Synopsis
The remote CentOS host is missing one or more security updates.
Description
Updated gdk-pixbuf packages that fix several security issues are now available.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment.
A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue.
Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue.
Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue.
Users of gdk-pixbuf are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
Solution
Update the affected gdk-pixbuf packages.
Plugin Details
File Name: centos_RHSA-2005-810.nasl
Agent: unix
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: p-cpe:/a:centos:centos:gdk-pixbuf-devel, cpe:/o:centos:centos:3, p-cpe:/a:centos:centos:gdk-pixbuf-gnome, cpe:/o:centos:centos:4, p-cpe:/a:centos:centos:gdk-pixbuf
Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 11/15/2005
Vulnerability Publication Date: 11/18/2005