This is lame: The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. Reproducible: Didn't try https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218932 http://www.redhat.com/support/errata/RHSA-2007-0019.html
When reading the announcement, is there any reason why you think this is gimp-specific? I think this will affect all gtk2-apps.
(In reply to comment #1) > When reading the announcement, is there any reason why you think this is > gimp-specific? I think this will affect all gtk2-apps. No reason. Actually it only has security implication in conjuction with software that has as stupid^Wsmart crash-handling as Evolution does.
(In reply to comment #2) > > No reason. Actually it only has security implication in conjuction with > software that has as stupid^Wsmart crash-handling as Evolution does. > Yes but the bug resides in gtk+. Adding gnome herd in Cc. Since this is a client-side DoS with weak risk exposure (only a few softwares are concerned), i don't think that merit a security process. Usually we don't handle client-side DoSes. Reassigning to the gnome herd.
That says "before 2.4.13" but 2.6.10 is the oldest version we have in the tree. Am I missing something?
I think when I first reported the bug, I thought it was gimp specific and that the 2.4.13 was referring to gimp. oops.
Okay, closing then. No problem.
Reopening. CVE is wrong about version numbers. I think this misleading version comes from redhat where the fix for this problem was backported to gtk-2.14.13. But we use UPSTREAM gtk+ version where this bug was fixed later. Currently this bug still is in the latest stable gtk+-2.10.6. Daniel, I've CC you in gnome bugzilla where I've reported my observations ( bugzilla.gnome.org/353430 ). Repeating here: Bug is reproducible with gtk+-2.10.6 and is NOT reproducible with gtk+-2.10.7-r1. The following patch http://svn.gnome.org/viewcvs/gtk%2B/trunk/gdk-pixbuf/gdk-pixbuf-loader.c?r1=16010&r2=16803&pathrev=17165 and corresponding ChangeLog entry seems to fix the problem: 2006-12-09 Matthias Clasen <mclasen@redhat.com> * gdk-pixbuf-loader.c (gdk_pixbuf_loader_write): Behave as documented and close the loader when returning FALSE. http://svn.gnome.org/viewcvs/gtk%2B/trunk/gdk-pixbuf/gdk-pixbuf-loader.c?view=log&pathrev=17165 Obviously suggested solution is to stabilize gtk-2.10.7-r1.
I would go for stabilizing the following: dev-libs/glib-2.12.9 x11-libs/pango-1.14.10 x11-libs/gtk+-2.10.9 (instead of just 2.10.7-r1). All of these (gtk+ and bottom stack) have been in the tree for over 30 days and seem due for stabilization.
vote +1, they fix a few bugs here and there. Definitely worth stabilizing together.
I agree. Arches: please stabilize dev-libs/glib-2.12.9 alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86 x11-libs/pango-1.14.10 alpha amd64 arm hppa ia64 mips ppc ppc64 sh sparc x86 x11-libs/gtk+-2.10.9 alpha amd64 arm hppa ia64 mips ppc ppc64 sh sparc x86 mips: Since you don't have anything in the current major rev of any of these keyworded stable, feel free to leave them ~mips if you prefer.
everything emerges fine and works on amd64 Portage 2.1.2.2 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, 2.6.20-beyond1 x86_64) ================================================================= System uname: 2.6.20-beyond1 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ Gentoo Base System release 1.12.9 Timestamp of tree: Tue, 13 Mar 2007 23:50:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [enabled] dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -O2 -pipe -msse3" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-march=k8 -O2 -pipe -msse3" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig buildsyspkg ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test" GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ " LANG="en_US.ISO-8859-15" LC_ALL="en_US.ISO-8859-15" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/overlay /usr/portage/local/layman/break-my-gentoo-main" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X aac acpi alsa amd64 audiofile berkdb bitmap-fonts bzip2 cairo cdinstall cdr cli cracklib crypt cups dbus dri dvd dvdr dvdread eds emboss encode fam firefox fortran gdbm gif gpm gstreamer gtk gtk2 hal iconv jpeg ldap libg++ lirc logrotate mad midi mikmod mp3 mpeg ncurses nls nptl nptlonly offensive ogg opengl pam pcre php png ppds pppd quicktime readline reflection sdl session socks5 spl ssl svg symlink tcpd test tiff truetype truetype-fonts type1-fonts unicode v4l vorbis xinerama xorg xv xvid zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="evdev keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIRC_DEVICES="inputlirc" USERLAND="GNU" VIDEO_CARDS="fglrx nvidia" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS
UnCCing Security as this seems like a "crash in client application only" type of thing.
x86 stable
amd64 stable, thanks Christoph
Stable for HPPA.
sparc stable.
ppc64 stable
alpha/ia64/ppc done...
Packages that have some arches not marked stable yet (possibly on purpose, but still on CC list): x11-libs/pango-1.14.10 arm mips sh x11-libs/gtk+-2.10.9 arm mips sh Removing s390 from CC as they got the relevant glib version stable silently
mips was done some time ago silently as well. All done now, closing as fixed