[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070802061537.GO9617@outflux.net>
Date: Wed, 1 Aug 2007 23:15:37 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-494-1] Gimp vulnerability
===========================================================
Ubuntu Security Notice USN-494-1 August 02, 2007
gimp vulnerability
CVE-2006-4519
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
gimp 2.2.11-1ubuntu3.4
Ubuntu 6.10:
gimp 2.2.13-1ubuntu3.3
Ubuntu 7.04:
gimp 2.2.13-1ubuntu4.3
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Sean Larsson discovered multiple integer overflows in Gimp. By tricking
a user into opening a specially crafted DICOM, PNM, PSD, PSP, RAS, XBM,
or XWD image, a remote attacker could exploit this to execute arbitrary
code with the user's privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.4.diff.gz
Size/MD5: 40714 e96cfd660a58bc8288c988b969157d6b
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.4.dsc
Size/MD5: 1264 d450d6ab08bf1c072d311ba71072791f
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11.orig.tar.gz
Size/MD5: 18549092 c4312189e3a7f869a26874854dc6a1d7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-data_2.2.11-1ubuntu3.4_all.deb
Size/MD5: 2093694 d16fb4c13ac33029dff5dc32e8e552d4
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-doc_2.2.11-1ubuntu3.4_all.deb
Size/MD5: 527776 d895ca836319b95386904d8efda512a9
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-dbg_2.2.11-1ubuntu3.4_amd64.deb
Size/MD5: 8475322 63ec56235fad14ab72ab96679b944f05
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.11-1ubuntu3.4_amd64.deb
Size/MD5: 53378 fc4a117ee1bc83bd27eb56297a6fa0dd
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.11-1ubuntu3.4_amd64.deb
Size/MD5: 133776 e50ab7750e11e7e4c9e1919f3b484005
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.11-1ubuntu3.4_amd64.deb
Size/MD5: 53436 efd05f053cf35f1049d53d6c0963047b
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.4_amd64.deb
Size/MD5: 3149614 f4229dd88a78787d8e373bce18105215
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.11-1ubuntu3.4_amd64.deb
Size/MD5: 108984 0b1336e1ac4e2211eac44fb4c129b1f2
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.11-1ubuntu3.4_amd64.deb
Size/MD5: 453724 aaafa0232a9a42c46bf1461dafd7b86d
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-dbg_2.2.11-1ubuntu3.4_i386.deb
Size/MD5: 7197820 1b987d4594f0f45a0ac668e9640f632e
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.11-1ubuntu3.4_i386.deb
Size/MD5: 52076 2a708b944d8e2aeaecdb756b676e8cb8
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.11-1ubuntu3.4_i386.deb
Size/MD5: 126150 73cd34003a262b96510a8af3b4b4aac3
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.11-1ubuntu3.4_i386.deb
Size/MD5: 52504 897af1ccc8ae7d8755e8d4660f017af1
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.4_i386.deb
Size/MD5: 2779336 35c21e1c52949d6ce5c92b76ef38f7f1
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.11-1ubuntu3.4_i386.deb
Size/MD5: 109000 20b2c8c342dd911a05d5e0a3873a2e68
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.11-1ubuntu3.4_i386.deb
Size/MD5: 410586 ca461595eae44fd4baee26785940b423
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-dbg_2.2.11-1ubuntu3.4_powerpc.deb
Size/MD5: 8507148 ca9c4f366ce537ed55b720a89c029ea4
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.11-1ubuntu3.4_powerpc.deb
Size/MD5: 53842 94fccb99502f4997be925b12d63acf16
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.11-1ubuntu3.4_powerpc.deb
Size/MD5: 129688 fe89075ba197890ff94407c1cdbb04b1
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.11-1ubuntu3.4_powerpc.deb
Size/MD5: 54504 1d1cb56601efa23820e4769e87b023bf
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.4_powerpc.deb
Size/MD5: 3229686 d02a45ac4edb2f05a104b2c77f6c3223
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.11-1ubuntu3.4_powerpc.deb
Size/MD5: 109008 aaa4cb1499002f20efe288a19ffd64f6
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.11-1ubuntu3.4_powerpc.deb
Size/MD5: 445156 aba29dfcc4b9929cd8209c60ae4223d9
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-dbg_2.2.11-1ubuntu3.4_sparc.deb
Size/MD5: 7495724 d64eb97a23b92f802f6f14c9dd53d424
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.11-1ubuntu3.4_sparc.deb
Size/MD5: 52228 74944a4b65d98b6da67fccfa510ecaa3
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.11-1ubuntu3.4_sparc.deb
Size/MD5: 127460 bf1fd8971a3541ecaa039d36ab65954d
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.11-1ubuntu3.4_sparc.deb
