drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in GIMP
Name: |
Mehrere Probleme in GIMP |
|
ID: |
FEDORA-2011-10782 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 14 |
|
Datum: |
Di, 23. August 2011, 10:36 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896 |
|
Applikationen: |
GIMP |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-10782 2011-08-13 01:57:43 ------------------------------------------------------------------------------- -
Name : gimp Product : Fedora 14 Version : 2.6.11 Release : 21.fc14 URL : http://www.gimp.org/ Summary : GNU Image Manipulation Program Description : GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.
------------------------------------------------------------------------------- - Update Information:
This update adds checks to avoid heap corruption and buffer overflows when loading GIF image files (CVE-2011-2896). Additionally, it fixes a bug which caused GIMP to print an unnecessary warning to the command line on startup. ------------------------------------------------------------------------------- - ChangeLog:
* Fri Aug 12 2011 Nils Philippsen <nils@redhat.com> - 2:2.6.11-21 - actually apply startup-warning patch - fix heap corruption and buffer overflow in file-gif-load plugin (CVE-2011-2896) * Thu Aug 4 2011 Nils Philippsen <nils@redhat.com> - 2:2.6.11-20 - fix goption warning on startup, patch by Mikael Magnusson * Wed Aug 3 2011 Nils Philippsen <nils@redhat.com> - 2:2.6.11-19 - remove obsolete gtkhtml2-devel build requirement * Fri Jul 15 2011 Marek Kasik <mkasik@redhat.com> - 2:2.6.11-18 - Rebuild (poppler-0.17.0) * Fri Jun 24 2011 Nils Philippsen <nils@redhat.com> - 2:2.6.11-17 - rebuild against new cfitsio * Fri Jun 10 2011 Nils Philippsen <nils@redhat.com> - 2:2.6.11-16 - guard against crash due to quitting while DND is processed (#711952) * Tue Jun 7 2011 Nils Philippsen <nils@redhat.com> - 2:2.6.11-15 - drop support for building with non-modular X - ensure file-xpm plugin is built (#710207) * Mon May 23 2011 Nils Philippsen <nils@redhat.com> - 2:2.6.11-14 - fix buffer overflows in sphere-designer (CVE-2010-4541), gfig (CVE-2010-4542), lighting (CVE-2010-4540) plugins * Mon May 23 2011 Nils Philippsen <nils@redhat.com> - 2:2.6.11-13 - harden PSP plugin against bogus input data (CVE-2010-4543, CVE-2011-1782) * Sat May 7 2011 Christopher Aillon <caillon@redhat.com> - 2:2.6.11-12 - Update desktop database, icon cache scriptlets * Fri May 6 2011 Nils Philippsen <nils@redhat.com> - 2:2.6.11-11 - simplify poppler-0.17 patch to avoid adding to libgimp (#698157) * Wed May 4 2011 Nils Philippsen <nils@redhat.com> - 2:2.6.11-10 - don't use poppler/gdk_pixbuf API removed in poppler >= 0.17 (#698157) - remove obsolete configure options * Tue Mar 15 2011 Nils Philippsen <nils@redhat.com> - 2:2.6.11-9 - don't use HAL from F-16/RHEL-7 on - explicitly use GIO/GVFS rather than gnome-vfs * Sun Mar 13 2011 Marek Kasik <mkasik@redhat.com> - 2:2.6.11-8 - Rebuild (poppler-0.16.3) * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:2.6.11-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Wed Feb 2 2011 Nils Philippsen <nils@redhat.com> - 2:2.6.11-6 - avoid traceback in pyslice plugin (#667958) * Sat Jan 1 2011 Rex Dieter <rdieter@fedoraproject.org> - 2:2.6.11-5 - rebuild (poppler) * Wed Dec 15 2010 Rex Dieter <rdieter@fedoraproject.org> - 2:2.6.11-4 - rebuild (poppler) * Tue Nov 9 2010 Nils Philippsen <nils@redhat.com> - 2:2.6.11-3 - avoid traceback in colorxhtml plugin (#651002) * Sat Nov 6 2010 Rex Dieter <rdieter@fedoraproject.org> - 2:2.6.11-2 - rebuilt (poppler) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #727800 - CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=727800 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update gimp' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|