Login
Newsletter
Werbung

Sicherheit: Zahlenüberlauf in gimp
Aktuelle Meldungen Distributionen
Name: Zahlenüberlauf in gimp
ID: MDVSA-2009:296
Distribution: Mandriva
Plattformen: Mandriva 2009.1, Mandriva Enterprise Server 5.0, Mandriva 2010.0
Datum: Fr, 13. November 2009, 17:18
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570
http://secunia.com/secunia_research/2009-42/
Applikationen: GIMP

Originalnachricht

This is a multi-part message in MIME format...

------------=_1258129111-24326-429


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:296
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gimp
Date : November 13, 2009
Affected: 2009.1, 2010.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in gimp:

Integer overflow in the ReadImage function in
plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers
to execute arbitrary code via a BMP file with crafted width and height
values that trigger a heap-based buffer overflow (CVE-2009-1570).

This update provides a solution to this vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570
http://secunia.com/secunia_research/2009-42/
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.1:
883361c0357f4eada0045fd97fb5efbf 2009.1/i586/gimp-2.6.6-3.1mdv2009.1.i586.rpm
13e8b2b9d8f7fe940caa4306240f15ae
2009.1/i586/gimp-python-2.6.6-3.1mdv2009.1.i586.rpm
ef86532635e5fdc4a18c5a8ba333747a
2009.1/i586/libgimp2.0_0-2.6.6-3.1mdv2009.1.i586.rpm
e706dfdb96e53012aa76e7f2e8b31afc
2009.1/i586/libgimp2.0-devel-2.6.6-3.1mdv2009.1.i586.rpm
ee6089191e32c30b460980599fa4519a 2009.1/SRPMS/gimp-2.6.6-3.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
ab041fd27230d29de9f935ddc6534195
2009.1/x86_64/gimp-2.6.6-3.1mdv2009.1.x86_64.rpm
d40cede468a59a403d041e02e50aff10
2009.1/x86_64/gimp-python-2.6.6-3.1mdv2009.1.x86_64.rpm
0a3ab21124ff0bf8471cf999e307cb39
2009.1/x86_64/lib64gimp2.0_0-2.6.6-3.1mdv2009.1.x86_64.rpm
2ff4b0ca8acde92978f218759f2b5245
2009.1/x86_64/lib64gimp2.0-devel-2.6.6-3.1mdv2009.1.x86_64.rpm
ee6089191e32c30b460980599fa4519a 2009.1/SRPMS/gimp-2.6.6-3.1mdv2009.1.src.rpm

Mandriva Linux 2010.0:
8e2057d580d8d5732687d1580b3da6b7 2010.0/i586/gimp-2.6.7-4.1mdv2010.0.i586.rpm
9c4cc91afaba0967bbbfc301214d7065
2010.0/i586/gimp-python-2.6.7-4.1mdv2010.0.i586.rpm
cf6fd4ef23944949095dd2b6dd19193c
2010.0/i586/libgimp2.0_0-2.6.7-4.1mdv2010.0.i586.rpm
ff4531713e2f0d3f07c5dcf6ed212dce
2010.0/i586/libgimp2.0-devel-2.6.7-4.1mdv2010.0.i586.rpm
143714e2ffff6d049c3b62b2d65a0c3c 2010.0/SRPMS/gimp-2.6.7-4.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
0dbc4ee2e958ddfbcb3a9bd4d96f9212
2010.0/x86_64/gimp-2.6.7-4.1mdv2010.0.x86_64.rpm
896b78a5ae1f4d8474629fd2ba80e9f0
2010.0/x86_64/gimp-python-2.6.7-4.1mdv2010.0.x86_64.rpm
d9532b3a4df579c5feab0e9fb1597249
2010.0/x86_64/lib64gimp2.0_0-2.6.7-4.1mdv2010.0.x86_64.rpm
5c1b0b49afca34547cf6d9ade7cbd434
2010.0/x86_64/lib64gimp2.0-devel-2.6.7-4.1mdv2010.0.x86_64.rpm
143714e2ffff6d049c3b62b2d65a0c3c 2010.0/SRPMS/gimp-2.6.7-4.1mdv2010.0.src.rpm

Mandriva Enterprise Server 5:
f50aef592a242933e2755d6635427399 mes5/i586/gimp-2.4.7-1.1mdvmes5.i586.rpm
cea5c73cf0f13d370cbdc48968d14ce7
mes5/i586/gimp-python-2.4.7-1.1mdvmes5.i586.rpm
a8370cf7edf2227fb367c9a1514453ee
mes5/i586/libgimp2.0_0-2.4.7-1.1mdvmes5.i586.rpm
e59ca76d659dcdce759b8dfa62a1d9f9
mes5/i586/libgimp2.0-devel-2.4.7-1.1mdvmes5.i586.rpm
37fda93cf9ed71fa29ef3ab116d70769 mes5/SRPMS/gimp-2.4.7-1.1mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
2e814f6d61b1b34c234a230e2dc925b2 mes5/x86_64/gimp-2.4.7-1.1mdvmes5.x86_64.rpm
dc12989ce4733362d7ef1f6f3bfed0c4
mes5/x86_64/gimp-python-2.4.7-1.1mdvmes5.x86_64.rpm
d4ad33dc97447137e1903790ea8315d8
mes5/x86_64/lib64gimp2.0_0-2.4.7-1.1mdvmes5.x86_64.rpm
10d169f3ee2fcb66b6340e7b9f5b00c4
mes5/x86_64/lib64gimp2.0-devel-2.4.7-1.1mdvmes5.x86_64.rpm
37fda93cf9ed71fa29ef3ab116d70769 mes5/SRPMS/gimp-2.4.7-1.1mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFK/X1BmqjQ0CJFipgRAjC+AKCuQEFw2lrJO8sMCQ6OJTOLWf4TFACg8oyv
EdVsf089tPrCMN582y30ygs=
=w67p
-----END PGP SIGNATURE-----


------------=_1258129111-24326-429
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1258129111-24326-429--
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung