MDVSA-2009:296-1
- Package name
- gimp
- Date
- 2009-12-11
- Advisory ID
- MDVSA-2009:296-1
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
A vulnerability was discovered and corrected in gimp:
Integer overflow in the ReadImage function in
plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers
to execute arbitrary code via a BMP file with crafted width and height
values that trigger a heap-based buffer overflow (CVE-2009-1570).
This update provides a solution to this vulnerability.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
Updated packages
2008.0 i586
96671d703538682ce397c73f7983d574 2008.0/i586/gimp-2.4.0-0.rc2.3.1mdv2008.0.i586.rpm bdf1df745d007cf6ce8a405a995e17cd 2008.0/i586/gimp-python-2.4.0-0.rc2.3.1mdv2008.0.i586.rpm 9cb17fb52734e201dff4d22ffe5d01c2 2008.0/i586/libgimp2.0_0-2.4.0-0.rc2.3.1mdv2008.0.i586.rpm 65e5ae11c931e01a8e1afee1893a5ea9 2008.0/i586/libgimp2.0-devel-2.4.0-0.rc2.3.1mdv2008.0.i586.rpm b6f660fdd8ea90cef3423431a29052af 2008.0/SRPMS/gimp-2.4.0-0.rc2.3.1mdv2008.0.src.rpm
2008.0 x86_64
dd0803d3e25de874fe010e9146e324b1 2008.0/x86_64/gimp-2.4.0-0.rc2.3.1mdv2008.0.x86_64.rpm 44dd4d0dabaf57326a8a75aa4a2a7c4e 2008.0/x86_64/gimp-python-2.4.0-0.rc2.3.1mdv2008.0.x86_64.rpm 9f1cd5b01de2b3084868d80ee1849dff 2008.0/x86_64/lib64gimp2.0_0-2.4.0-0.rc2.3.1mdv2008.0.x86_64.rpm 2d379204ab7a67b801b55051142ee09e 2008.0/x86_64/lib64gimp2.0-devel-2.4.0-0.rc2.3.1mdv2008.0.x86_64.rpm b6f660fdd8ea90cef3423431a29052af 2008.0/SRPMS/gimp-2.4.0-0.rc2.3.1mdv2008.0.src.rpm