lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060721161821.GA6316@galadriel.inutil.org>
Date: Fri, 21 Jul 2006 18:18:21 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1116-1] New gimp packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1116-1                    security@...ian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
July 21st, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gimp
Vulnerability  : buffer overflow
Problem-Type   : local(remote)
Debian-specific: no
CVE ID         : CVE-2006-3404
Debian Bug     : 377049

Henning Makholm discovered a buffer overflow in the XCF loading code
of Gimp, an image editing program. Opening a specially crafted XCF
image might cause the application to execute arbitrary code.

For the stable distribution (sarge) this problem has been fixed in
version 2.2.6-1sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.2.11-3.1.

We recommend that you upgrade your gimp package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1.dsc
      Size/MD5 checksum:     1089 979559b33614105fa58413378d7c204b
    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1.diff.gz
      Size/MD5 checksum:    26122 c56e7ce33568fa577bb965d91a5c9e1c
    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6.orig.tar.gz
      Size/MD5 checksum: 20496404 a6450200858c59bb46ace6987f1fc6ee

  Architecture independent components:

    http://security.debian.org/pool/updates/main/g/gimp/gimp-data_2.2.6-1sarge1_all.deb
      Size/MD5 checksum:  6276584 013c82da61ca8f0c34e7b02995f9a2dc
    http://security.debian.org/pool/updates/main/g/gimp/gimp1.2_2.2.6-1sarge1_all.deb
      Size/MD5 checksum:    31674 f5bf9b1c4d272b6d6a293da92ff1b4cc
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-doc_2.2.6-1sarge1_all.deb
      Size/MD5 checksum:   514958 5dcc11d084fd4e79e055493205cded03

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_alpha.deb
      Size/MD5 checksum:  3872520 f14c5800c1bb4da15eef57a6c9122c61
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_alpha.deb
      Size/MD5 checksum:    44970 2476f295f24498674678c8f21b35f26f
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_alpha.deb
      Size/MD5 checksum:   126646 244ae4e14a57803e0e04eed254ee845b
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_alpha.deb
      Size/MD5 checksum:    44794 5cc2a15a835d6649bbebdd068beaf5d3
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_alpha.deb
      Size/MD5 checksum:   576492 bf73a2b8130cc7a945cdcccb0546ce0b
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_alpha.deb
      Size/MD5 checksum:    98262 7ff13a929c089f127fd29836f780dd38

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_amd64.deb
      Size/MD5 checksum:  3266104 17d46a5010fb7451f6dfbd783caf73e6
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_amd64.deb
      Size/MD5 checksum:    43722 0956d860d60ff4394ca0c9b9aac2957f
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_amd64.deb
      Size/MD5 checksum:   122012 61a1ca703333bfad94692943c0e6ba86
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_amd64.deb
      Size/MD5 checksum:    43464 496e21eff61fedf892eb2f8a52e92857
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_amd64.deb
      Size/MD5 checksum:   543840 224ea85332d7e525aafa14cb1a639614
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_amd64.deb
      Size/MD5 checksum:    98234 a9f687bb252e9adbc91f81b67e42d3d9

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_arm.deb
      Size/MD5 checksum:  2938416 b0901f13d679d1bb41e91c56f22c41d8
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_arm.deb
      Size/MD5 checksum:    41934 042f39449706ba1362676520935d98a0
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_arm.deb
      Size/MD5 checksum:   114028 d3adb0e677eee5f8484674f1ec29ef11
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_arm.deb
      Size/MD5 checksum:    42280 2300ed4a4de2537e30ad4f4df2cf540d
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_arm.deb
      Size/MD5 checksum:   507710 0592a4510f85ebb8c03e74cb2d410d95
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_arm.deb
      Size/MD5 checksum:    98332 57de081bea0749832e5c82e6cbdb28e9

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_i386.deb
      Size/MD5 checksum:  3087556 d4a3d583f932d75e1c49f72a32e9de56
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_i386.deb
      Size/MD5 checksum:    42692 35dedb9373d46897709de62a6ba56f22
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_i386.deb
      Size/MD5 checksum:   117012 0a76a982e406a236658882f2dabdf464
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_i386.deb
      Size/MD5 checksum:    43238 4e585d74f341874b8a31aad60d246caf
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_i386.deb
      Size/MD5 checksum:   521758 bc33f00f99995ffd91ff9bb84c83c4c1
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_i386.deb
      Size/MD5 checksum:    98248 a7d5db0fdf8401bdaef4a9266db6c705

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_ia64.deb
      Size/MD5 checksum:  4581614 af2d82f8c7d4373286f6872709d8bca4
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_ia64.deb
      Size/MD5 checksum:    46600 9186a0e6efb81e461d725fa761694f07
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_ia64.deb
      Size/MD5 checksum:   135808 7fa53fef4e3772b8f3087e9c5e37e5a0
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_ia64.deb
      Size/MD5 checksum:    46852 24434b0212a6792901bc9e2fbbd2bb1f
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_ia64.deb
      Size/MD5 checksum:   632324 c4335842b443c43c0dbe68797264d943
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_ia64.deb
      Size/MD5 checksum:    98240 f07c6a9cd8f7941ff7fd4a93589f7973

