-devel-2.6.14-1.1644_FC4.x86_64.rpm
2c003f1b454dd944cabf400612cfab14
x86_64/debug/kernel-debuginfo-2.6.14-1.1644_FC4.x86_64.rpm
2288af4ba7dab5992ee5ecd4d80ab355
x86_64/kernel-doc-2.6.14-1.1644_FC4.noarch.rpm
f3cd4034a3391c71b31769bcd120fcb6
i386/kernel-2.6.14-1.1644_FC4.i586.rpm
83f1bb3ebfedcd4fe3c5f84d2f991716
i386/kernel-devel-2.6.14-1.1644_FC4.i586.rpm
8e6bb4293636e658c0401abb30ba7b0e
i386/debug/kernel-debuginfo-2.6.14-1.1644_FC4.i586.rpm
e2ef34c5c7079d5fce0222dec537a0a6
i386/kernel-2.6.14-1.1644_FC4.i686.rpm
888f3dd5f8c8724f1885bbb9d3907543
i386/kernel-devel-2.6.14-1.1644_FC4.i686.rpm
565bf72f408975ee2ac75e2c72645ff4
i386/kernel-smp-2.6.14-1.1644_FC4.i686.rpm
37c1bde49301cf0031108c9d5f713d6d
i386/kernel-smp-devel-2.6.14-1.1644_FC4.i686.rpm
0b9aa3157acd779a21207c120735f18b
i386/debug/kernel-debuginfo-2.6.14-1.1644_FC4.i686.rpm
2288af4ba7dab5992ee5ecd4d80ab355
i386/kernel-doc-2.6.14-1.1644_FC4.noarch.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.
Fedora Legacy
Fedora Legacy Update Advisory
Synopsis: Updated php packages fix security issues
Advisory ID: FLSA:166943
Issue date: 2005-11-28
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-2498 CVE-2005-3390 CVE-2005-3389 CVE-2005-3388
CVE-2005-3353
1. Topic:
Updated PHP packages that fix multiple security issues are now
available.
PHP is an HTML-embedded scripting language commonly used with
the Apache HTTP Web server.
2. Relevant releases/architectures:
Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386
Fedora Core 2 – i386
3. Problem description:
A bug was discovered in the PEAR XML-RPC Server package included
in PHP. If a PHP script is used which implements an XML-RPC Server
using the PEAR XML-RPC package, then it is possible for a remote
attacker to construct an XML-RPC request which can cause PHP to
execute arbitrary PHP commands as the ‘apache’ user. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CVE-2005-2498 to this issue.
A flaw was found in the way PHP registers global variables
during a file upload request. A remote attacker could submit a
carefully crafted multipart/form-data POST request that would
overwrite the $GLOBALS array, altering expected script behavior,
and possibly leading to the execution of arbitrary PHP commands.
Please note that this vulnerability only affects installations
which have register_globals enabled in the PHP configuration file,
which is not a default or recommended option. The Common
Vulnerabilities and Exposures project assigned the name
CVE-2005-3390 to this issue.
A flaw was found in the PHP parse_str() function. If a PHP
script passes only one argument to the parse_str() function, and
the script can be forced to abort execution during operation (for
example due to the memory_limit setting), the register_globals may
be enabled even if it is disabled in the PHP configuration file.
This vulnerability only affects installations that have PHP scripts
using the parse_str function in this way. (CVE-2005-3389)
A Cross-Site Scripting flaw was found in the phpinfo() function.
If a victim can be tricked into following a malicious URL to a site
with a page displaying the phpinfo() output, it may be possible to
inject javascript or HTML content into the displayed page or steal
data such as cookies. This vulnerability only affects installations
which allow users to view the output of the phpinfo() function. As
the phpinfo() function outputs a large amount of information about
the current state of PHP, it should only be used during debugging
or if protected by authentication. (CVE-2005-3388)
A denial of service flaw was found in the way PHP processes EXIF
image data. It is possible for an attacker to cause PHP to crash by
supplying carefully crafted EXIF image data. (CVE-2005-3353)
Users of PHP should upgrade to these updated packages, which
contain backported patches that resolve these issues.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.
Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166943
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/php-4.1.2-7.3.18.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-devel-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-imap-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-manual-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.18.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/php-4.2.2-17.16.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/php-4.2.2-17.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-devel-4.2.2-17.16.legacy.i386.rpm