MDVSA-2009:296

Package name

gimp

Date

2009-11-13

Advisory ID

MDVSA-2009:296

Affected versions

MES5 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.1 x86_64 , MES5 x86_64

Problem description

A vulnerability was discovered and corrected in gimp:

Integer overflow in the ReadImage function in
plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers
to execute arbitrary code via a BMP file with crafted width and height
values that trigger a heap-based buffer overflow (CVE-2009-1570).

This update provides a solution to this vulnerability.

Updated packages

MES5 i586

 f50aef592a242933e2755d6635427399  mes5/i586/gimp-2.4.7-1.1mdvmes5.i586.rpm
 cea5c73cf0f13d370cbdc48968d14ce7  mes5/i586/gimp-python-2.4.7-1.1mdvmes5.i586.rpm
 a8370cf7edf2227fb367c9a1514453ee  mes5/i586/libgimp2.0_0-2.4.7-1.1mdvmes5.i586.rpm
 e59ca76d659dcdce759b8dfa62a1d9f9  mes5/i586/libgimp2.0-devel-2.4.7-1.1mdvmes5.i586.rpm 
 37fda93cf9ed71fa29ef3ab116d70769  mes5/SRPMS/gimp-2.4.7-1.1mdvmes5.src.rpm

2010.0 x86_64

 0dbc4ee2e958ddfbcb3a9bd4d96f9212  2010.0/x86_64/gimp-2.6.7-4.1mdv2010.0.x86_64.rpm
 896b78a5ae1f4d8474629fd2ba80e9f0  2010.0/x86_64/gimp-python-2.6.7-4.1mdv2010.0.x86_64.rpm
 d9532b3a4df579c5feab0e9fb1597249  2010.0/x86_64/lib64gimp2.0_0-2.6.7-4.1mdv2010.0.x86_64.rpm
 5c1b0b49afca34547cf6d9ade7cbd434  2010.0/x86_64/lib64gimp2.0-devel-2.6.7-4.1mdv2010.0.x86_64.rpm 
 143714e2ffff6d049c3b62b2d65a0c3c  2010.0/SRPMS/gimp-2.6.7-4.1mdv2010.0.src.rpm

2010.0 i586

 8e2057d580d8d5732687d1580b3da6b7  2010.0/i586/gimp-2.6.7-4.1mdv2010.0.i586.rpm
 9c4cc91afaba0967bbbfc301214d7065  2010.0/i586/gimp-python-2.6.7-4.1mdv2010.0.i586.rpm
 cf6fd4ef23944949095dd2b6dd19193c  2010.0/i586/libgimp2.0_0-2.6.7-4.1mdv2010.0.i586.rpm
 ff4531713e2f0d3f07c5dcf6ed212dce  2010.0/i586/libgimp2.0-devel-2.6.7-4.1mdv2010.0.i586.rpm 
 143714e2ffff6d049c3b62b2d65a0c3c  2010.0/SRPMS/gimp-2.6.7-4.1mdv2010.0.src.rpm

2009.1 i586

 883361c0357f4eada0045fd97fb5efbf  2009.1/i586/gimp-2.6.6-3.1mdv2009.1.i586.rpm
 13e8b2b9d8f7fe940caa4306240f15ae  2009.1/i586/gimp-python-2.6.6-3.1mdv2009.1.i586.rpm
 ef86532635e5fdc4a18c5a8ba333747a  2009.1/i586/libgimp2.0_0-2.6.6-3.1mdv2009.1.i586.rpm
 e706dfdb96e53012aa76e7f2e8b31afc  2009.1/i586/libgimp2.0-devel-2.6.6-3.1mdv2009.1.i586.rpm 
 ee6089191e32c30b460980599fa4519a  2009.1/SRPMS/gimp-2.6.6-3.1mdv2009.1.src.rpm

2009.1 x86_64

 ab041fd27230d29de9f935ddc6534195  2009.1/x86_64/gimp-2.6.6-3.1mdv2009.1.x86_64.rpm
 d40cede468a59a403d041e02e50aff10  2009.1/x86_64/gimp-python-2.6.6-3.1mdv2009.1.x86_64.rpm
 0a3ab21124ff0bf8471cf999e307cb39  2009.1/x86_64/lib64gimp2.0_0-2.6.6-3.1mdv2009.1.x86_64.rpm
 2ff4b0ca8acde92978f218759f2b5245  2009.1/x86_64/lib64gimp2.0-devel-2.6.6-3.1mdv2009.1.x86_64.rpm 
 ee6089191e32c30b460980599fa4519a  2009.1/SRPMS/gimp-2.6.6-3.1mdv2009.1.src.rpm

MES5 x86_64

 2e814f6d61b1b34c234a230e2dc925b2  mes5/x86_64/gimp-2.4.7-1.1mdvmes5.x86_64.rpm
 dc12989ce4733362d7ef1f6f3bfed0c4  mes5/x86_64/gimp-python-2.4.7-1.1mdvmes5.x86_64.rpm
 d4ad33dc97447137e1903790ea8315d8  mes5/x86_64/lib64gimp2.0_0-2.4.7-1.1mdvmes5.x86_64.rpm
 10d169f3ee2fcb66b6340e7b9f5b00c4  mes5/x86_64/lib64gimp2.0-devel-2.4.7-1.1mdvmes5.x86_64.rpm 
 37fda93cf9ed71fa29ef3ab116d70769  mes5/SRPMS/gimp-2.4.7-1.1mdvmes5.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570
• http://secunia.com/secunia_research/2009-42/