Debian DSA-911-1 : gtk+2.0 - several vulnerabilities

high Nessus Plugin ID 22777

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf XPM image rendering library. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2005-2975 Ludwig Nussel discovered an infinite loop when processing XPM images that allows an attacker to cause a denial of service via a specially crafted XPM file.

- CVE-2005-2976 Ludwig Nussel discovered an integer overflow in the way XPM images are processed that could lead to the execution of arbitrary code or crash the application via a specially crafted XPM file.

- CVE-2005-3186 'infamous41md' discovered an integer overflow in the XPM processing routine that can be used to execute arbitrary code via a traditional heap overflow.

Solution

Upgrade the gtk+2.0 packages.

The following matrix explains which versions fix these problems :

old stable (woody) stable (sarge) unstable (sid) gdk-pixbuf 0.17.0-2woody3 0.22.0-8.1 0.22.0-11 gtk+2.0 2.0.2-5woody3 2.6.4-3.1 2.6.10-2

See Also

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431

http://www.debian.org/security/2005/dsa-911

Plugin Details

Severity: High

ID: 22777

File Name: debian_DSA-911.nasl

Version: 1.20

Type: local

Agent: unix

Published: 10/14/2006

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:gtk%2b2.0, cpe:/o:debian:debian_linux:3.0, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 11/29/2005

Vulnerability Publication Date: 11/15/2005

Reference Information

CVE: CVE-2005-2975, CVE-2005-2976, CVE-2005-3186

BID: 15428

DSA: 911