Size/MD5: 52692 816d5bd5cb762429d6b7535efebd77df
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.4_sparc.deb
Size/MD5: 2822954 861508dda7aeb030abc3d61b6f5e1de7
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.11-1ubuntu3.4_sparc.deb
Size/MD5: 109012 5414a692b0ad167fa9029b51b92bba08
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.11-1ubuntu3.4_sparc.deb
Size/MD5: 429062 0d5cd39f28a0500f8751a269e97363f8
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.13-1ubuntu3.3.diff.gz
Size/MD5: 37218 30fa96ec8818a17273572ac7f68e6a04
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.13-1ubuntu3.3.dsc
Size/MD5: 1276 565cdf503fd883d8d08989a8f551ecc3
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.13.orig.tar.gz
Size/MD5: 18816434 20c3cd6b730c11da4d70671ed047f803
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-data_2.2.13-1ubuntu3.3_all.deb
Size/MD5: 2105122 4e2fa9213d2eddc2e3472f81b1062ed9
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-doc_2.2.13-1ubuntu3.3_all.deb
Size/MD5: 556804 6bd4bd9ea06f1f118a0f006f132185f0
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-dbg_2.2.13-1ubuntu3.3_amd64.deb
Size/MD5: 8429844 f7f3b67aed982009fb488cf5c415afb0
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.13-1ubuntu3.3_amd64.deb
Size/MD5: 65436 bd5b465c36a97d143aa7d4d562dcc0a6
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.13-1ubuntu3.3_amd64.deb
Size/MD5: 146194 590332f3b3cbc3edad9025d911c65917
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.13-1ubuntu3.3_amd64.deb
Size/MD5: 65682 2c4355b46c388f2171cc100c7f69744c
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.13-1ubuntu3.3_amd64.deb
Size/MD5: 3227262 c7bd58fff4e374ed89a574e5cd7d2842
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.13-1ubuntu3.3_amd64.deb
Size/MD5: 119978 c6fef6b3e4f9bb576684a197f9998974
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.13-1ubuntu3.3_amd64.deb
Size/MD5: 467154 2f435ca0a12bbb12a49ede229a6fce24
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-dbg_2.2.13-1ubuntu3.3_i386.deb
Size/MD5: 7735134 ecd4d497c1e0d596d2fa772f8e639b24
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.13-1ubuntu3.3_i386.deb
Size/MD5: 64416 dc4d06fafb5a59627ae764c520963632
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.13-1ubuntu3.3_i386.deb
Size/MD5: 139986 7a94f5435890d76efb76afbfb0c6ff25
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.13-1ubuntu3.3_i386.deb
Size/MD5: 64712 90bde79e99c8eeedec8a0ab45667e6ca
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.13-1ubuntu3.3_i386.deb
Size/MD5: 2961882 c0b6dcf6538b5ac86f9d125f9dd203b7
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.13-1ubuntu3.3_i386.deb
Size/MD5: 119992 06d53e7b9e7d0a30ccb2aa8813826096
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.13-1ubuntu3.3_i386.deb
Size/MD5: 434618 75b211153c355592955b38d21c5220af
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-dbg_2.2.13-1ubuntu3.3_powerpc.deb
Size/MD5: 8626876 333d0666fbd892d3f1738fbe14da9c47
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.13-1ubuntu3.3_powerpc.deb
Size/MD5: 65890 9adec551deb8de1935b68549ab9c3791
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.13-1ubuntu3.3_powerpc.deb
Size/MD5: 142454 fbc0d591472e294655651fa807e57553
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.13-1ubuntu3.3_powerpc.deb
Size/MD5: 66524 3d00c54e0b92bb521f4157500d7f7fb0
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.13-1ubuntu3.3_powerpc.deb
Size/MD5: 3333888 a708499f06c57056f7b5ae651fceda12
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.13-1ubuntu3.3_powerpc.deb
Size/MD5: 119994 c9b345c690051ed7efeb806574581d42
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.13-1ubuntu3.3_powerpc.deb
Size/MD5: 460444 2d2699e7c0e86b92d0236c71832bf899
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-dbg_2.2.13-1ubuntu3.3_sparc.deb
Size/MD5: 7822108 cf608fc53706c60a8260c66a36e6ad28
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.13-1ubuntu3.3_sparc.deb
Size/MD5: 64300 854ff8a7d2635398edb7c7ae459f9bb9
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.13-1ubuntu3.3_sparc.deb
Size/MD5: 140090 c48e6e79544c182bbe1fc303a94eeb76
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.13-1ubuntu3.3_sparc.deb
Size/MD5: 64816 a8a5e932b0370d45f71edd78be76fa74
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.13-1ubuntu3.3_sparc.deb
Size/MD5: 2916898 5209249169b8c146d34023b8df3d3070
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.13-1ubuntu3.3_sparc.deb
