-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:103 http://www.mandriva.com/security/ _______________________________________________________________________ Package : gimp Date : May 29, 2011 Affected: 2009.0, 2010.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities was discovered and fixed in gimp: Stack-based buffer overflow in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself (CVE-2010-4540). Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Number of lights field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself (CVE-2010-4541). Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself (CVE-2010-4542). Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image (CVE-2010-4543, CVE-2011-1782). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php\?cPath=149\&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4540 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4542 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1782 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 7c02d4aa8eae727861eb0920dd3483b2 2009.0/i586/gimp-2.4.7-1.2mdv2009.0.i586.rpm 45c06cdb705f4c617b71bec50c455c26 2009.0/i586/gimp-python-2.4.7-1.2mdv2009.0.i586.rpm 57fb06ee874653cf94881817b6690394 2009.0/i586/libgimp2.0_0-2.4.7-1.2mdv2009.0.i586.rpm 91a7961f7e95b7597a97a5548814c063 2009.0/i586/libgimp2.0-devel-2.4.7-1.2mdv2009.0.i586.rpm 20e6ed8705feb5acb1cdaf7831beeeee 2009.0/SRPMS/gimp-2.4.7-1.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: ab317b4e3f3be709a2873f84ce30c215 2009.0/x86_64/gimp-2.4.7-1.2mdv2009.0.x86_64.rpm 8a6bfb9b582f2a0d9cccd5a972b568e4 2009.0/x86_64/gimp-python-2.4.7-1.2mdv2009.0.x86_64.rpm 941103b8e1655a5a064192bd6e20b6a9 2009.0/x86_64/lib64gimp2.0_0-2.4.7-1.2mdv2009.0.x86_64.rpm dd8c18b873a2178540d32285dee26879 2009.0/x86_64/lib64gimp2.0-devel-2.4.7-1.2mdv2009.0.x86_64.rpm 20e6ed8705feb5acb1cdaf7831beeeee 2009.0/SRPMS/gimp-2.4.7-1.2mdv2009.0.src.rpm Mandriva Linux 2010.1: b4934e6c63a58a89e26ce5a8bd4dd0aa 2010.1/i586/gimp-2.6.8-3.1mdv2010.2.i586.rpm cf9cd4f6c93ca1108daaa839441e41a3 2010.1/i586/gimp-python-2.6.8-3.1mdv2010.2.i586.rpm c096ed34e2e0272272d01bc01b640bfb 2010.1/i586/libgimp2.0_0-2.6.8-3.1mdv2010.2.i586.rpm df803b5a43613d2b67c3cf61bbb1e39c 2010.1/i586/libgimp2.0-devel-2.6.8-3.1mdv2010.2.i586.rpm 74c23d2b743d532a989e7dec401e1f66 2010.1/SRPMS/gimp-2.6.8-3.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: e8458c9df877106443fac58d804c9465 2010.1/x86_64/gimp-2.6.8-3.1mdv2010.2.x86_64.rpm 26edfcc18b11395426f7fcdbf0b08b2f 2010.1/x86_64/gimp-python-2.6.8-3.1mdv2010.2.x86_64.rpm 874338737686abb415ee3df1efb3a57e 2010.1/x86_64/lib64gimp2.0_0-2.6.8-3.1mdv2010.2.x86_64.rpm c11c04938bac89c9735429a4fcbd276e 2010.1/x86_64/lib64gimp2.0-devel-2.6.8-3.1mdv2010.2.x86_64.rpm 74c23d2b743d532a989e7dec401e1f66 2010.1/SRPMS/gimp-2.6.8-3.1mdv2010.2.src.rpm Mandriva Enterprise Server 5: a858be803cf318a4bf65cb3f98537928 mes5/i586/gimp-2.4.7-1.2mdvmes5.2.i586.rpm 34f3115b398f3e8c0c0ff3570c133db2 mes5/i586/gimp-python-2.4.7-1.2mdvmes5.2.i586.rpm 9bd4f53d61bc99f82aa0c202832a1e31 mes5/i586/libgimp2.0_0-2.4.7-1.2mdvmes5.2.i586.rpm c4a5ff2e425ce131a5366108e5275cf9 mes5/i586/libgimp2.0-devel-2.4.7-1.2mdvmes5.2.i586.rpm 4211449a29646f79f66586d858833f1d mes5/SRPMS/gimp-2.4.7-1.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 728cc2a6f12144650862438c9675f3e6 mes5/x86_64/gimp-2.4.7-1.2mdvmes5.2.x86_64.rpm 96586a84019b3da23e0da6b64c8deb7b mes5/x86_64/gimp-python-2.4.7-1.2mdvmes5.2.x86_64.rpm eed9cf47737fa79778b4907c8d7ee274 mes5/x86_64/lib64gimp2.0_0-2.4.7-1.2mdvmes5.2.x86_64.rpm 7ae6020f94251df98fe667336677b25e mes5/x86_64/lib64gimp2.0-devel-2.4.7-1.2mdvmes5.2.x86_64.rpm 4211449a29646f79f66586d858833f1d mes5/SRPMS/gimp-2.4.7-1.2mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFN4kbemqjQ0CJFipgRAt+yAKCZRS8hvsbbv0x4neqZ9BvIh9TN3ACcDDgR yhS4p+P7b9jJKyzsYSUV3DM= =eQm1 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/