Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in GIMP
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in GIMP
ID: USN-7209-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS
Datum: Do, 16. Januar 2025, 22:42
Referenzen: https://www.cve.org/CVERecord?id=CVE-2023-44441
https://ubuntu.com/security/notices/USN-7209-1
https://launchpad.net/ubuntu/+source/gimp-dds/3.0.1-1+deb10u1build0.22.04.1
https://launchpad.net/ubuntu/+source/gimp-dds/3.0.1-1+deb10u1build0.20.04.1
Applikationen: GIMP

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1634445751547889823==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------UreB2VGqasAerGCdonD7Pmnm"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------UreB2VGqasAerGCdonD7Pmnm
Content-Type: multipart/mixed;
 boundary="------------IloTFgcE8W0oWMLdtS3Piqi0";
 protected-headers="v1"
From: John Breton <john.breton@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <2d425512-e4d9-4cf9-bc72-531cc473beda@canonical.com>
Subject: [USN-7209-1] GIMP DDS Plugin vulnerability

--------------IloTFgcE8W0oWMLdtS3Piqi0
Content-Type: multipart/mixed;
 boundary="------------s0DXJveSxVuEU7LE7tNH5HFR"

--------------s0DXJveSxVuEU7LE7tNH5HFR
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7209-1
January 16, 2025

gimp-dds vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

The GIMP DDS Plugin could be made to crash or run programs as
your login if it opened a specially crafted file.

Software Description:
- gimp-dds: DDS (DirectDraw Surface) plugin for GIMP

Details:

Jacob Boerema discovered that the GIMP DDS Plugin incorrectly
processed DDS files due to a memory issue. An attacker could
exploit this through a specifically crafted DDS file to cause
GIMP to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
gimp-dds 3.0.1-1+deb10u1build0.22.04.1

Ubuntu 20.04 LTS
gimp-dds 3.0.1-1+deb10u1build0.20.04.1

Ubuntu 18.04 LTS
gimp-dds 3.0.1-1+deb10u1build0.18.04.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
gimp-dds 3.0.1-1+deb10u1build0.16.04.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7209-1
CVE-2023-44441

Package Information:
https://launchpad.net/ubuntu/+source/gimp-dds/3.0.1-1+deb10u1build0.22.04.1
https://launchpad.net/ubuntu/+source/gimp-dds/3.0.1-1+deb10u1build0.20.04.1


