Note: This is an archival copy of Security Sun Alert 201803 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001341.1.
GNOME 2.0 Desktop
Sun Java Desktop System 2003
Date of Workaround Release
Date of Resolved Release
Due to multiple security vulnerabilities in the libgdk_pixbuf library, a remote unprivileged user may be able to execute arbitrary code with the privileges of a local user when that local user has loaded an XPixmap (Xpm) format image file supplied by an untrusted user.
The libgdk_pixbuf library is part of the GIMP Toolkit (GTK+) and is used for loading and rendering images.
These issues are described in the following documents:
These issues can occur in the following releases:
Note: Solaris 10 is not affected by these issues.
To determine the version of GNOME that is currently installed on the system, the following command can be run (output will vary by platform):
% grep description /usr/share/gnome/gnome-about/gnome-version.xml <description>fcs-10b</description> for GNOME 2.0 releases <description>2.0.0_patch-us2</description>
Alternatively (for the same results), in a terminal window from within the GNOME desktop, the following command can be run:
To determine the release of JDS for Linux installed on a system, the following command can be run:
% cat /etc/sun-release Sun Java Desktop System - 2003
To determine if JDS release 2 is installed on a Solaris 9 system, the following command can be run:
% grep distributor-version /usr/share/gnome-about/gnome-version.xml <distributor-version>Sun Java Desktop System, Release 2</distributor-version>
To determine the version of GTK on JDS for Linux systems, run the following command:
% rpm -qf /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-xpm.so gtk2-2.2.2-30
There are no reliable symptoms that would indicate the described issues have been exploited.
To work around the described issues, do not load XPixmap (Xpm) images from untrusted sources.
These issues are addressed in the following releases:
To download and install the updated RPMs from the update servers, select the following sequence from the "launch" bar:
Launch >> Applications >> System Tools >> Online Update
For more information on obtaining RPM updates, see:
This solution has no attachment