Summary: | <x11-libs/gdk-pixbuf-2.22.1-r2: Denial of service vulnerability in gdk_pixbuf__gif_image_load() (CVE-2011-2485) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gnome |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.gnome.org/browse/gdk-pixbuf/commit/?id=f8569bb13e2aa1584dde61ca545144750f7a7c98 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 371320 |
Description
Tim Sammut (RETIRED)
2011-07-04 06:03:16 UTC
+*gdk-pixbuf-2.22.1-r2 (04 Jul 2011) + + 04 Jul 2011; Pacho Ramos <pacho@gentoo.org> +gdk-pixbuf-2.22.1-r2.ebuild, + +files/gdk-pixbuf-2.22.1-CVE-2011-2485.patch: + GIF: Don't return a partially initialized pixbuf structure, fix security bug + #373999 by Tim Sammut. + CCing arches as looks to work ok for me and that way we try to prevent remaining arches from having to stabilize previous and vulnerable versions amd64 stable Stable for HPPA. x86 stable. Thanks ppc64 done ppc/ppc64(-r2) stable alpha/arm/ia64/sh/sparc stable Thanks, everyone. GLSA request filed. Why this isn't closed? There is no <x11-libs/gdk-pixbuf-2.22.1-r2 in tree. (In reply to comment #10) > Why this isn't closed? There is no <x11-libs/gdk-pixbuf-2.22.1-r2 in tree. We don't close security bugs until we've either published a GLSA, or decided that we are not going to for an issue. This bug is waiting for a GLSA to be published. This issue was resolved and addressed in GLSA 201206-20 at http://security.gentoo.org/glsa/glsa-201206-20.xml by GLSA coordinator Sean Amoss (ackle). CVE-2011-2485 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2485): The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. |