Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in GIMP
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in GIMP
ID: MDVSA-2011:103
Distribution: Mandriva
Plattformen: Mandriva 2009.0, Mandriva Enterprise Server 5.0, Mandriva 2010.1
Datum: So, 29. Mai 2011, 21:10
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1782
Applikationen: GIMP

Originalnachricht

This is a multi-part message in MIME format...

------------=_1306687146-2461-39

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:103
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gimp
Date : May 29, 2011
Affected: 2009.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities was discovered and fixed in gimp:

Stack-based buffer overflow in the "LIGHTING EFFECTS >
LIGHT" plugin in
GIMP 2.6.11 allows user-assisted remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code
via a long Position field in a plugin configuration file. NOTE:
it may be uncommon to obtain a GIMP plugin configuration file from
an untrusted source that is separate from the distribution of the
plugin itself (CVE-2010-4540).

Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP
2.6.11 allows user-assisted remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
long Number of lights field in a plugin configuration file. NOTE:
it may be uncommon to obtain a GIMP plugin configuration file from
an untrusted source that is separate from the distribution of the
plugin itself (CVE-2010-4541).

Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11
allows user-assisted remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a long
Foreground field in a plugin configuration file. NOTE: it may be
uncommon to obtain a GIMP plugin configuration file from an untrusted
source that is separate from the distribution of the plugin itself
(CVE-2010-4542).

Heap-based buffer overflow in the read_channel_data function in
file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows
remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE
compression) image file that begins a long run count at the end of
the image (CVE-2010-4543, CVE-2011-1782).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php\?cPath=149\&products_id=490

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1782
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
7c02d4aa8eae727861eb0920dd3483b2 2009.0/i586/gimp-2.4.7-1.2mdv2009.0.i586.rpm
45c06cdb705f4c617b71bec50c455c26
2009.0/i586/gimp-python-2.4.7-1.2mdv2009.0.i586.rpm
57fb06ee874653cf94881817b6690394
2009.0/i586/libgimp2.0_0-2.4.7-1.2mdv2009.0.i586.rpm
91a7961f7e95b7597a97a5548814c063
2009.0/i586/libgimp2.0-devel-2.4.7-1.2mdv2009.0.i586.rpm
20e6ed8705feb5acb1cdaf7831beeeee 2009.0/SRPMS/gimp-2.4.7-1.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
ab317b4e3f3be709a2873f84ce30c215
2009.0/x86_64/gimp-2.4.7-1.2mdv2009.0.x86_64.rpm
8a6bfb9b582f2a0d9cccd5a972b568e4
2009.0/x86_64/gimp-python-2.4.7-1.2mdv2009.0.x86_64.rpm
941103b8e1655a5a064192bd6e20b6a9
2009.0/x86_64/lib64gimp2.0_0-2.4.7-1.2mdv2009.0.x86_64.rpm
dd8c18b873a2178540d32285dee26879
2009.0/x86_64/lib64gimp2.0-devel-2.4.7-1.2mdv2009.0.x86_64.rpm
20e6ed8705feb5acb1cdaf7831beeeee 2009.0/SRPMS/gimp-2.4.7-1.2mdv2009.0.src.rpm

Mandriva Linux 2010.1:
b4934e6c63a58a89e26ce5a8bd4dd0aa 2010.1/i586/gimp-2.6.8-3.1mdv2010.2.i586.rpm
cf9cd4f6c93ca1108daaa839441e41a3
2010.1/i586/gimp-python-2.6.8-3.1mdv2010.2.i586.rpm
c096ed34e2e0272272d01bc01b640bfb
2010.1/i586/libgimp2.0_0-2.6.8-3.1mdv2010.2.i586.rpm
df803b5a43613d2b67c3cf61bbb1e39c
2010.1/i586/libgimp2.0-devel-2.6.8-3.1mdv2010.2.i586.rpm
74c23d2b743d532a989e7dec401e1f66 2010.1/SRPMS/gimp-2.6.8-3.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
e8458c9df877106443fac58d804c9465
2010.1/x86_64/gimp-2.6.8-3.1mdv2010.2.x86_64.rpm
26edfcc18b11395426f7fcdbf0b08b2f
2010.1/x86_64/gimp-python-2.6.8-3.1mdv2010.2.x86_64.rpm
874338737686abb415ee3df1efb3a57e
2010.1/x86_64/lib64gimp2.0_0-2.6.8-3.1mdv2010.2.x86_64.rpm
c11c04938bac89c9735429a4fcbd276e
2010.1/x86_64/lib64gimp2.0-devel-2.6.8-3.1mdv2010.2.x86_64.rpm
74c23d2b743d532a989e7dec401e1f66 2010.1/SRPMS/gimp-2.6.8-3.1mdv2010.2.src.rpm

Mandriva Enterprise Server 5:
a858be803cf318a4bf65cb3f98537928 mes5/i586/gimp-2.4.7-1.2mdvmes5.2.i586.rpm
34f3115b398f3e8c0c0ff3570c133db2
mes5/i586/gimp-python-2.4.7-1.2mdvmes5.2.i586.rpm
9bd4f53d61bc99f82aa0c202832a1e31
mes5/i586/libgimp2.0_0-2.4.7-1.2mdvmes5.2.i586.rpm
c4a5ff2e425ce131a5366108e5275cf9
mes5/i586/libgimp2.0-devel-2.4.7-1.2mdvmes5.2.i586.rpm
4211449a29646f79f66586d858833f1d mes5/SRPMS/gimp-2.4.7-1.2mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
728cc2a6f12144650862438c9675f3e6
mes5/x86_64/gimp-2.4.7-1.2mdvmes5.2.x86_64.rpm
96586a84019b3da23e0da6b64c8deb7b
mes5/x86_64/gimp-python-2.4.7-1.2mdvmes5.2.x86_64.rpm
eed9cf47737fa79778b4907c8d7ee274
mes5/x86_64/lib64gimp2.0_0-2.4.7-1.2mdvmes5.2.x86_64.rpm
7ae6020f94251df98fe667336677b25e
mes5/x86_64/lib64gimp2.0-devel-2.4.7-1.2mdvmes5.2.x86_64.rpm
4211449a29646f79f66586d858833f1d mes5/SRPMS/gimp-2.4.7-1.2mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFN4kbemqjQ0CJFipgRAt+yAKCZRS8hvsbbv0x4neqZ9BvIh9TN3ACcDDgR
yhS4p+P7b9jJKyzsYSUV3DM=
=eQm1
-----END PGP SIGNATURE-----


------------=_1306687146-2461-39
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1306687146-2461-39--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung