Nom du paquet
gimp
Date
2013-04-09
Advisory ID
MDVSA-2013:082
Affected versions
MBS1 x86_64

Problem description

Updated gimp packages fix security vulnerabilities:

An integer overflow flaw, leading to a heap-based buffer overflow,
was found in the GIMP's GIF image format plug-in. An attacker could
create a specially-crafted GIF image file that, when opened, could
cause the GIF plug-in to crash or, potentially, execute arbitrary
code with the privileges of the user running the GIMP (CVE-2012-3481).

A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
file format plug-in. An attacker could create a specially-crafted
KiSS palette file that, when opened, could cause the CEL plug-in to
crash or, potentially, execute arbitrary code with the privileges of
the user running the GIMP (CVE-2012-3403).

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash)
via a malformed XTENSION header of a .fit file, as demonstrated using
a long string. (CVE-2012-3236)

GIMP 2.8.2 and earlier is vulnerable to memory corruption when
reading XWD files, which could lead even to arbitrary code execution
(CVE-2012-5576).

Additionally it fixes partial translations in several languages.

This gimp update provides the stable maintenance release 2.8.2 which
fixes the above security issues.

Updated packages

MBS1 x86_64

 b6feb9325ec35061c8fd141ed087d34d  mbs1/x86_64/gimp-2.8.2-1.mbs1.x86_64.rpm
 24b3672de4e5459df91b0469f157f6c3  mbs1/x86_64/gimp-python-2.8.2-1.mbs1.x86_64.rpm
 10d4bb699ab618df258d631e15f5ad33  mbs1/x86_64/lib64gimp2.0_0-2.8.2-1.mbs1.x86_64.rpm
 e95694c1294b4be5239d2f9ceaee8261  mbs1/x86_64/lib64gimp2.0-devel-2.8.2-1.mbs1.x86_64.rpm 
 a0666cee8a1a83ae2c251824e8a1faac  mbs1/SRPMS/gimp-2.8.2-1.mbs1.src.rpm

References