Lucene search

CentOS ProjectCESA-2005:344

HistoryApr 01, 2005 - 9:42 p.m.

gtk2 security update

2005-04-0121:42:54

CentOS Project

lists.centos.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.018 Low

EPSS

Percentile

88.2%

JSON

CentOS Errata and Security Advisory CESA-2005:344

The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating
graphical user interfaces for the X Window System.

A bug was found in the way gtk2 processes BMP images. It is possible
that a specially crafted BMP image could cause a denial of service attack
on applications linked against gtk2. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to
this issue.

Users of gtk2 are advised to upgrade to these packages, which contain
a backported patch and is not vulnerable to this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-April/073683.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073684.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073687.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073688.html

Affected packages:
gtk2
gtk2-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2005:344

OSVersionArchitecturePackageVersionFilename
CentOS3i386gtk2< 2.2.4-15gtk2-2.2.4-15.i386.rpm
CentOS3i386gtk2-devel< 2.2.4-15gtk2-devel-2.2.4-15.i386.rpm
CentOS3i386gtk2< 2.2.4-15gtk2-2.2.4-15.i386.rpm
CentOS3x86_64gtk2< 2.2.4-15gtk2-2.2.4-15.x86_64.rpm
CentOS3x86_64gtk2-devel< 2.2.4-15gtk2-devel-2.2.4-15.x86_64.rpm
CentOS3s390gtk2< 2.2.4-15gtk2-2.2.4-15.s390.rpm
CentOS3s390gtk2-devel< 2.2.4-15gtk2-devel-2.2.4-15.s390.rpm
CentOS3s390xgtk2< 2.2.4-15gtk2-2.2.4-15.s390x.rpm
CentOS3s390xgtk2-devel< 2.2.4-15gtk2-devel-2.2.4-15.s390x.rpm
CentOS4i386gtk2< 2.4.13-14gtk2-2.4.13-14.i386.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	3	i386	gtk2	< 2.2.4-15	gtk2-2.2.4-15.i386.rpm
CentOS	3	i386	gtk2-devel	< 2.2.4-15	gtk2-devel-2.2.4-15.i386.rpm
CentOS	3	i386	gtk2	< 2.2.4-15	gtk2-2.2.4-15.i386.rpm
CentOS	3	x86_64	gtk2	< 2.2.4-15	gtk2-2.2.4-15.x86_64.rpm
CentOS	3	x86_64	gtk2-devel	< 2.2.4-15	gtk2-devel-2.2.4-15.x86_64.rpm
CentOS	3	s390	gtk2	< 2.2.4-15	gtk2-2.2.4-15.s390.rpm
CentOS	3	s390	gtk2-devel	< 2.2.4-15	gtk2-devel-2.2.4-15.s390.rpm
CentOS	3	s390x	gtk2	< 2.2.4-15	gtk2-2.2.4-15.s390x.rpm
CentOS	3	s390x	gtk2-devel	< 2.2.4-15	gtk2-devel-2.2.4-15.s390x.rpm
CentOS	4	i386	gtk2	< 2.4.13-14	gtk2-2.4.13-14.i386.rpm

Rows per page:

1-10 of 141

References

iki.fi/upi/

pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B

steadfast.net/

rhn.redhat.com/errata/RHSA-2005-344.html

twitter.com/centos

www.facebook.com/groups/centosproject/

www.linkedin.com/groups/22405

www.reddit.com/r/CentOS/

youtube.com/TheCentOSProject

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for CESA-2005:344