DSA 1116-1: New gimp packages fix arbitrary code execution
Posted on: 07/21/2006 07:32 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1116-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 21st, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : gimp
Vulnerability : buffer overflow
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-3404
Debian Bug : 377049

Henning Makholm discovered a buffer overflow in the XCF loading code
of Gimp, an image editing program. Opening a specially crafted XCF
image might cause the application to execute arbitrary code.

For the stable distribution (sarge) this problem has been fixed in
version 2.2.6-1sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.2.11-3.1.

We recommend that you upgrade your gimp package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1.dsc
Size/MD5 checksum: 1089 979559b33614105fa58413378d7c204b
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1.diff.gz
Size/MD5 checksum: 26122 c56e7ce33568fa577bb965d91a5c9e1c
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6.orig.tar.gz
Size/MD5 checksum: 20496404 a6450200858c59bb46ace6987f1fc6ee

Architecture independent components:

http://security.debian.org/pool/updates/main/g/gimp/gimp-data_2.2.6-1sarge1_all.deb
Size/MD5 checksum: 6276584 013c82da61ca8f0c34e7b02995f9a2dc
http://security.debian.org/pool/updates/main/g/gimp/gimp1.2_2.2.6-1sarge1_all.deb
Size/MD5 checksum: 31674 f5bf9b1c4d272b6d6a293da92ff1b4cc
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-doc_2.2.6-1sarge1_all.deb
Size/MD5 checksum: 514958 5dcc11d084fd4e79e055493205cded03

Alpha architecture:

http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_alpha.deb
Size/MD5 checksum: 3872520 f14c5800c1bb4da15eef57a6c9122c61
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_alpha.deb
Size/MD5 checksum: 44970 2476f295f24498674678c8f21b35f26f
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_alpha.deb
Size/MD5 checksum: 126646 244ae4e14a57803e0e04eed254ee845b
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_alpha.deb
Size/MD5 checksum: 44794 5cc2a15a835d6649bbebdd068beaf5d3
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_alpha.deb
Size/MD5 checksum: 576492 bf73a2b8130cc7a945cdcccb0546ce0b
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_alpha.deb
Size/MD5 checksum: 98262 7ff13a929c089f127fd29836f780dd38

AMD64 architecture:

http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_amd64.deb
Size/MD5 checksum: 3266104 17d46a5010fb7451f6dfbd783caf73e6
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_amd64.deb
Size/MD5 checksum: 43722 0956d860d60ff4394ca0c9b9aac2957f
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_amd64.deb
Size/MD5 checksum: 122012 61a1ca703333bfad94692943c0e6ba86
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_amd64.deb
Size/MD5 checksum: 43464 496e21eff61fedf892eb2f8a52e92857
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_amd64.deb
Size/MD5 checksum: 543840 224ea85332d7e525aafa14cb1a639614
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_amd64.deb
Size/MD5 checksum: 98234 a9f687bb252e9adbc91f81b67e42d3d9

ARM architecture:

http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_arm.deb
Size/MD5 checksum: 2938416 b0901f13d679d1bb41e91c56f22c41d8
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_arm.deb
Size/MD5 checksum: 41934 042f39449706ba1362676520935d98a0
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_arm.deb
Size/MD5 checksum: 114028 d3adb0e677eee5f8484674f1ec29ef11
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_arm.deb
Size/MD5 checksum: 42280 2300ed4a4de2537e30ad4f4df2cf540d
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_arm.deb
Size/MD5 checksum: 507710 0592a4510f85ebb8c03e74cb2d410d95
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_arm.deb
Size/MD5 checksum: 98332 57de081bea0749832e5c82e6cbdb28e9

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_i386.deb
Size/MD5 checksum: 3087556 d4a3d583f932d75e1c49f72a32e9de56
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_i386.deb
Size/MD5 checksum: 42692 35dedb9373d46897709de62a6ba56f22
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_i386.deb
Size/MD5 checksum: 117012 0a76a982e406a236658882f2dabdf464
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_i386.deb
Size/MD5 checksum: 43238 4e585d74f341874b8a31aad60d246caf
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_i386.deb
Size/MD5 checksum: 521758 bc33f00f99995ffd91ff9bb84c83c4c1
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_i386.deb
Size/MD5 checksum: 98248 a7d5db0fdf8401bdaef4a9266db6c705

