full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] [ MDKSA-2007:108 ] - Updat

[Full-disclosure] [ MDKSA-2007:108 ] - Updated gimp packages fix stack overflow in sunras plugin

From: <security_at_nospam>
Date: Wed May 23 2007 - 00:50:49 GMT
To: full-disclosure@lists.grok.org.uk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


  Mandriva Linux Security Advisory MDKSA-2007:108  http://www.mandriva.com/security/
  Package : gimp Date : May 22, 2007 Affected: 2007.0, 2007.1, Corporate 3.0
_______________________________________________________________________

 Problem Description:  

 Marsu discovered a stack overflow issue in the GIMP's RAS file loader.  An attacker could create a carefully crafted file that would cause  the GIMP to crash or potentially execute arbitrary code as the user  opening the file.  

 The updated packages have been patched to prevent this issue.


 References:  

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2356


 

 Updated Packages:  

 Mandriva Linux 2007.0: 6f2d2ba676a78bc9c8637e594cc7695c 2007.0/i586/gimp-2.3.10-6.2mdv2007.0.i586.rpm e961d511b0a4467c0a71da1abed2d9e1 2007.0/i586/gimp-python-2.3.10-6.2mdv2007.0.i586.rpm c86f942a4a0e60b29a6c25a9ae1a2aa6 2007.0/i586/libgimp2.0-devel-2.3.10-6.2mdv2007.0.i586.rpm bdc40e9348c25965085ab2d38fabca3a 2007.0/i586/libgimp2.0_0-2.3.10-6.2mdv2007.0.i586.rpm 4b3fd719205b5783c8e95b26152754c1 2007.0/SRPMS/gimp-2.3.10-6.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64: 9d649e883a907a4ee14a01bf20d852a0 2007.0/x86_64/gimp-2.3.10-6.2mdv2007.0.x86_64.rpm acebf4019818c698ffa5490226e67b17 2007.0/x86_64/gimp-python-2.3.10-6.2mdv2007.0.x86_64.rpm 4dd4c15971e1940ef4cadb72c634ddf2 2007.0/x86_64/lib64gimp2.0-devel-2.3.10-6.2mdv2007.0.x86_64.rpm 3206abfb7c40c66ae0b1900d09ba3ac7 2007.0/x86_64/lib64gimp2.0_0-2.3.10-6.2mdv2007.0.x86_64.rpm 4b3fd719205b5783c8e95b26152754c1 2007.0/SRPMS/gimp-2.3.10-6.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1: a1ab4c6bd8adc03e8dff8d571ea71238 2007.1/i586/gimp-2.3.14-3.1mdv2007.1.i586.rpm df478231fee2f1746100a63ddee9fa1c 2007.1/i586/gimp-python-2.3.14-3.1mdv2007.1.i586.rpm 1e6e115efe6311a08221e59ff0202add 2007.1/i586/libgimp2.0-devel-2.3.14-3.1mdv2007.1.i586.rpm c0ca0e48c691d52c057e2e48f126228d 2007.1/i586/libgimp2.0_0-2.3.14-3.1mdv2007.1.i586.rpm dbd612719f10a2b5f17766baf33994f6 2007.1/SRPMS/gimp-2.3.14-3.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64: 61be8d037ff7bb07dbd9456bc787d59c 2007.1/x86_64/gimp-2.3.14-3.1mdv2007.1.x86_64.rpm 809dde5e40c10a22ffa71f79c969c144 2007.1/x86_64/gimp-python-2.3.14-3.1mdv2007.1.x86_64.rpm c16813e13a87f367e29336cf3e2e2cdc 2007.1/x86_64/lib64gimp2.0-devel-2.3.14-3.1mdv2007.1.x86_64.rpm fef1cea1d6c4938053b6844b22c359e4 2007.1/x86_64/lib64gimp2.0_0-2.3.14-3.1mdv2007.1.x86_64.rpm dbd612719f10a2b5f17766baf33994f6 2007.1/SRPMS/gimp-2.3.14-3.1mdv2007.1.src.rpm

 Corporate 3.0: 8b03f11448dbb4e94e2b8b8dc5224fa2 corporate/3.0/i586/gimp-1.2.5-13.1.C30mdk.i586.rpm e2bf163b19111bd0375574ac94f815a0 corporate/3.0/i586/gimp-doc-1.2.5-13.1.C30mdk.i586.rpm 5818d368ee1d660e4c8f15f5e9ac7ebf corporate/3.0/i586/gimp-perl-1.2.5-13.1.C30mdk.i586.rpm 4c6769052b0ffc3929191cd357983345 corporate/3.0/i586/libgimp1.2-1.2.5-13.1.C30mdk.i586.rpm 249569270aca413afc117b1decff2a18 corporate/3.0/i586/libgimp1.2_1-1.2.5-13.1.C30mdk.i586.rpm 13297c783d7b0c16eb86530025e746bb corporate/3.0/i586/libgimp1.2_1-devel-1.2.5-13.1.C30mdk.i586.rpm 88ffadd4803267b9271909c2584bd8d8 corporate/3.0/SRPMS/gimp-1.2.5-13.1.C30mdk.src.rpm

 Corporate 3.0/X86_64: 0b447fbcd1c904381bf2447a314d89af corporate/3.0/x86_64/gimp-1.2.5-13.1.C30mdk.x86_64.rpm 96df5c88bdee06776d0eae5108508c72 corporate/3.0/x86_64/gimp-doc-1.2.5-13.1.C30mdk.x86_64.rpm 5275b1da8478c720e516cce148629e86 corporate/3.0/x86_64/gimp-perl-1.2.5-13.1.C30mdk.x86_64.rpm 0ed195ecae3bcfc25994dee7d8f88134 corporate/3.0/x86_64/lib64gimp1.2-1.2.5-13.1.C30mdk.x86_64.rpm 968cb26a97556435cd19b5f1ee3199e6 corporate/3.0/x86_64/lib64gimp1.2_1-1.2.5-13.1.C30mdk.x86_64.rpm 3054dc681958467b93d83d98351de5da corporate/3.0/x86_64/lib64gimp1.2_1-devel-1.2.5-13.1.C30mdk.x86_64.rpm 88ffadd4803267b9271909c2584bd8d8 corporate/3.0/SRPMS/gimp-1.2.5-13.1.C30mdk.src.rpm
_______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi. The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com


 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team   <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGU2TfmqjQ0CJFipgRAqsoAKDf5o0W3r85senIJHTQDhLp68EfPwCfXfyk M58c1ggv4+7N+5pF4U77xWo=
=RM0Q
-----END PGP SIGNATURE-----



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/