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_hppa.deb
      Size/MD5 checksum:  3468190 e9a04a87c97ee78815a3e332dbcccff8
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_hppa.deb
      Size/MD5 checksum:    43394 fed2f6e699416c5a03c1d3a130554418
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_hppa.deb
      Size/MD5 checksum:   125686 19e8ee051e193546d55788c7b3fb1e7d
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_hppa.deb
      Size/MD5 checksum:    43720 b4c52c60b267751689bc57fe7f1e3ded
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_hppa.deb
      Size/MD5 checksum:   583078 bda2acb1a3b23edcd435730ea9c6cd0c
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_hppa.deb
      Size/MD5 checksum:    98302 618bf48bcfe82ee886ad1ec2c9da8746

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_m68k.deb
      Size/MD5 checksum:  2697910 e90af18d0136fbf8d60e2089bac3dbc0
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_m68k.deb
      Size/MD5 checksum:    42302 6cffc71d58aa261293428323840eadfa
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_m68k.deb
      Size/MD5 checksum:   118392 e533fe00cf69d53713fea16f7c3c351b
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_m68k.deb
      Size/MD5 checksum:    42140 b77201f3a42f7be876c13ce803833891
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_m68k.deb
      Size/MD5 checksum:   520078 29e62d2417f9d4bd266e81a65e4d5201
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_m68k.deb
      Size/MD5 checksum:    98478 fe3705144e976a25c49330f2d0f958ab

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_mips.deb
      Size/MD5 checksum:  3448914 3236ee1f78e5d6a30cece944ea1c149e
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_mips.deb
      Size/MD5 checksum:    42690 e3a903955904332f1d6e14341de5c55d
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_mips.deb
      Size/MD5 checksum:   116280 4e4425ac5ccf0f7923aaa33817f4d3a9
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_mips.deb
      Size/MD5 checksum:    42960 8b6f4e92ed5b881e74fca99c4eac478f
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_mips.deb
      Size/MD5 checksum:   524600 978e3ab35f44bd1e516ded87d0fa1a11
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_mips.deb
      Size/MD5 checksum:    98256 b34836f926dea9bc7855c4fec1313db2

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_mipsel.deb
      Size/MD5 checksum:  3445558 fa88e0923517217e1ebc47dcc9e13e91
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_mipsel.deb
      Size/MD5 checksum:    42626 7df6dd0e0bcf0fd800b603ff62b088e4
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_mipsel.deb
      Size/MD5 checksum:   115598 f5e2fa780ab32a0e8d192209f42cf22c
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_mipsel.deb
      Size/MD5 checksum:    42882 8f2c5ead0311336fe8f9d5f73840bd66
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_mipsel.deb
      Size/MD5 checksum:   522138 172dad30e71dacab1aaedfbe2b9ab404
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_mipsel.deb
      Size/MD5 checksum:    98268 b7ad697195e7a622d584caef468bf24b

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_powerpc.deb
      Size/MD5 checksum:  3341118 c3bd01a81f343030030f7285fd35a9a2
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_powerpc.deb
      Size/MD5 checksum:    43938 66f8bf50052e465ab6306c0f93441fc1
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_powerpc.deb
      Size/MD5 checksum:   118214 7b22438747c7d7eb3ff1112607f36942
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_powerpc.deb
      Size/MD5 checksum:    44314 1452917365ca44d0849fd8783d5dc2b9
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_powerpc.deb
      Size/MD5 checksum:   539510 17896bbe9f778c125eed47e96f2582b0
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_powerpc.deb
      Size/MD5 checksum:    98282 c0c35190756c7bc71306d9e32e20770e

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_s390.deb
      Size/MD5 checksum:  3134704 5e3ee587e3af969dbe6b2acf8add98a6
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_s390.deb
      Size/MD5 checksum:    43896 17adcff9df203fcee2a2eccb4a7a78f6
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_s390.deb
      Size/MD5 checksum:   123904 b0f18ce58f5eb93fa64033b82b64f192
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_s390.deb
      Size/MD5 checksum:    43512 5ec341436fcf87c883a7bdff50eba154
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_s390.deb
      Size/MD5 checksum:   555508 eb2c9b65d19b333113a216499ca5b429
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_s390.deb
      Size/MD5 checksum:    98226 1883143a487595484af2def276b08017

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_sparc.deb
      Size/MD5 checksum:  2929592 ab276607e00e8159b855d2d3ddbd7f49
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_sparc.deb
      Size/MD5 checksum:    42236 0a2217eeb70903e12052b4111aac2c1d
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_sparc.deb
      Size/MD5 checksum:   116426 3eac44e9e3e28330e075385b1197a984
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_sparc.deb
      Size/MD5 checksum:    42440 464fe9823e9544cce55688ed1840bd38
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_sparc.deb
      Size/MD5 checksum:   527522 ea220cad0822aaf7f580c0ad76f44cb2
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_sparc.deb
      Size/MD5 checksum:    98290 b543cfe8b332246e3e33c4d785fa8957


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEwP3pXm3vHE4uyloRAhpFAKCCOZdjTM6ucq4eMsCnjuwL9NLBkgCcCkzh
Fb/SjYzkUD0JG41kcwYFgGM=
=MFLL
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