[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1QQiz7-000822-BA@titan.mandriva.com>
Date: Sun, 29 May 2011 18:37:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:103 ] gimp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:103
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gimp
Date : May 29, 2011
Affected: 2009.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities was discovered and fixed in gimp:
Stack-based buffer overflow in the "LIGHTING EFFECTS > LIGHT" plugin in
GIMP 2.6.11 allows user-assisted remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code
via a long Position field in a plugin configuration file. NOTE:
it may be uncommon to obtain a GIMP plugin configuration file from
an untrusted source that is separate from the distribution of the
plugin itself (CVE-2010-4540).
Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP
2.6.11 allows user-assisted remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
long Number of lights field in a plugin configuration file. NOTE:
it may be uncommon to obtain a GIMP plugin configuration file from
an untrusted source that is separate from the distribution of the
plugin itself (CVE-2010-4541).
Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11
allows user-assisted remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a long
Foreground field in a plugin configuration file. NOTE: it may be
uncommon to obtain a GIMP plugin configuration file from an untrusted
source that is separate from the distribution of the plugin itself
(CVE-2010-4542).
Heap-based buffer overflow in the read_channel_data function in
file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows
remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE
compression) image file that begins a long run count at the end of
the image (CVE-2010-4543, CVE-2011-1782).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php\?cPath=149\&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1782
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
7c02d4aa8eae727861eb0920dd3483b2 2009.0/i586/gimp-2.4.7-1.2mdv2009.0.i586.rpm
45c06cdb705f4c617b71bec50c455c26 2009.0/i586/gimp-python-2.4.7-1.2mdv2009.0.i586.rpm
57fb06ee874653cf94881817b6690394 2009.0/i586/libgimp2.0_0-2.4.7-1.2mdv2009.0.i586.rpm
91a7961f7e95b7597a97a5548814c063 2009.0/i586/libgimp2.0-devel-2.4.7-1.2mdv2009.0.i586.rpm
20e6ed8705feb5acb1cdaf7831beeeee 2009.0/SRPMS/gimp-2.4.7-1.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
ab317b4e3f3be709a2873f84ce30c215 2009.0/x86_64/gimp-2.4.7-1.2mdv2009.0.x86_64.rpm
8a6bfb9b582f2a0d9cccd5a972b568e4 2009.0/x86_64/gimp-python-2.4.7-1.2mdv2009.0.x86_64.rpm
941103b8e1655a5a064192bd6e20b6a9 2009.0/x86_64/lib64gimp2.0_0-2.4.7-1.2mdv2009.0.x86_64.rpm
dd8c18b873a2178540d32285dee26879 2009.0/x86_64/lib64gimp2.0-devel-2.4.7-1.2mdv2009.0.x86_64.rpm
20e6ed8705feb5acb1cdaf7831beeeee 2009.0/SRPMS/gimp-2.4.7-1.2mdv2009.0.src.rpm
Mandriva Linux 2010.1:
b4934e6c63a58a89e26ce5a8bd4dd0aa 2010.1/i586/gimp-2.6.8-3.1mdv2010.2.i586.rpm
cf9cd4f6c93ca1108daaa839441e41a3 2010.1/i586/gimp-python-2.6.8-3.1mdv2010.2.i586.rpm
c096ed34e2e0272272d01bc01b640bfb 2010.1/i586/libgimp2.0_0-2.6.8-3.1mdv2010.2.i586.rpm
df803b5a43613d2b67c3cf61bbb1e39c 2010.1/i586/libgimp2.0-devel-2.6.8-3.1mdv2010.2.i586.rpm
74c23d2b743d532a989e7dec401e1f66 2010.1/SRPMS/gimp-2.6.8-3.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
e8458c9df877106443fac58d804c9465 2010.1/x86_64/gimp-2.6.8-3.1mdv2010.2.x86_64.rpm
26edfcc18b11395426f7fcdbf0b08b2f 2010.1/x86_64/gimp-python-2.6.8-3.1mdv2010.2.x86_64.rpm
874338737686abb415ee3df1efb3a57e 2010.1/x86_64/lib64gimp2.0_0-2.6.8-3.1mdv2010.2.x86_64.rpm
c11c04938bac89c9735429a4fcbd276e 2010.1/x86_64/lib64gimp2.0-devel-2.6.8-3.1mdv2010.2.x86_64.rpm
74c23d2b743d532a989e7dec401e1f66 2010.1/SRPMS/gimp-2.6.8-3.1mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
a858be803cf318a4bf65cb3f98537928 mes5/i586/gimp-2.4.7-1.2mdvmes5.2.i586.rpm
34f3115b398f3e8c0c0ff3570c133db2 mes5/i586/gimp-python-2.4.7-1.2mdvmes5.2.i586.rpm
9bd4f53d61bc99f82aa0c202832a1e31 mes5/i586/libgimp2.0_0-2.4.7-1.2mdvmes5.2.i586.rpm
c4a5ff2e425ce131a5366108e5275cf9 mes5/i586/libgimp2.0-devel-2.4.7-1.2mdvmes5.2.i586.rpm
4211449a29646f79f66586d858833f1d mes5/SRPMS/gimp-2.4.7-1.2mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
728cc2a6f12144650862438c9675f3e6 mes5/x86_64/gimp-2.4.7-1.2mdvmes5.2.x86_64.rpm
96586a84019b3da23e0da6b64c8deb7b mes5/x86_64/gimp-python-2.4.7-1.2mdvmes5.2.x86_64.rpm
eed9cf47737fa79778b4907c8d7ee274 mes5/x86_64/lib64gimp2.0_0-2.4.7-1.2mdvmes5.2.x86_64.rpm
7ae6020f94251df98fe667336677b25e mes5/x86_64/lib64gimp2.0-devel-2.4.7-1.2mdvmes5.2.x86_64.rpm
4211449a29646f79f66586d858833f1d mes5/SRPMS/gimp-2.4.7-1.2mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFN4kbemqjQ0CJFipgRAt+yAKCZRS8hvsbbv0x4neqZ9BvIh9TN3ACcDDgR
yhS4p+P7b9jJKyzsYSUV3DM=
=eQm1
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists