[ MDKSA-2007:170 ] - Updated gimp packages fix input data validation issues in several plugins

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 Mandriva Linux Security Advisory                         MDKSA-2007:170

 Package : gimp
 Date    : August 23, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0

 _______________________________________________________________________

 

 Problem Description:  

 Multiple integer overflows in the image loader plug-ins in GIMP before  2.2.16 allow user-assisted remote attackers to execute arbitrary code  via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP,  (5) Sun RAS, (6) XBM, and (7) XWD files. (CVE-2006-4519)  

 Integer overflow in the seek_to_and_unpack_pixeldata function in  the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute  arbitrary code via a crafted PSD file that contains a large (1)  width or (2) height value. (CVE-2007-2949)  

 Victor Stinner has discovered several flaws in file plug-ins using  his fuzzyfier tool fusil. Several modified image files cause the  plug-ins to crash or consume excessive amounts of memory due to  insufficient input validation. Affected plug-ins: bmp, pcx, psd, psp  (*.tub). (CVE-2007-3741)  

 Updated packages have been patched to prevent these issues.

 References:  

 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4519
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3741
 _______________________________________________________________________

 

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

 Updated Packages:  

 Mandriva Linux 2007.0:

 bf9edb14123c54a69c8b767e4ff9b59b  2007.0/i586/gimp-2.3.10-6.4mdv2007.0.i586.rpm
 25c09088a30f1ac4a619671f971abd65  2007.0/i586/gimp-python-2.3.10-6.4mdv2007.0.i586.rpm
 b406215f9a2fd22d48bd28cd2b7aa5c1  2007.0/i586/libgimp2.0-devel-2.3.10-6.4mdv2007.0.i586.rpm
 493176b6d9268753888d5ed88fe82d73  2007.0/i586/libgimp2.0_0-2.3.10-6.4mdv2007.0.i586.rpm 
 6ff93a240bbed2cb1f2a7d43db465c5b  2007.0/SRPMS/gimp-2.3.10-6.4mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:

 3b0a82327d1c57c9d92edf2810502cc2  2007.0/x86_64/gimp-2.3.10-6.4mdv2007.0.x86_64.rpm
 aa6969a3c734d5233ea1bf918068b655  2007.0/x86_64/gimp-python-2.3.10-6.4mdv2007.0.x86_64.rpm
 28086552988cf08d50a2196a5683a893  2007.0/x86_64/lib64gimp2.0-devel-2.3.10-6.4mdv2007.0.x86_64.rpm
 f85032c7fe1e839c7dae7f0f4f71b19d  2007.0/x86_64/lib64gimp2.0_0-2.3.10-6.4mdv2007.0.x86_64.rpm 
 6ff93a240bbed2cb1f2a7d43db465c5b  2007.0/SRPMS/gimp-2.3.10-6.4mdv2007.0.src.rpm

 Mandriva Linux 2007.1:

 8b2d18fbd2ec2d1d75467c875b51194a  2007.1/i586/gimp-2.3.14-3.3mdv2007.1.i586.rpm
 eafdff0cbdfa2c5987083d66aab6acf7  2007.1/i586/gimp-python-2.3.14-3.3mdv2007.1.i586.rpm
 0547d89384937df347d4bc0141c4ad58  2007.1/i586/libgimp2.0-devel-2.3.14-3.3mdv2007.1.i586.rpm
 efde967b2b2f0600b6f6637c0d234a01  2007.1/i586/libgimp2.0_0-2.3.14-3.3mdv2007.1.i586.rpm 
 23426e0e7ef3735cb4392aab2631122b  2007.1/SRPMS/gimp-2.3.14-3.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:

 4828d4abf93c14331f7f17be448c2ab8  2007.1/x86_64/gimp-2.3.14-3.3mdv2007.1.x86_64.rpm
 07ec9f3807b3732767c56882c5700af7  2007.1/x86_64/gimp-python-2.3.14-3.3mdv2007.1.x86_64.rpm
 275cdb72761ed809e21c495bef4aebe7  2007.1/x86_64/lib64gimp2.0-devel-2.3.14-3.3mdv2007.1.x86_64.rpm
Do you need more help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:
Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
 bc21d6fe79269a20a4e8cf581ec15e73  2007.1/x86_64/lib64gimp2.0_0-2.3.14-3.3mdv2007.1.x86_64.rpm 
 23426e0e7ef3735cb4392aab2631122b  2007.1/SRPMS/gimp-2.3.14-3.3mdv2007.1.src.rpm

 Corporate 3.0:

 0dcdab9693c953ac71ffd48f3df99502  corporate/3.0/i586/gimp-1.2.5-13.4.C30mdk.i586.rpm
 c7911c3c8d3cbf6c7c0a996e24fd2f0b  corporate/3.0/i586/gimp-doc-1.2.5-13.4.C30mdk.i586.rpm
 106fef8a8de6f8c18acbdfee686acf37  corporate/3.0/i586/gimp-perl-1.2.5-13.4.C30mdk.i586.rpm
 d1dfe6d9f1399bffcc6da9a775104312  corporate/3.0/i586/libgimp1.2-1.2.5-13.4.C30mdk.i586.rpm
 1d000ff63592903fd2f761d838699fea  corporate/3.0/i586/libgimp1.2_1-1.2.5-13.4.C30mdk.i586.rpm
 97b6a130d96da091eb26da1ac54ebcd4  corporate/3.0/i586/libgimp1.2_1-devel-1.2.5-13.4.C30mdk.i586.rpm 
 df25d5dc833ca512a0d31f839bdf7474  corporate/3.0/SRPMS/gimp-1.2.5-13.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:

 7d6a3c0448b39a0b3194a73dbf9e5b19  corporate/3.0/x86_64/gimp-1.2.5-13.4.C30mdk.x86_64.rpm
 4e243e82b04fdddf71845d04c75595cf  corporate/3.0/x86_64/gimp-doc-1.2.5-13.4.C30mdk.x86_64.rpm
 ac826ac35fe04e0bc591cb4612cbe30d  corporate/3.0/x86_64/gimp-perl-1.2.5-13.4.C30mdk.x86_64.rpm
 c9d1fb6e82830ce6502ec1cc56a99b43  corporate/3.0/x86_64/lib64gimp1.2-1.2.5-13.4.C30mdk.x86_64.rpm
 3ab4ea172a56d2e4d85025e65c8fdd91  corporate/3.0/x86_64/lib64gimp1.2_1-1.2.5-13.4.C30mdk.x86_64.rpm
 bb3d1d4b0bd1519bc452e08bae9b23a5  corporate/3.0/x86_64/lib64gimp1.2_1-devel-1.2.5-13.4.C30mdk.x86_64.rpm 
 df25d5dc833ca512a0d31f839bdf7474  corporate/3.0/SRPMS/gimp-1.2.5-13.4.C30mdk.src.rpm

 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi. The verification  of md5 checksums and GPG signatures is performed automatically for you.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

 All packages are signed by Mandriva for security. You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com

 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team   <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGzdBSmqjQ0CJFipgRAov9AJ97s+YuHubKQ2Mu+3MqR0iNPkyE2QCfZ5jA qBuvkLdx9WClGwVKEg80Vuw=
=gKiG
-----END PGP SIGNATURE----- Received on Thu Aug 23 15:59:36 2007

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek