Debian Security Advisory DSA 911-1 (gtk+2.0)

The remote host is missing an update to gtk+2.0 announced via advisory DSA 911-1.

Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf XPM image rendering library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-2975 Ludwig Nussel discovered an infinite loop when processing XPM images that allows an attacker to cause a denial of service via a specially crafted XPM file. CVE-2005-2976 Ludwig Nussel discovered an integer overflow in the way XPM images are processed that could lead to the execution of arbitrary code or crash the application via a specially crafted XPM file. CVE-2005-3186 infamous41md discovered an integer in the XPM processing routine that can be used to execute arbitrary code via a traditional heap overflow. The following matrix explains which versions fix these problems: old stable (woody) stable (sarge) unstable (sid) gdk-pixbuf 0.17.0-2woody3 0.22.0-8.1 0.22.0-11 gtk+2.0 2.0.2-5woody3 2.6.4-3.1 2.6.10-2 We recommend that you upgrade your gtk+2.0 packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20911-1