Bug 173273

Summary: gtk2 multiple vulnerabilities, CVE-2005-2975, CVE-2005-3186
Product: [Retired] Fedora Legacy Reporter: Jeff Sheltren <sheltren>
Component: gtk2Assignee: Fedora Legacy Bugs <bugs>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: deisenst
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: LEGACY, NEEDSWORK
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-07-16 10:49:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
fix for the problem described in bug #169280 - negative size hints
none
patch for CVE-2005-3186 - integer overflow in xpm loader
none
patch for CVE-2005-2975 - an infinite loop in xpm loader none

Description Jeff Sheltren 2005-11-15 20:31:47 UTC 
A bug was found in the way gtk2 processes XPM images. An attacker could
create a carefully crafted XPM file in such a way that it could cause an
application linked with gtk2 to execute arbitrary code when the file was
opened by a victim. The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an infinite-loop denial of service bug in the way
gtk2 processes XPM images. An attacker could create a carefully crafted XPM
file in such a way that it could cause an application linked with gtk2 to
stop responding when the file was opened by a victim. The Common
Vulnerabilities and Exposures project has assigned the name CVE-2005-2975
to this issue.

See: https://rhn.redhat.com/errata/RHSA-2005-811.html
Comment 1 Michal Jaegermann 2005-11-21 08:24:55 UTC 
Created attachment 121291 [details]
fix for the problem described in bug #169280 - negative size hints

These three patches, to be added on the top of gtk2-2.0.2-4.2.legacy.src.rpm,
are re-diffed from patches used in a version 2.2.4 and to be applied for RH7.3.
Comment 2 Michal Jaegermann 2005-11-21 08:29:05 UTC 
Created attachment 121292 [details]
patch for CVE-2005-3186 - integer overflow in xpm loader
Comment 3 Michal Jaegermann 2005-11-21 08:31:17 UTC 
Created attachment 121293 [details]
patch for CVE-2005-2975 - an infinite loop in xpm loader