--------------s0DXJveSxVuEU7LE7tNH5HFR
Content-Type: application/pgp-keys;
 name="OpenPGP_0xF294825506581F28.asc"
Content-Disposition: attachment;
 filename="OpenPGP_0xF294825506581F28.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsFNBGdQrXIBEACdQtlt0q4nFuG/w6jmXuMpI5n1p/REUpoDI3Fu+2C1Ze46ieTM
zKl5rh0+/rEBvwGn5Ox1lcu/QnujnNznNQ0g4ZarPRl3kCA2SKeyqe2vj77sfMkj
3NCF9nlvJVR/j3LgWdo8eynohrkPH8nXazSyzyZRWnUSrn7OCKMZ8KLlkixM9Av/
58Z2lbzVxto3ehTEXprUSn+WZTuKLBuIIE4681Y0lDZbmhi6W0kQBn/kvAlND/ue
G9OLijCJFT7HbikxMtKhCK82cXCSw4SeGzdhkHFLa+QdKo9W/iWYyB9jT+zresxj
dfA6I/ZBvBINt7VJKxLgE18XGOiqq5TmlI4iadXv2umMBl8QAKuhA8qLBQDUdZx6
XWKO4w3xqPtzJ0fDX8OHopb0+QBtyUuxFAX+uFX0mpWbxkzjcEUxf16zN5EUwDD2
5c8Q7POoWKQWu1pA6JtBpkoPYTpdbg7lm+YIhonZLWdKduaaUXRjtRrbNRTvMZqq
dMNn1WSQzrT8/81CitcETIof1G/XA/ktwWDIqzPBgofyja/ffbOLf3V6GieqcaJK
oCaowBZeT1cSBw+xrpEIFiVywFFWbv0f5qWW0yOvYI2YVeckkcsJnsF19quAEgck
8zWOgaZJV8JTj0AmuvE1lqBIRBy3OVl/t7FiQ+0wduytN2U9EOvqaxoKlQARAQAB
zShKb2huIEJyZXRvbiA8am9obi5icmV0b25AY2Fub25pbmNhbC5jb20+wsGXBBMB
CgBBFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmdQrXICGwMFCQWjmoAFCwkIBwIC
IgIGFQoJCAsCBBYCAwECHgcCF4AACgkQ8pSCVQZYHygLpQ/9E+KzsXCYkHVtcHmq
S/Qyul2l3DID1Skl/4cuL33s8sQC+XQZxXCIYeXkDOhiDsx+cPwCB20c4GhMRkCw
kuefTI4vOg50HhcyuKVfm6WvETWMSEYXjM4lnVuRBNkn+XsfmRG9EPk1bIlwjl0L
SNY4zKvYAG9C8MZCyC2+Qz+9HQBR+0kR4Xc8Ei+PVHyuGJfdQN+b5lFghXG6zjKr
x0tMWpbh9pFpd0zIpWWNMtmiJQgb8nbxrY6KEdqzi3Jqc/1H0zN1+EpmIq3JNcKV
Icol4Y7tnqrkMe4Z2vhcYNdm6KyA7RqBJagYfjDKw2ZFyoZGVasbQb9mlFLHEU2p
joDq7wDrI2K4RLNen4XjxOfMVG+W7XQO4CmTLZUyEUVNRy6JLepYz8EHGeaDTAnq
OsIEDYnqYyHpweK1eZqhlJNNv6QquPqBS/jptGApkcgszH7I3pOhRVlZSRX4JRSm
DhulXJEpPv6dGSCOZsMtsLnKRinIt/LHAsgTYLvSJixQKN2Ji3hoQVufoCKI+Qs7
hWu5L3DHxCa7j5ta3kVyrtzXM1kltvd1vAuCGdO0dhI+nZOJ67D4F+BwiTDyWNOC
zM0mnHR63mC3phV6uQp2a5UzNsZFeb8l0RvhMWighQOj7pBgf8t3YNKxFb5j+p6Q
LaY1OCQl3/uho8dB5ySgLLU1hcnCwYMEMAEKAC0WIQTIwMc5MbRgflSxqMjylIJV
BlgfKAUCZ31mgw8dIHR5cG8gaW4gZW1haWwACgkQ8pSCVQZYHygw8w/9EMfmrGvD
oW0WrRc1+0LPKUjGvD/1iCmQ0b3iKJp5rtBEsKIXUKGLMKEi/KvJ1SUNqfGR4Dj9
rmrAYDX2f6roqx/YkqTfqABeYG1kHFHXfgCnxzDbIR6ZZYWKXmYjXgQgYwloJFeg
cot9/9Bims6k+zgZEtH/bxvULWerEuvkHaZiMsdOHzsiC/VdSXsW2RrH8V5cDH3Q
DRsB4YTP/9gdpWprthCWsk2AJUEj/uZNmkuCmRcfxyG4mRUxnFECU0dt1wd+XRmQ
0H8lKrz1hzKJdRh2qjU/4Debf08NDqBzBktaphlPMjXlqPAvIP5NXWAvRFJm27OS
LbYZtb32d2pGtu0ad0HI/B8Dqsv1x0TtUL5ymlnjaqXkajoaE7DWzL6XKsY5KStS
Eyhy/EC3dskBTLr9lPLBTGzkAFkGAjB/+H2saaleIKctrwjOgD0srr9YvDBduPZJ
yE03wEf3ensE6KZmc+HxBFxXz2AIQQKW/lVUC+UPmsb/8FWwmqcwJqczDHdIblEF
d4OPU2u2Go1qK0GQf2RddBj2SxN05ZvqJ0iw3cRAl5phXiLzro1aLYoum+lJrtNH
