Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 163678 - gtk+-2 image DoS CVE-2007-0010
Summary: gtk+-2 image DoS CVE-2007-0010
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Linux Gnome Desktop Team
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:
Keywords:
Depends on:
Blocks: 170853 171107
  Show dependency tree
 
Reported: 2007-01-24 23:56 UTC by Executioner
Modified: 2007-06-26 10:33 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Executioner 2007-01-24 23:56:31 UTC
This is lame:

The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.


Reproducible: Didn't try




https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218932
http://www.redhat.com/support/errata/RHSA-2007-0019.html
Comment 1 Hanno Böck gentoo-dev 2007-01-25 08:43:37 UTC
When reading the announcement, is there any reason why you think this is gimp-specific? I think this will affect all gtk2-apps.
Comment 2 Lubomir Rintel 2007-01-25 16:18:02 UTC
(In reply to comment #1)
> When reading the announcement, is there any reason why you think this is
> gimp-specific? I think this will affect all gtk2-apps.

No reason. Actually it only has security implication in conjuction with
software that has as stupid^Wsmart crash-handling as Evolution does.
Comment 3 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-02-06 12:36:18 UTC
(In reply to comment #2)
> 
> No reason. Actually it only has security implication in conjuction with
> software that has as stupid^Wsmart crash-handling as Evolution does.
> 

Yes but the bug resides in gtk+. Adding gnome herd in Cc.
Since this is a client-side DoS with weak risk exposure (only a few softwares are concerned), i don't think that merit a security process. Usually we don't handle client-side DoSes.
Reassigning to the gnome herd.
Comment 4 Daniel Gryniewicz (RETIRED) gentoo-dev 2007-02-06 16:35:44 UTC
That says "before 2.4.13" but 2.6.10 is the oldest version we have in the tree.  Am I missing something?
Comment 5 Executioner 2007-02-06 19:25:05 UTC
I think when I first reported the bug, I thought it was gimp specific and that the 2.4.13 was referring to gimp.  oops. 
Comment 6 Daniel Gryniewicz (RETIRED) gentoo-dev 2007-02-07 04:14:10 UTC
Okay, closing then.  No problem.
Comment 7 Peter Volkov (RETIRED) gentoo-dev 2007-03-11 12:58:54 UTC
Reopening. CVE is wrong about version numbers. I think this misleading version comes from redhat where the fix for this problem was backported to gtk-2.14.13. But we use UPSTREAM gtk+ version where this bug was fixed later. Currently this bug still is in the latest stable gtk+-2.10.6. Daniel, I've CC you in gnome bugzilla where I've reported my observations ( bugzilla.gnome.org/353430 ).

Repeating here: Bug is reproducible with gtk+-2.10.6 and is NOT reproducible with gtk+-2.10.7-r1. The following patch

http://svn.gnome.org/viewcvs/gtk%2B/trunk/gdk-pixbuf/gdk-pixbuf-loader.c?r1=16010&r2=16803&pathrev=17165

and corresponding ChangeLog entry seems to fix the problem:

2006-12-09  Matthias Clasen  <mclasen@redhat.com>

        * gdk-pixbuf-loader.c (gdk_pixbuf_loader_write): Behave as
        documented and close the loader when returning FALSE.

http://svn.gnome.org/viewcvs/gtk%2B/trunk/gdk-pixbuf/gdk-pixbuf-loader.c?view=log&pathrev=17165

Obviously suggested solution is to stabilize gtk-2.10.7-r1.
Comment 8 Mart Raudsepp gentoo-dev 2007-03-11 18:46:27 UTC
I would go for stabilizing the following:

dev-libs/glib-2.12.9
x11-libs/pango-1.14.10
x11-libs/gtk+-2.10.9 (instead of just 2.10.7-r1).

All of these (gtk+ and bottom stack) have been in the tree for over 30 days and seem due for stabilization.
Comment 9 Rémi Cardona (RETIRED) gentoo-dev 2007-03-11 22:51:37 UTC
vote +1, they fix a few bugs here and there. Definitely worth stabilizing together.
Comment 10 Daniel Gryniewicz (RETIRED) gentoo-dev 2007-03-13 23:54:11 UTC
I agree.

Arches: please stabilize

dev-libs/glib-2.12.9 alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86
x11-libs/pango-1.14.10 alpha amd64 arm hppa ia64 mips ppc ppc64 sh sparc x86
x11-libs/gtk+-2.10.9 alpha amd64 arm hppa ia64 mips ppc ppc64 sh sparc x86

mips:  Since you don't have anything in the current major rev of any of these keyworded stable, feel free to leave them ~mips if you prefer.
Comment 11 Christoph Mende (RETIRED) gentoo-dev 2007-03-14 00:29:20 UTC
everything emerges fine and works on amd64

Portage 2.1.2.2 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, 2.6.20-beyond1 x86_64)
=================================================================
System uname: 2.6.20-beyond1 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
Gentoo Base System release 1.12.9
Timestamp of tree: Tue, 13 Mar 2007 23:50:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.4 [enabled]
dev-java/java-config: 1.3.7, 2.0.31
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.4-r6
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -pipe -msse3"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-march=k8 -O2 -pipe -msse3"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig buildsyspkg ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ "
LANG="en_US.ISO-8859-15"
LC_ALL="en_US.ISO-8859-15"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/overlay /usr/portage/local/layman/break-my-gentoo-main"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X aac acpi alsa amd64 audiofile berkdb bitmap-fonts bzip2 cairo cdinstall cdr cli cracklib crypt cups dbus dri dvd dvdr dvdread eds emboss encode fam firefox fortran gdbm gif gpm gstreamer gtk gtk2 hal iconv jpeg ldap libg++ lirc logrotate mad midi mikmod mp3 mpeg ncurses nls nptl nptlonly offensive ogg opengl pam pcre php png ppds pppd quicktime readline reflection sdl session socks5 spl ssl svg symlink tcpd test tiff truetype truetype-fonts type1-fonts unicode v4l vorbis xinerama xorg xv xvid zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="evdev keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIRC_DEVICES="inputlirc" USERLAND="GNU" VIDEO_CARDS="fglrx nvidia"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS
Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-03-14 07:37:19 UTC
UnCCing Security as this seems like a "crash in client application only" type of thing.
Comment 13 Christian Faulhammer (RETIRED) gentoo-dev 2007-03-14 09:34:57 UTC
x86 stable
Comment 14 Simon Stelling (RETIRED) gentoo-dev 2007-03-14 11:10:37 UTC
amd64 stable, thanks Christoph
Comment 15 Jeroen Roovers (RETIRED) gentoo-dev 2007-03-15 04:28:31 UTC
Stable for HPPA.
Comment 16 Gustavo Zacarias (RETIRED) gentoo-dev 2007-03-15 15:03:26 UTC
sparc stable.
Comment 17 Markus Rothe (RETIRED) gentoo-dev 2007-03-15 16:59:12 UTC
ppc64 stable
Comment 18 Chris Gianelloni (RETIRED) gentoo-dev 2007-03-22 21:35:02 UTC
alpha/ia64/ppc done...
Comment 19 Mart Raudsepp gentoo-dev 2007-05-18 14:08:10 UTC
Packages that have some arches not marked stable yet (possibly on purpose, but still on CC list):

x11-libs/pango-1.14.10 arm mips sh
x11-libs/gtk+-2.10.9 arm mips sh

Removing s390 from CC as they got the relevant glib version stable silently
Comment 20 Mart Raudsepp gentoo-dev 2007-06-26 10:33:29 UTC
mips was done some time ago silently as well. All done now, closing as fixed