Debians sikkerhedsbulletin

DSA-1256-1 gtk+2.0 -- programmeringsfejl

Rapporteret den:

31. jan 2007

Berørte pakker:

gtk+2.0

Sårbar:

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2007-0010.

Yderligere oplysninger:

Man har opdaget af billedindlæsningskoden i grafisk brugerflade-biblioteket GTK+ udførte utilstrækkelig fejlhåndtering ved indlæsning af misdannede billeder, hvilket kunne føre til lammelsesangreb (denial of service).

I den stabile distribution (sarge) er dette problem rettet i version 2.6.4-3.2. Pga. opbygningsproblemer mangler denne opdatering til Motorola 680x0-arkitekturen. Pakkerne vil blive frigivet når problemet er blevet løst.

I den kommende stabile distribution (etch) er dette problem rettet i version 2.8.20-5.

I den ustabile distribution (sid) er dette problem rettet i version 2.8.20-5.

Vi anbefaler at du opgraderer dine GTK-pakker.

Rettet i:

Debian GNU/Linux 3.1 (sarge)

Kildekode:: http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.2.dsc; http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.2.diff.gz; http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4.orig.tar.gz
Arkitekturuafhængig komponent:: http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.6.4-3.2_all.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-doc_2.6.4-3.2_all.deb
Alpha:: http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_alpha.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_alpha.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_alpha.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_alpha.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_alpha.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_amd64.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_amd64.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_amd64.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_amd64.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_amd64.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_arm.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_arm.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_arm.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_arm.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_arm.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_arm.deb
HPPA:: http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_hppa.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_hppa.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_hppa.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_hppa.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_hppa.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_i386.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_i386.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_i386.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_i386.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_i386.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_ia64.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_ia64.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_ia64.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_ia64.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_ia64.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_ia64.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_mips.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_mips.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_mips.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_mips.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_mips.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_s390.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_s390.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_s390.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_s390.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_s390.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_sparc.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_sparc.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_sparc.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_sparc.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_sparc.deb; http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.

Denne side findes også på følgende sprog:

Deutsch English español français svenska

Sådan opsætter du standardsprogvalg for dokumenter

For at rapportere et problem med webstedet sendes en e-mail på engelsk til debian-www@lists.debian.org. Se Debians kontaktside for andre kontaktoplysninger.

Senest opdateret: Ons 20. aug 2008 kl. 04.11.55 UTC
Ophavsretsbeskyttet © 2007-2008 SPI; Se licensbetingelserne
Debian er et registreret varemærke tilhørende Software in the Public Interest, Inc.