lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1Hqf3x-0001eC-9m@artemis.annvix.ca>
Date: Tue, 22 May 2007 18:50:49 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:108 ] - Updated gimp packages fix
 stack overflow in sunras plugin


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:108
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gimp
 Date    : May 22, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Marsu discovered a stack overflow issue in the GIMP's RAS file loader.
 An attacker could create a carefully crafted file that would cause
 the GIMP to crash or potentially execute arbitrary code as the user
 opening the file.
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2356
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 6f2d2ba676a78bc9c8637e594cc7695c  2007.0/i586/gimp-2.3.10-6.2mdv2007.0.i586.rpm
 e961d511b0a4467c0a71da1abed2d9e1  2007.0/i586/gimp-python-2.3.10-6.2mdv2007.0.i586.rpm
 c86f942a4a0e60b29a6c25a9ae1a2aa6  2007.0/i586/libgimp2.0-devel-2.3.10-6.2mdv2007.0.i586.rpm
 bdc40e9348c25965085ab2d38fabca3a  2007.0/i586/libgimp2.0_0-2.3.10-6.2mdv2007.0.i586.rpm 
 4b3fd719205b5783c8e95b26152754c1  2007.0/SRPMS/gimp-2.3.10-6.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 9d649e883a907a4ee14a01bf20d852a0  2007.0/x86_64/gimp-2.3.10-6.2mdv2007.0.x86_64.rpm
 acebf4019818c698ffa5490226e67b17  2007.0/x86_64/gimp-python-2.3.10-6.2mdv2007.0.x86_64.rpm
 4dd4c15971e1940ef4cadb72c634ddf2  2007.0/x86_64/lib64gimp2.0-devel-2.3.10-6.2mdv2007.0.x86_64.rpm
 3206abfb7c40c66ae0b1900d09ba3ac7  2007.0/x86_64/lib64gimp2.0_0-2.3.10-6.2mdv2007.0.x86_64.rpm 
 4b3fd719205b5783c8e95b26152754c1  2007.0/SRPMS/gimp-2.3.10-6.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 a1ab4c6bd8adc03e8dff8d571ea71238  2007.1/i586/gimp-2.3.14-3.1mdv2007.1.i586.rpm
 df478231fee2f1746100a63ddee9fa1c  2007.1/i586/gimp-python-2.3.14-3.1mdv2007.1.i586.rpm
 1e6e115efe6311a08221e59ff0202add  2007.1/i586/libgimp2.0-devel-2.3.14-3.1mdv2007.1.i586.rpm
 c0ca0e48c691d52c057e2e48f126228d  2007.1/i586/libgimp2.0_0-2.3.14-3.1mdv2007.1.i586.rpm 
 dbd612719f10a2b5f17766baf33994f6  2007.1/SRPMS/gimp-2.3.14-3.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 61be8d037ff7bb07dbd9456bc787d59c  2007.1/x86_64/gimp-2.3.14-3.1mdv2007.1.x86_64.rpm
 809dde5e40c10a22ffa71f79c969c144  2007.1/x86_64/gimp-python-2.3.14-3.1mdv2007.1.x86_64.rpm
 c16813e13a87f367e29336cf3e2e2cdc  2007.1/x86_64/lib64gimp2.0-devel-2.3.14-3.1mdv2007.1.x86_64.rpm
 fef1cea1d6c4938053b6844b22c359e4  2007.1/x86_64/lib64gimp2.0_0-2.3.14-3.1mdv2007.1.x86_64.rpm 
 dbd612719f10a2b5f17766baf33994f6  2007.1/SRPMS/gimp-2.3.14-3.1mdv2007.1.src.rpm

 Corporate 3.0:
 8b03f11448dbb4e94e2b8b8dc5224fa2  corporate/3.0/i586/gimp-1.2.5-13.1.C30mdk.i586.rpm
 e2bf163b19111bd0375574ac94f815a0  corporate/3.0/i586/gimp-doc-1.2.5-13.1.C30mdk.i586.rpm
 5818d368ee1d660e4c8f15f5e9ac7ebf  corporate/3.0/i586/gimp-perl-1.2.5-13.1.C30mdk.i586.rpm
 4c6769052b0ffc3929191cd357983345  corporate/3.0/i586/libgimp1.2-1.2.5-13.1.C30mdk.i586.rpm
 249569270aca413afc117b1decff2a18  corporate/3.0/i586/libgimp1.2_1-1.2.5-13.1.C30mdk.i586.rpm
 13297c783d7b0c16eb86530025e746bb  corporate/3.0/i586/libgimp1.2_1-devel-1.2.5-13.1.C30mdk.i586.rpm 
 88ffadd4803267b9271909c2584bd8d8  corporate/3.0/SRPMS/gimp-1.2.5-13.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 0b447fbcd1c904381bf2447a314d89af  corporate/3.0/x86_64/gimp-1.2.5-13.1.C30mdk.x86_64.rpm
 96df5c88bdee06776d0eae5108508c72  corporate/3.0/x86_64/gimp-doc-1.2.5-13.1.C30mdk.x86_64.rpm
 5275b1da8478c720e516cce148629e86  corporate/3.0/x86_64/gimp-perl-1.2.5-13.1.C30mdk.x86_64.rpm
 0ed195ecae3bcfc25994dee7d8f88134  corporate/3.0/x86_64/lib64gimp1.2-1.2.5-13.1.C30mdk.x86_64.rpm
 968cb26a97556435cd19b5f1ee3199e6  corporate/3.0/x86_64/lib64gimp1.2_1-1.2.5-13.1.C30mdk.x86_64.rpm
 3054dc681958467b93d83d98351de5da  corporate/3.0/x86_64/lib64gimp1.2_1-devel-1.2.5-13.1.C30mdk.x86_64.rpm 
 88ffadd4803267b9271909c2584bd8d8  corporate/3.0/SRPMS/gimp-1.2.5-13.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGU2TfmqjQ0CJFipgRAqsoAKDf5o0W3r85senIJHTQDhLp68EfPwCfXfyk
M58c1ggv4+7N+5pF4U77xWo=
=RM0Q
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