drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in GIMP
Name: |
Ausführen beliebiger Kommandos in GIMP |
|
ID: |
USN-1214-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
Datum: |
Fr, 23. September 2011, 12:39 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896 |
|
Applikationen: |
GIMP |
|
Originalnachricht |
--===============6711970493475647880== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-vY3UEkFxodJfO4ytuEP3"
--=-vY3UEkFxodJfO4ytuEP3 Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1214-1 September 22, 2011
gimp vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS
Summary:
GIMP could be made to run programs as your login if it opened a specially crafted GIF file.
Software Description: - gimp: The GNU Image Manipulation Program
Details:
Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: gimp 2.6.11-1ubuntu6.2
Ubuntu 10.10: gimp 2.6.10-1ubuntu3.4
Ubuntu 10.04 LTS: gimp 2.6.8-2ubuntu1.4
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1214-1 CVE-2011-2896
Package Information: https://launchpad.net/ubuntu/+source/gimp/2.6.11-1ubuntu6.2 https://launchpad.net/ubuntu/+source/gimp/2.6.10-1ubuntu3.4 https://launchpad.net/ubuntu/+source/gimp/2.6.8-2ubuntu1.4
--ßY3UEkFxodJfO4ytuEP3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOe1kSAAoJEGVp2FWnRL6TF4AP/2Wz+xTThwZCupy+bPqTLFQ6 wms+ZF+i8fBQCy+Hn2FBVi6y4IilMNr/lgE9vrlRkUeOivqBNhCbLPY8IBMvzSRo 0FcArcxrW9htvM9SzHwbtmY3Y5iGvtP5iUWi7pzPKqj2N7KAlflCQl8HKWmSEODk NeVerRfiileDzp271a4eCCB/VBuyQv2yn+/5ZDF9Y99LDu98NK2iKVlgvxZBw89l xQTKJiTsFqU6cIQL14EhDtkhB83PqHKfIeecfZEmxxFPciIfVQtLWP4yldlqTjm3 LpVmrr0jUoV0BDpdWtnd1D8mygtReG5vU6w1xmsiWpJLPw1L4R1H4wkUHhzUzsdH Z7VMxwURe17RGBPO6hQTm2FsT+HogRVlSWRA5LqElhw0PgmsJOK79SUrtfr3Jzns NNQhMXqbCQCQru4ktpgYD5r/5F/bbIMboXLTBnVner3iluiczIEbmyH4mYor2BM+ nQvRJMB+Uowl93MtrwGVFKaBAxiQDOWpXhfVZI36AC6llKZHTsoc9s5Dpb4h1kqU QfqnEzRI4HTpDF3O8wc8/YrQslEvS5MMhALGOmiikDYwaNtbbn+JgyLkHWwFkP73 uMTP9IPVY+o9gMaJ3gkfEkvZUMU4gKZE+AdrMaAd/YZ1amWikdpjDM7WJT+XD/9H xoXxHzidmvPu1DqN5iF5 =vVGH -----END PGP SIGNATURE-----
--=-vY3UEkFxodJfO4ytuEP3--
--===============6711970493475647880== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6711970493475647880==--
|
|
|
|