Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!

Full Text Bug Listing

This is lame:

The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before
2.4.13 allows context-dependent attackers to cause a denial of service (crash)
via a malformed image file.


Reproducible: Didn't try




https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218932
http://www.redhat.com/support/errata/RHSA-2007-0019.html

When reading the announcement, is there any reason why you think this is
gimp-specific? I think this will affect all gtk2-apps.

(In reply to comment #1)
> When reading the announcement, is there any reason why you think this is
> gimp-specific? I think this will affect all gtk2-apps.

No reason. Actually it only has security implication in conjuction with
software that has as stupid^Wsmart crash-handling as Evolution does.

(In reply to comment #2)
> 
> No reason. Actually it only has security implication in conjuction with
> software that has as stupid^Wsmart crash-handling as Evolution does.
> 

Yes but the bug resides in gtk+. Adding gnome herd in Cc.
Since this is a client-side DoS with weak risk exposure (only a few softwares
are concerned), i don't think that merit a security process. Usually we don't
handle client-side DoSes.
Reassigning to the gnome herd.

That says "before 2.4.13" but 2.6.10 is the oldest version we have in the tree.
 Am I missing something?

I think when I first reported the bug, I thought it was gimp specific and that
the 2.4.13 was referring to gimp.  oops. 

Okay, closing then.  No problem.

Reopening. CVE is wrong about version numbers. I think this misleading version
comes from redhat where the fix for this problem was backported to gtk-2.14.13.
But we use UPSTREAM gtk+ version where this bug was fixed later. Currently this
bug still is in the latest stable gtk+-2.10.6. Daniel, I've CC you in gnome
bugzilla where I've reported my observations ( bugzilla.gnome.org/353430 ).

Repeating here: Bug is reproducible with gtk+-2.10.6 and is NOT reproducible
with gtk+-2.10.7-r1. The following patch

http://svn.gnome.org/viewcvs/gtk%2B/trunk/gdk-pixbuf/gdk-pixbuf-loader.c?r1=16010&r2=16803&pathrev=17165

and corresponding ChangeLog entry seems to fix the problem:

2006-12-09  Matthias Clasen  <mclasen@redhat.com>

        * gdk-pixbuf-loader.c (gdk_pixbuf_loader_write): Behave as
        documented and close the loader when returning FALSE.

http://svn.gnome.org/viewcvs/gtk%2B/trunk/gdk-pixbuf/gdk-pixbuf-loader.c?view=log&pathrev=17165

Obviously suggested solution is to stabilize gtk-2.10.7-r1.

I would go for stabilizing the following:

dev-libs/glib-2.12.9
x11-libs/pango-1.14.10
x11-libs/gtk+-2.10.9 (instead of just 2.10.7-r1).

All of these (gtk+ and bottom stack) have been in the tree for over 30 days and
seem due for stabilization.

vote +1, they fix a few bugs here and there. Definitely worth stabilizing
together.

I agree.

Arches: please stabilize

dev-libs/glib-2.12.9 alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86
x11-libs/pango-1.14.10 alpha amd64 arm hppa ia64 mips ppc ppc64 sh sparc x86
x11-libs/gtk+-2.10.9 alpha amd64 arm hppa ia64 mips ppc ppc64 sh sparc x86

mips:  Since you don't have anything in the current major rev of any of these
keyworded stable, feel free to leave them ~mips if you prefer.

everything emerges fine and works on amd64

Portage 2.1.2.2 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0,
2.6.20-beyond1 x86_64)
=================================================================
System uname: 2.6.20-beyond1 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor
4600+
Gentoo Base System release 1.12.9
Timestamp of tree: Tue, 13 Mar 2007 23:50:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[disabled]
ccache version 2.4 [enabled]
dev-java/java-config: 1.3.7, 2.0.31
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.4-r6
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -pipe -msse3"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/php/apache1-php5/ext-active/
/etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-march=k8 -O2 -pipe -msse3"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig buildsyspkg ccache collision-protect distlocks
metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/
ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo
ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo
ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo
ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo
ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/
ftp://ftp.gentoo.mesh-solutions.com/gentoo/
ftp://pandemonium.tiscali.de/pub/gentoo/ "
LANG="en_US.ISO-8859-15"
LC_ALL="en_US.ISO-8859-15"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/overlay
/usr/portage/local/layman/break-my-gentoo-main"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X aac acpi alsa amd64 audiofile berkdb bitmap-fonts bzip2 cairo cdinstall
cdr cli cracklib crypt cups dbus dri dvd dvdr dvdread eds emboss encode fam
firefox fortran gdbm gif gpm gstreamer gtk gtk2 hal iconv jpeg ldap libg++ lirc
logrotate mad midi mikmod mp3 mpeg ncurses nls nptl nptlonly offensive ogg
opengl pam pcre php png ppds pppd quicktime readline reflection sdl session
socks5 spl ssl svg symlink tcpd test tiff truetype truetype-fonts type1-fonts
unicode v4l vorbis xinerama xorg xv xvid zlib" ALSA_CARDS="emu10k1"
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file
hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route
share shm softvol" ELIBC="glibc" INPUT_DEVICES="evdev keyboard" KERNEL="linux"
LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses
text" LIRC_DEVICES="inputlirc" USERLAND="GNU" VIDEO_CARDS="fglrx nvidia"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS,
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS

UnCCing Security as this seems like a "crash in client application only" type
of thing.

x86 stable

amd64 stable, thanks Christoph

Stable for HPPA.

sparc stable.

ppc64 stable

alpha/ia64/ppc done...

Packages that have some arches not marked stable yet (possibly on purpose, but
still on CC list):

x11-libs/pango-1.14.10 arm mips sh
x11-libs/gtk+-2.10.9 arm mips sh

Removing s390 from CC as they got the relevant glib version stable silently

mips was done some time ago silently as well. All done now, closing as fixed