Support / Sécurité / Annonces de sécurité / Mandriva Linux 2009.1 / MDVSA-2009:332

Nom du paquet: gimp
Date: 2009-12-11
Advisory ID: MDVSA-2009:332
Affected versions: 2009.1 i586 , 2009.1 x86_64 , 2010.0 x86_64 , 2010.0 i586

Problem description

A vulnerability was discovered and corrected in gimp:

Integer overflow in the read_channel_data function in
plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers
to execute arbitrary code via a crafted PSD file that triggers a
heap-based buffer overflow (CVE-2009-3909).

Additionally the patch for CVE-2009-1570 in MDVSA-2009:296 was
incomplete, this update corrects this as well.

This update provides a solution to this vulnerability.

Updated packages

2009.1 i586

 fa558f5ff6967b9b2e1339be5edb4dae  2009.1/i586/gimp-2.6.6-3.2mdv2009.1.i586.rpm
 1810d6d75ccaa4be789331652e2e646b  2009.1/i586/gimp-python-2.6.6-3.2mdv2009.1.i586.rpm
 5f3aa201fd430a9d2292c60106a7cd4f  2009.1/i586/libgimp2.0_0-2.6.6-3.2mdv2009.1.i586.rpm
 f7fbcaf7ec8c86f2ca2a385d29e0f832  2009.1/i586/libgimp2.0-devel-2.6.6-3.2mdv2009.1.i586.rpm 
 5a4bb71d1ea5aa452225c2e9f1e37346  2009.1/SRPMS/gimp-2.6.6-3.2mdv2009.1.src.rpm

2009.1 x86_64

 e6d85646179c119353ce6b84e37f5906  2009.1/x86_64/gimp-2.6.6-3.2mdv2009.1.x86_64.rpm
 2dea8cbca0edd767c7e28ed5b8f4821f  2009.1/x86_64/gimp-python-2.6.6-3.2mdv2009.1.x86_64.rpm
 b92fe0290e5e9d23f7fe55e821d56dd4  2009.1/x86_64/lib64gimp2.0_0-2.6.6-3.2mdv2009.1.x86_64.rpm
 85c9c31b5f8ef1b9462c7e7ad7ab89d0  2009.1/x86_64/lib64gimp2.0-devel-2.6.6-3.2mdv2009.1.x86_64.rpm 
 5a4bb71d1ea5aa452225c2e9f1e37346  2009.1/SRPMS/gimp-2.6.6-3.2mdv2009.1.src.rpm

2010.0 x86_64

 847d2a698c76b51de51d58c0e81bb738  2010.0/x86_64/gimp-2.6.7-4.2mdv2010.0.x86_64.rpm
 762c98f5123f022a2def25e04500eed9  2010.0/x86_64/gimp-python-2.6.7-4.2mdv2010.0.x86_64.rpm
 4624eddf6ceefcc86cffc9dc1e0284b6  2010.0/x86_64/lib64gimp2.0_0-2.6.7-4.2mdv2010.0.x86_64.rpm
 a958ee9fe15c253c12f6f875ef23363c  2010.0/x86_64/lib64gimp2.0-devel-2.6.7-4.2mdv2010.0.x86_64.rpm 
 9f70e273efe492b8261d369f6812dccd  2010.0/SRPMS/gimp-2.6.7-4.2mdv2010.0.src.rpm

2010.0 i586

 0937992f9dac9759e581a8fe3da308f9  2010.0/i586/gimp-2.6.7-4.2mdv2010.0.i586.rpm
 e00452005dd8c438416a4cb4dfdf4237  2010.0/i586/gimp-python-2.6.7-4.2mdv2010.0.i586.rpm
 e88978c421174f022081683e22fd8c22  2010.0/i586/libgimp2.0_0-2.6.7-4.2mdv2010.0.i586.rpm
 ca93895eda99b5285e570a82b8044c4e  2010.0/i586/libgimp2.0-devel-2.6.7-4.2mdv2010.0.i586.rpm 
 9f70e273efe492b8261d369f6812dccd  2010.0/SRPMS/gimp-2.6.7-4.2mdv2010.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3909