TQJeFJIyWe+dx/3BcQ42shzh7ap2Ipn9VGNf/EH17kJ97gRejbHN9XnfmM2MzRqs
HFAsaBAd8yZJYDsxR+rnN7/KjDGiWOnROHrNN0pvaG4gQnJldG9uIChjb3JyZWN0
IGVtYWlsKSA8am9obi5icmV0b25AY2Fub25pY2FsLmNvbT7CwZcEEwEKAEEWIQTI
wMc5MbRgflSxqMjylIJVBlgfKAUCZ31l3AIbAwUJBaOagAULCQgHAgIiAgYVCgkI
CwIEFgIDAQIeBwIXgAAKCRDylIJVBlgfKKoVD/97VtPeqs8Qg84l3Ca83FZIa3Hd
GcRCdhGR0dZ3P1xwMnfk3phFyvewSIPYD+bJDlX97z1gxNUnt0GPvpTYyjAL4uVe
Yxb0jY68aUtZ6zBccKXDy+jR/8OxWgU9Ulip+LTumVuq8OD6sWIj44hzuSmdH3eC
kzsqj6f5ay8SG5BR1EPJjJnAysrWlJx5j95kep+an/19+rto0t5ZGAfbmHHNPExj
JbkQnTra88nUiIKRWuwyG3X2kvxL392BYm7S6cxoMADtrkS2ZSogLBBrddIL5Jfb
tyS7R5gng7Uy3MTXlwZL6WYNwFX3bAk01DYV2sOn9hFG0Xh/aGx26PFw2I/YA76x
AdHXcxdb+1JwTu+REOSMuvEb0M0N+anEsrWvV4BcY/UgShgtEE5+3OT6dKl62g8v
1G/jrXNz6cwbqiJoWi0U6gwsS4zgi8pXO8iCKSLMbf8/kfH1Yo0mSGGtTqt9gotU
ULM/snjT3Fb4me/VcVkqOW0viwCMyp6NXdgbAnd+3Lxk9JQgn8Z9FqLIojE7Qjzm
aHHK3syhGjcmLmfTFaEpbqOon5iPPjdYgmz1+FAWxekU1M53yoFed0jZEt132aHT
Vz5IsJNu6aDmDbxGKARBk6+PPSDl/D5ExPUEX2TSo648lCSNP03NVlR5mToPVXxJ
1rJ/JjmcDg1VqAaKLM7BTQRnUz5jARAAvhXhR4FxcGnlv0lmEa+WL+5Sf/ygpFm5
tFHnyXJWQA3nXCJNGkibvCM03iyY8cax6MwLG0faQ9xEqu1vphigyj8kdpAcGkIn
ezZWyy2e4XpWg7R3CJXRO/teGpCjxkrJ462NwQD2qFAbxe5MzgyzsmKoeEigUmod
2QGzT4nGRqdAklZ/byMAVs+eyF7X+7hUERCgHATpMELvgcSQdUV/lgrQX0g/UV+9
1CtLlTZ5RYHOlqJEb/2VBkKqXP821UV+wScwmAWOIXHRuGsqzyIb2ZB1/VLhEFEM
xxsr+nrgjuzOWS2/jXrn9fSHMYlmW3TGmX9+53UNXhtsyT2FFYOc7SzwEwUDqadW
johTv3slOj2vsAIW6NFQY2TjjleZFm3lQPiNDtuWZlmL3Qxz5/TDqTrSb5FHJIEN
81R8OYXzy4QDPJKm553ZKOfGKvhj3DV8BlzRJ83nZ3VcduBlnCMv1SMh8wdf39jI
F33JTUqjhIuZHzs+VEYofORH+Q8witwCctH5tiJL9i5feAL04bKxH7wsnnwSl9kE
eh/okSLWIglZ1JYJov/8hAnlx65DhYuBuX7s6YDaN6bcEBjJcHFQSILzFz1ulaI1
Vp17Nufsb2gOTBX8wK5K1RBP717r48P4GCHzXK8dnWuFnWAPsiJ2K74aPQ3Ei0N7
4pNp1IfxB4cAEQEAAcLBdgQYAQoAIBYhBMjAxzkxtGB+VLGoyPKUglUGWB8oBQJn
Uz5jAhsMAAoJEPKUglUGWB8o5dkP/28eg2EoE/+/svXsQ/apsYClkvuvVUsB6klm
HWz1B8S4kRJzwDmF2CUvttNT8PDXARdXaExxYFWU4DrptJNTwCkxMYGJOBCXAnVb
T9CXFSe2Uz4Gopb55cmWE/xGPWzeBlnt7A3ImJjYI04C2cPXOF8hceGd9mg6hV23
Fj9q2FdAgO82D4k+HRixhkH0Rk/bHc9a0FKKUUbv97gGTmHo6K4idPHeBobZYYYO
0AS/H0t/ea5Ty5+sDu3O2fjecou6L1dgW6oFK68Tep3Vz+sxI3JVTLMcxNh/hxxk
pTvtREFc/6Zo+PFLhuPkbAPJeZvZSG1viHkvxCfPuvySDTvi/htf3TiM9yEWgUkS
iDQAy4upf/a0B+t3BSapndFNsT+8j5UinY7ux8HiGrhO5t7Br3EMmpvgStkB4v57
LkNXiwkc899ZYlC1lFOTbVgHI4uH3GTWxVjGxZoq3Bda3JTDxTpC+PM+jK5cWDbO
/bieXm+zeA8/Go7vSE4kbj4tDEWpXhcnj7uc274xMepQIaPSEP32jPkDUzwD1804
GaJXC/ChkMykYmdEORRH4EfLlS9W+pBuFtktNhWGwdIVaOqVHMDi3jncz1sBsveC
Nwtt7tlhxUEPfMUiH8NznH2aeFll7obgX6/yu0Vg6h+d7HBIwY9WdXyMqm/rWATk
X5TWH5FT
=3DNpqL
-----END PGP PUBLIC KEY BLOCK-----

