drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in GIMP
| Name: |
Ausführen beliebiger Kommandos in GIMP |
|
| ID: |
USN-1214-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
| Datum: |
Fr, 23. September 2011, 12:39 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896 |
|
| Applikationen: |
GIMP |
|
Originalnachricht |
--===============6711970493475647880==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-vY3UEkFxodJfO4ytuEP3"
--=-vY3UEkFxodJfO4ytuEP3
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1214-1
September 22, 2011
gimp vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
GIMP could be made to run programs as your login if it opened a
specially crafted GIF file.
Software Description:
- gimp: The GNU Image Manipulation Program
Details:
Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams.
If a user were tricked into opening a specially crafted GIF image file, an
attacker could cause GIMP to crash, or possibly execute arbitrary code with
the user's privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
gimp 2.6.11-1ubuntu6.2
Ubuntu 10.10:
gimp 2.6.10-1ubuntu3.4
Ubuntu 10.04 LTS:
gimp 2.6.8-2ubuntu1.4
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1214-1
CVE-2011-2896
Package Information:
https://launchpad.net/ubuntu/+source/gimp/2.6.11-1ubuntu6.2
https://launchpad.net/ubuntu/+source/gimp/2.6.10-1ubuntu3.4
https://launchpad.net/ubuntu/+source/gimp/2.6.8-2ubuntu1.4
--ßY3UEkFxodJfO4ytuEP3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOe1kSAAoJEGVp2FWnRL6TF4AP/2Wz+xTThwZCupy+bPqTLFQ6
wms+ZF+i8fBQCy+Hn2FBVi6y4IilMNr/lgE9vrlRkUeOivqBNhCbLPY8IBMvzSRo
0FcArcxrW9htvM9SzHwbtmY3Y5iGvtP5iUWi7pzPKqj2N7KAlflCQl8HKWmSEODk
NeVerRfiileDzp271a4eCCB/VBuyQv2yn+/5ZDF9Y99LDu98NK2iKVlgvxZBw89l
xQTKJiTsFqU6cIQL14EhDtkhB83PqHKfIeecfZEmxxFPciIfVQtLWP4yldlqTjm3
LpVmrr0jUoV0BDpdWtnd1D8mygtReG5vU6w1xmsiWpJLPw1L4R1H4wkUHhzUzsdH
Z7VMxwURe17RGBPO6hQTm2FsT+HogRVlSWRA5LqElhw0PgmsJOK79SUrtfr3Jzns
NNQhMXqbCQCQru4ktpgYD5r/5F/bbIMboXLTBnVner3iluiczIEbmyH4mYor2BM+
nQvRJMB+Uowl93MtrwGVFKaBAxiQDOWpXhfVZI36AC6llKZHTsoc9s5Dpb4h1kqU
QfqnEzRI4HTpDF3O8wc8/YrQslEvS5MMhALGOmiikDYwaNtbbn+JgyLkHWwFkP73
uMTP9IPVY+o9gMaJ3gkfEkvZUMU4gKZE+AdrMaAd/YZ1amWikdpjDM7WJT+XD/9H
xoXxHzidmvPu1DqN5iF5
=vVGH
-----END PGP SIGNATURE-----
--=-vY3UEkFxodJfO4ytuEP3--
--===============6711970493475647880==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6711970493475647880==--
|
|
|
|