Size/MD5: 119992 ddf0fdb8f18ae4410fc23152b72da2d4
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.13-1ubuntu3.3_sparc.deb
Size/MD5: 442072 2f9fd937bac1b6a27ab12c30d5e5def0
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.13-1ubuntu4.3.diff.gz
Size/MD5: 37327 30a6e5192d93d10c893bb7225d9d419d
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.13-1ubuntu4.3.dsc
Size/MD5: 1360 8d8f41ad1544cf07929f64d707393555
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.13.orig.tar.gz
Size/MD5: 18816434 20c3cd6b730c11da4d70671ed047f803
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-data_2.2.13-1ubuntu4.3_all.deb
Size/MD5: 2105164 cf95796e377bf56b47463f23c4c61949
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-doc_2.2.13-1ubuntu4.3_all.deb
Size/MD5: 556852 95f5dc92da9e00ffef1a68bdf144901a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-dbg_2.2.13-1ubuntu4.3_amd64.deb
Size/MD5: 8447654 e03d8452b4dc2683576cb446b066108d
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.13-1ubuntu4.3_amd64.deb
Size/MD5: 65582 f3cc1c311b7287f5dc6a923b92208553
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.13-1ubuntu4.3_amd64.deb
Size/MD5: 146060 d02578ce45a27476457d19b13eb17f9f
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.13-1ubuntu4.3_amd64.deb
Size/MD5: 65830 7591c7b7d3ccb439cb324f54d2580f45
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.13-1ubuntu4.3_amd64.deb
Size/MD5: 3243518 c203ec15570ab2fe7dd97764e2e94a7a
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.13-1ubuntu4.3_amd64.deb
Size/MD5: 120088 95903f7a43680da53404664e7ca3e50b
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.13-1ubuntu4.3_amd64.deb
Size/MD5: 473860 5a4beaea2dcaed31ca6f887af98b7ea6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-dbg_2.2.13-1ubuntu4.3_i386.deb
Size/MD5: 7739436 cdebe9769c87b14587e27d80d19c8070
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.13-1ubuntu4.3_i386.deb
Size/MD5: 64574 81e350bc6db9c2c343f968b9154e5d26
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.13-1ubuntu4.3_i386.deb
Size/MD5: 140008 b16c57dd4eea636dd55e019837d897fe
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.13-1ubuntu4.3_i386.deb
Size/MD5: 64892 a721fd8ba8243e26c6a6c51f6628f2a3
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.13-1ubuntu4.3_i386.deb
Size/MD5: 2970832 a13ebcdc84528ef1ad68d043daad7f68
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.13-1ubuntu4.3_i386.deb
Size/MD5: 120064 9d5921414d712e836b82105c9ded0c41
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.13-1ubuntu4.3_i386.deb
Size/MD5: 441274 b02ee7097a4554433ba3ea81400b9666
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-dbg_2.2.13-1ubuntu4.3_powerpc.deb
Size/MD5: 8636488 8f46fb5aeb54e5fd64f76a7d6c3386ad
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.13-1ubuntu4.3_powerpc.deb
Size/MD5: 68832 40e8498b023b28eaec0ba6efd10d73cf
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.13-1ubuntu4.3_powerpc.deb
Size/MD5: 146312 bdb88ff597b4ffb37d9cbf87be43da81
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.13-1ubuntu4.3_powerpc.deb
Size/MD5: 69446 0c07d53b90be388295e0e4e2e8c40983
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.13-1ubuntu4.3_powerpc.deb
Size/MD5: 3630398 5f9d2b8ad002bad7880dca7dd0c24f6e
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.13-1ubuntu4.3_powerpc.deb
Size/MD5: 120068 9549d79c33480f047a686fe69a866a5f
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.13-1ubuntu4.3_powerpc.deb
Size/MD5: 491346 9742b67190d3042704ac1e26e7b72d35
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-dbg_2.2.13-1ubuntu4.3_sparc.deb
Size/MD5: 7839368 45b55e3efe27d353994576fb233a7227
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.13-1ubuntu4.3_sparc.deb
Size/MD5: 65240 7055ad252983715abdf1bdb626b51741
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.13-1ubuntu4.3_sparc.deb
Size/MD5: 140140 d460fbc79dd073306b7a430bb6bf9996
http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.13-1ubuntu4.3_sparc.deb
Size/MD5: 65744 8640ba27ca107016aa36c8b42fcba581
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.13-1ubuntu4.3_sparc.deb
Size/MD5: 3020190 c1ee9867ce308e43538079c44c32c6ca
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.13-1ubuntu4.3_sparc.deb
Size/MD5: 120070 7c5d526dbd97a440b5f6a643574e225d
http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.13-1ubuntu4.3_sparc.deb
Size/MD5: 449276 85102704598c1650aad8e0f2b8911353
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
Powered by blists - more mailing lists