--------------s0DXJveSxVuEU7LE7tNH5HFR--

--------------IloTFgcE8W0oWMLdtS3Piqi0--

--------------UreB2VGqasAerGCdonD7Pmnm
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmeJT0kFAwAAAAAACgkQ8pSCVQZYHyi0
nQ//eIlenPc2EbRNFmTvCQ6Gf3FYCxopYsj4+kyQwjHmuMxeR3JWx/b6KZQ4bjz44D/2xViL5QwQ
qXytyO1LE4IMId2OxKApGTWMTLyl8D/+p4WSVQdsMeOcqplSMlNOVomBfJJlE8b2+vhhXQCawPV0
ypJQpDzR6K8qp5PPMWHdlBUheUx0/uqYE7V0vJ6O2nvmMJsGnIa7yhzrsjzhlwAdiZA87rzWBs4O
o57AzqdPSOyluCSn8NHDG1YdBN9fJPJ1ciTchUeL8BS6vNmwDmmyKvuplLwi3IsDqs6APlTNQCdB
Wi9bRuz5cq02Yx6iTBKXA6mFgcMLxSYxvXFavRL+EbULoPoZodEZWBNB660no6RZj8EulmltwMWB
Et/9k4Zy9D8MfaD5bPB2yCNzoFVpmjZR99KyIUePI7MOID37PymfA/UwfpwNM2DfPB3zhbJgwUj3
Klr/2VHmFZEqfRu4E+qBP9Mh++u7jKn45sfgtF5xLT6mv2JVxFsLHAaFYmGeEUxbDnpQRB1tmmTk
BdEKi5SZrmmNBvndO4RM5l/aPRFdHy6SEbDVRQtKZncrd4dU4nf54RPJGeS21vHqptyPR1g/6BNP
s4QpK1DkGm13FbErTVudZlCeOmnNzq5gepUUtnddwGoc3IbhUHa55oYuGo3F4/dUJ2vNImAwJfHi
Bj8=
=9cWi
-----END PGP SIGNATURE-----

--------------UreB2VGqasAerGCdonD7Pmnm--


--===============1634445751547889823==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============1634445751547889823==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung