Paketname
gimp
Datum
2007-08-23
Advisory ID
MDKSA-2007:170
Betroffene Versionen
2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 2007.1 x86_64

Problembeschreibung

Multiple integer overflows in the image loader plug-ins in GIMP before
2.2.16 allow user-assisted remote attackers to execute arbitrary code
via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP,
(5) Sun RAS, (6) XBM, and (7) XWD files. (CVE-2006-4519)

Integer overflow in the seek_to_and_unpack_pixeldata function in
the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute
arbitrary code via a crafted PSD file that contains a large (1)
width or (2) height value. (CVE-2007-2949)

Victor Stinner has discovered several flaws in file plug-ins using
his fuzzyfier tool fusil. Several modified image files cause the
plug-ins to crash or consume excessive amounts of memory due to
insufficient input validation. Affected plug-ins: bmp, pcx, psd, psp
(*.tub). (CVE-2007-3741)

Updated packages have been patched to prevent these issues.

Aktualisierte Pakete

2007.0 x86_64

 3b0a82327d1c57c9d92edf2810502cc2  2007.0/x86_64/gimp-2.3.10-6.4mdv2007.0.x86_64.rpm
 aa6969a3c734d5233ea1bf918068b655  2007.0/x86_64/gimp-python-2.3.10-6.4mdv2007.0.x86_64.rpm
 28086552988cf08d50a2196a5683a893  2007.0/x86_64/lib64gimp2.0-devel-2.3.10-6.4mdv2007.0.x86_64.rpm
 f85032c7fe1e839c7dae7f0f4f71b19d  2007.0/x86_64/lib64gimp2.0_0-2.3.10-6.4mdv2007.0.x86_64.rpm 
 6ff93a240bbed2cb1f2a7d43db465c5b  2007.0/SRPMS/gimp-2.3.10-6.4mdv2007.0.src.rpm

2007.1 i586

 8b2d18fbd2ec2d1d75467c875b51194a  2007.1/i586/gimp-2.3.14-3.3mdv2007.1.i586.rpm
 eafdff0cbdfa2c5987083d66aab6acf7  2007.1/i586/gimp-python-2.3.14-3.3mdv2007.1.i586.rpm
 0547d89384937df347d4bc0141c4ad58  2007.1/i586/libgimp2.0-devel-2.3.14-3.3mdv2007.1.i586.rpm
 efde967b2b2f0600b6f6637c0d234a01  2007.1/i586/libgimp2.0_0-2.3.14-3.3mdv2007.1.i586.rpm 
 23426e0e7ef3735cb4392aab2631122b  2007.1/SRPMS/gimp-2.3.14-3.3mdv2007.1.src.rpm

2007.0 i586

 bf9edb14123c54a69c8b767e4ff9b59b  2007.0/i586/gimp-2.3.10-6.4mdv2007.0.i586.rpm
 25c09088a30f1ac4a619671f971abd65  2007.0/i586/gimp-python-2.3.10-6.4mdv2007.0.i586.rpm
 b406215f9a2fd22d48bd28cd2b7aa5c1  2007.0/i586/libgimp2.0-devel-2.3.10-6.4mdv2007.0.i586.rpm
 493176b6d9268753888d5ed88fe82d73  2007.0/i586/libgimp2.0_0-2.3.10-6.4mdv2007.0.i586.rpm 
 6ff93a240bbed2cb1f2a7d43db465c5b  2007.0/SRPMS/gimp-2.3.10-6.4mdv2007.0.src.rpm

CS3.0 x86_64

 7d6a3c0448b39a0b3194a73dbf9e5b19  corporate/3.0/x86_64/gimp-1.2.5-13.4.C30mdk.x86_64.rpm
 4e243e82b04fdddf71845d04c75595cf  corporate/3.0/x86_64/gimp-doc-1.2.5-13.4.C30mdk.x86_64.rpm
 ac826ac35fe04e0bc591cb4612cbe30d  corporate/3.0/x86_64/gimp-perl-1.2.5-13.4.C30mdk.x86_64.rpm
 c9d1fb6e82830ce6502ec1cc56a99b43  corporate/3.0/x86_64/lib64gimp1.2-1.2.5-13.4.C30mdk.x86_64.rpm
 3ab4ea172a56d2e4d85025e65c8fdd91  corporate/3.0/x86_64/lib64gimp1.2_1-1.2.5-13.4.C30mdk.x86_64.rpm
 bb3d1d4b0bd1519bc452e08bae9b23a5  corporate/3.0/x86_64/lib64gimp1.2_1-devel-1.2.5-13.4.C30mdk.x86_64.rpm 
 df25d5dc833ca512a0d31f839bdf7474  corporate/3.0/SRPMS/gimp-1.2.5-13.4.C30mdk.src.rpm

CS3.0 i586

 0dcdab9693c953ac71ffd48f3df99502  corporate/3.0/i586/gimp-1.2.5-13.4.C30mdk.i586.rpm
 c7911c3c8d3cbf6c7c0a996e24fd2f0b  corporate/3.0/i586/gimp-doc-1.2.5-13.4.C30mdk.i586.rpm
 106fef8a8de6f8c18acbdfee686acf37  corporate/3.0/i586/gimp-perl-1.2.5-13.4.C30mdk.i586.rpm
 d1dfe6d9f1399bffcc6da9a775104312  corporate/3.0/i586/libgimp1.2-1.2.5-13.4.C30mdk.i586.rpm
 1d000ff63592903fd2f761d838699fea  corporate/3.0/i586/libgimp1.2_1-1.2.5-13.4.C30mdk.i586.rpm
 97b6a130d96da091eb26da1ac54ebcd4  corporate/3.0/i586/libgimp1.2_1-devel-1.2.5-13.4.C30mdk.i586.rpm 
 df25d5dc833ca512a0d31f839bdf7474  corporate/3.0/SRPMS/gimp-1.2.5-13.4.C30mdk.src.rpm

2007.1 x86_64

 4828d4abf93c14331f7f17be448c2ab8  2007.1/x86_64/gimp-2.3.14-3.3mdv2007.1.x86_64.rpm
 07ec9f3807b3732767c56882c5700af7  2007.1/x86_64/gimp-python-2.3.14-3.3mdv2007.1.x86_64.rpm
 275cdb72761ed809e21c495bef4aebe7  2007.1/x86_64/lib64gimp2.0-devel-2.3.14-3.3mdv2007.1.x86_64.rpm
 bc21d6fe79269a20a4e8cf581ec15e73  2007.1/x86_64/lib64gimp2.0_0-2.3.14-3.3mdv2007.1.x86_64.rpm 
 23426e0e7ef3735cb4392aab2631122b  2007.1/SRPMS/gimp-2.3.14-3.3mdv2007.1.src.rpm

Referenzen