MDVSA-2009:332-1

Package name

gimp

Date

2010-04-28

Advisory ID

MDVSA-2009:332-1

Affected versions

2009.0 x86_64 , 2009.0 i586

Problem description

A vulnerability was discovered and corrected in gimp:

Integer overflow in the read_channel_data function in
plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers
to execute arbitrary code via a crafted PSD file that triggers a
heap-based buffer overflow (CVE-2009-3909).

Additionally the patch for CVE-2009-1570 in MDVSA-2009:296 was
incomplete, this update corrects this as well.

This update provides a solution to this vulnerability.

Update:

Packages for 2009.0 are provided due to the Extended Maintenance
Program.

Updated packages

2009.0 x86_64

 48c32dcef5d236f61752b61f7425fd1a  2009.0/x86_64/gimp-2.4.7-1.1mdv2009.0.x86_64.rpm
 2664b2c3a85abad3e8945d82a895c3f0  2009.0/x86_64/gimp-python-2.4.7-1.1mdv2009.0.x86_64.rpm
 c48c2b71945dbb6e9fab5f419689aa78  2009.0/x86_64/lib64gimp2.0_0-2.4.7-1.1mdv2009.0.x86_64.rpm
 d23bd89da73160a8e905317813b41a7b  2009.0/x86_64/lib64gimp2.0-devel-2.4.7-1.1mdv2009.0.x86_64.rpm 
 a9003d4d72d0a259fc4f3c395dbf1823  2009.0/SRPMS/gimp-2.4.7-1.1mdv2009.0.src.rpm

2009.0 i586

 08f37521c1ba172d6eda620d925a9048  2009.0/i586/gimp-2.4.7-1.1mdv2009.0.i586.rpm
 9b6fe73b7858ce50341efdf30ffb6db8  2009.0/i586/gimp-python-2.4.7-1.1mdv2009.0.i586.rpm
 69d49ca77ba5285eae05d59ecf210d13  2009.0/i586/libgimp2.0_0-2.4.7-1.1mdv2009.0.i586.rpm
 8073bbabb60927b11cd958fa045aaafe  2009.0/i586/libgimp2.0-devel-2.4.7-1.1mdv2009.0.i586.rpm 
 a9003d4d72d0a259fc4f3c395dbf1823  2009.0/SRPMS/gimp-2.4.7-1.1mdv2009.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3909