Support / Sécurité / Annonces de sécurité / Mandriva Enterprise Server 5 / MDVSA-2011:110

Nom du paquet: gimp
Date: 2011-06-17
Advisory ID: MDVSA-2011:110
Affected versions: 2009.0 x86_64 , 2009.0 i586 , MES5 i586 , MES5 x86_64

Problem description

A vulnerability was discovered and corrected in gimp:

Multiple integer overflows in the load_image function in file-pcx.c in
the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier
allow remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted PCX image
that triggers a heap-based buffer overflow (CVE-2011-1178).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Updated packages

2009.0 x86_64

 16c127300e7973ce0b47977335611e93  2009.0/x86_64/gimp-2.4.7-1.3mdv2009.0.x86_64.rpm
 1afc2719e493ece7cb494a4ce9fc8934  2009.0/x86_64/gimp-python-2.4.7-1.3mdv2009.0.x86_64.rpm
 bf51dab0a1d4887a97ed93daa793bc3c  2009.0/x86_64/lib64gimp2.0_0-2.4.7-1.3mdv2009.0.x86_64.rpm
 38f179ba13dd4f38addc6465efcbf2a7  2009.0/x86_64/lib64gimp2.0-devel-2.4.7-1.3mdv2009.0.x86_64.rpm 
 d94edc4e4fe007343c33c721f6fcc90c  2009.0/SRPMS/gimp-2.4.7-1.3mdv2009.0.src.rpm

2009.0 i586

 4c9305c7347c24e75b82bcead3fd673f  2009.0/i586/gimp-2.4.7-1.3mdv2009.0.i586.rpm
 b3f3d0ce56d58f3c587409629f06b964  2009.0/i586/gimp-python-2.4.7-1.3mdv2009.0.i586.rpm
 c61dacfce239be6994e21e66827ea73a  2009.0/i586/libgimp2.0_0-2.4.7-1.3mdv2009.0.i586.rpm
 36310fc05e0c0f376002dcb079c4a18c  2009.0/i586/libgimp2.0-devel-2.4.7-1.3mdv2009.0.i586.rpm 
 d94edc4e4fe007343c33c721f6fcc90c  2009.0/SRPMS/gimp-2.4.7-1.3mdv2009.0.src.rpm

MES5 i586

 825ca9372a13f882422c26758a747dc9  mes5/i586/gimp-2.4.7-1.3mdvmes5.2.i586.rpm
 45ef496e085d9c61c55ddcb8d74c5a83  mes5/i586/gimp-python-2.4.7-1.3mdvmes5.2.i586.rpm
 9dcf9cf73c871568cacf21ecf1980a08  mes5/i586/libgimp2.0_0-2.4.7-1.3mdvmes5.2.i586.rpm
 086306b3db13a8af96b2dae41f4bc25b  mes5/i586/libgimp2.0-devel-2.4.7-1.3mdvmes5.2.i586.rpm 
 78151064220c0c940d9b896d73c78a6a  mes5/SRPMS/gimp-2.4.7-1.3mdvmes5.2.src.rpm

MES5 x86_64

 6330ae666ff8b8fc8ea5067b1b0b836b  mes5/x86_64/gimp-2.4.7-1.3mdvmes5.2.x86_64.rpm
 04ab0eeb27b2874c524738286aa5f054  mes5/x86_64/gimp-python-2.4.7-1.3mdvmes5.2.x86_64.rpm
 3b6c31ceb86ae9ea438877591a52f3b7  mes5/x86_64/lib64gimp2.0_0-2.4.7-1.3mdvmes5.2.x86_64.rpm
 9e5419c70d4a4420a28ac8f4d17e0b04  mes5/x86_64/lib64gimp2.0-devel-2.4.7-1.3mdvmes5.2.x86_64.rpm 
 78151064220c0c940d9b896d73c78a6a  mes5/SRPMS/gimp-2.4.7-1.3mdvmes5.2.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1178