Forum Thread: Dificulty to update

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
And, this specific program:
GTK+ 2.x

This thread has been marked as locked.
Linx Dificulty to update
Member 5th Sep, 2011 22:50
Ranking: 0
Posts: 7
User Since: 8th Sep, 2009
System Score: N/A
Location: N/A
Iam having difficulty in updating gimp and this is the info I got and I can`t solve the problem. Any help is appreciated.

---START---

Program Name:
GTK+ 2.x

Security State:
Insecure

Download Link:
http://ftp.gnome.org/pub/gnome/binaries/win32/gtk+...

Instances Found:
C:\Program Files (x86)\GIMP-2.0\bin\libgdk-win32-2.0-0.dll, version: 2.16.6.0

Last System Scan (localtime):
5. Sep 2011, 16:41

Operating System:
Microsoft Windows 7,

---END---


Maurice Joyce RE: Dificulty to update
Handling Contributor 5th Sep, 2011 23:15
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Have U checked the site & download from there?

http://www.gtk.org/download/index.php

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
stvath RE: Dificulty to update
Member 6th Sep, 2011 03:47
Score: 0
Posts: 2
User Since: 1st Apr 2009
System Score: N/A
Location: N/A
I downloaded the solution which is a zip file. What do I do now? How do I install the files contained in the zip file? I can unzip the file and see the files and folders contained within, but do not see any type of install program or documentation. Help.
Was this reply relevant?
+0
-0
gethrat RE: Dificulty to update
Member 6th Sep, 2011 03:55
Score: 0
Posts: 1
User Since: 6th Sep 2011
System Score: N/A
Location: N/A
I have added the file to GIMP. But now does GIMP dislike the changes.
It looks like it can't find the "procedure start address" g_source_set_name in the dll-file.
Maybe we need to wait till GIMP update.
Was this reply relevant?
+0
-0
M1911A1 RE: Dificulty to update
Member 6th Sep, 2011 05:03
Score: 0
Posts: 1
User Since: 17th Jan 2008
System Score: N/A
Location: N/A
I agree. I have downloaded the zip file and unarc'd but now am unsure what should be my next step. Copy the files in each folder to the corresponding folder in my main Gimp install?
Don't know. As of now I'll keep the program as installed and with future clarification will do what is needed.

Reading all posts here has not provided any enlightenment and checking at the main site for GTK was not any more illuminating for me. Any help would be appreciated.
(I'll also refer to the confusion with the Flexnet update as well as It's still as clear as mud what I should do with that one too.)

Regards to all. No Flaming Secunia as I appreciate the service
they provide. They cannot be expected to resolve issues that the software writers fail to be clear about.

M1911

Was this reply relevant?
+0
-0
pnickerson RE: Dificulty to update
Member 6th Sep, 2011 14:25
Score: 7
Posts: 6
User Since: 11th May 2010
System Score: N/A
Location: US
From GTK+'s website at http://www.gtk.org/download/win32.php, it says "The packages here are for people who develop software that uses GTK+. This page is not intended directly for end-users. It is expected that people who build installers for GTK+ applications for Windows bundle GTK+ with them." This means you can not update GTK+ yourself.

I have 5 programs, all using GTK+ 2.16.6.0: Dia, GIMP, Nmap, Inkscape, and Pidgin. All these programs are themselves currently the most recent stable releases. The most recent version of GTK+ is 2.24.0-1. So, all you can do is wait for these programs to be updated, and install those updates. You can't patch GTK+ yourself.

It'd be nice if the Secunia scanner could recognize this, and mark the application that GTK+ is installed under as insecure, instead of GTK+ itself. Until then, for a workaround, tell the scanner to ignore GTK+, or unzip the download somewhere, so that the scanner thinks that's the actual installation and the rest are zombie installations.
Was this reply relevant?
+0
-0
This user no longer exists RE: Dificulty to update
Member 6th Sep, 2011 14:35
Hi,

If this instance of GTK+ was bundled, ie placed inside the installation folder of another program, it would not be detected.

However, since GTK+ in this case is installed seperately, it is indeed treated like a vulnerable program on it's own. Unfortunately, the the GNOME Project (GTK+ vendors) don't provide any official easy installers that we know about. For this problem, I suggest you contact the vendors.

Hope this helps.
Was this reply relevant?
+0
-0
wkitty42 RE: Dificulty to update
Member 11th Sep, 2011 16:57
Score: 0
Posts: 1
User Since: 2nd Apr 2009
System Score: N/A
Location: US
Last edited on 11th Sep, 2011 17:22
something isn't right, then, if GTK bundled with an application is not supposed to be detected as vulnerable... i say this because i do not have any GTK installation at all on my machine yet PSI is telling me that the libgdk-win32-2.0-0.dll in my latest wireshark is vulnerable... however, here's the WTH part... PSI says that it detects version 2.16.6.0 but the properties of the dll state that it is 2.22.1.0... something is quite wrong somewhere...

i was asked by the wireshark developer(s) if PSI was just looking at one or two factors and then calling the dll vulnerable or if PSI actually tested the dll in question... the real question is what factors is PSI using to determine the version of the dll in question? obviously it is not reading the information inside the dll like the properties show :)

EDIT never mind... i just read another thread related to this and have performed yet another full scan... this was the 3rd or 4th full scan i've done in the last two days... this one seems to have worked and now the file in question on my system is not detected as being vulnerable... thanks, Secunia! ;) /EDIT
Was this reply relevant?
+0
-0
This user no longer exists RE: Dificulty to update
Member 12th Sep, 2011 09:25
Hi,

Glad to hear you are now all fixed.

If you are in communication with the Wireshark team, you may inform them that we look at the metadata of the file in question, and that this is the only place the PSI draws it's versioning info. It does not test any exploits against the files - This would be intrusive scanning, and Secunia aims to offers the best non-intrusive scanning in the market.

Hope this helps.
Was this reply relevant?
+0
-0

This thread has been marked as locked.