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_ia64.deb
Size/MD5 checksum: 4581614 af2d82f8c7d4373286f6872709d8bca4
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_ia64.deb
Size/MD5 checksum: 46600 9186a0e6efb81e461d725fa761694f07
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_ia64.deb
Size/MD5 checksum: 135808 7fa53fef4e3772b8f3087e9c5e37e5a0
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_ia64.deb
Size/MD5 checksum: 46852 24434b0212a6792901bc9e2fbbd2bb1f
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_ia64.deb
Size/MD5 checksum: 632324 c4335842b443c43c0dbe68797264d943
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_ia64.deb
Size/MD5 checksum: 98240 f07c6a9cd8f7941ff7fd4a93589f7973

HP Precision architecture:

http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_hppa.deb
Size/MD5 checksum: 3468190 e9a04a87c97ee78815a3e332dbcccff8
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_hppa.deb
Size/MD5 checksum: 43394 fed2f6e699416c5a03c1d3a130554418
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_hppa.deb
Size/MD5 checksum: 125686 19e8ee051e193546d55788c7b3fb1e7d
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_hppa.deb
Size/MD5 checksum: 43720 b4c52c60b267751689bc57fe7f1e3ded
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_hppa.deb
Size/MD5 checksum: 583078 bda2acb1a3b23edcd435730ea9c6cd0c
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_hppa.deb
Size/MD5 checksum: 98302 618bf48bcfe82ee886ad1ec2c9da8746

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_m68k.deb
Size/MD5 checksum: 2697910 e90af18d0136fbf8d60e2089bac3dbc0
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_m68k.deb
Size/MD5 checksum: 42302 6cffc71d58aa261293428323840eadfa
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_m68k.deb
Size/MD5 checksum: 118392 e533fe00cf69d53713fea16f7c3c351b
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_m68k.deb
Size/MD5 checksum: 42140 b77201f3a42f7be876c13ce803833891
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_m68k.deb
Size/MD5 checksum: 520078 29e62d2417f9d4bd266e81a65e4d5201
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_m68k.deb
Size/MD5 checksum: 98478 fe3705144e976a25c49330f2d0f958ab

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_mips.deb
Size/MD5 checksum: 3448914 3236ee1f78e5d6a30cece944ea1c149e
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_mips.deb
Size/MD5 checksum: 42690 e3a903955904332f1d6e14341de5c55d
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_mips.deb
Size/MD5 checksum: 116280 4e4425ac5ccf0f7923aaa33817f4d3a9
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_mips.deb
Size/MD5 checksum: 42960 8b6f4e92ed5b881e74fca99c4eac478f
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_mips.deb
Size/MD5 checksum: 524600 978e3ab35f44bd1e516ded87d0fa1a11
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_mips.deb
Size/MD5 checksum: 98256 b34836f926dea9bc7855c4fec1313db2

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_mipsel.deb
Size/MD5 checksum: 3445558 fa88e0923517217e1ebc47dcc9e13e91
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_mipsel.deb
Size/MD5 checksum: 42626 7df6dd0e0bcf0fd800b603ff62b088e4
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_mipsel.deb
Size/MD5 checksum: 115598 f5e2fa780ab32a0e8d192209f42cf22c
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_mipsel.deb
Size/MD5 checksum: 42882 8f2c5ead0311336fe8f9d5f73840bd66
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_mipsel.deb
Size/MD5 checksum: 522138 172dad30e71dacab1aaedfbe2b9ab404
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_mipsel.deb
Size/MD5 checksum: 98268 b7ad697195e7a622d584caef468bf24b

PowerPC architecture:

http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_powerpc.deb
Size/MD5 checksum: 3341118 c3bd01a81f343030030f7285fd35a9a2
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_powerpc.deb
Size/MD5 checksum: 43938 66f8bf50052e465ab6306c0f93441fc1
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_powerpc.deb
Size/MD5 checksum: 118214 7b22438747c7d7eb3ff1112607f36942
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_powerpc.deb
Size/MD5 checksum: 44314 1452917365ca44d0849fd8783d5dc2b9
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_powerpc.deb
Size/MD5 checksum: 539510 17896bbe9f778c125eed47e96f2582b0
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_powerpc.deb
Size/MD5 checksum: 98282 c0c35190756c7bc71306d9e32e20770e

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_s390.deb
Size/MD5 checksum: 3134704 5e3ee587e3af969dbe6b2acf8add98a6
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_s390.deb
Size/MD5 checksum: 43896 17adcff9df203fcee2a2eccb4a7a78f6
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_s390.deb
Size/MD5 checksum: 123904 b0f18ce58f5eb93fa64033b82b64f192
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_s390.deb
Size/MD5 checksum: 43512 5ec341436fcf87c883a7bdff50eba154
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_s390.deb
Size/MD5 checksum: 555508 eb2c9b65d19b333113a216499ca5b429
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_s390.deb
Size/MD5 checksum: 98226 1883143a487595484af2def276b08017

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_sparc.deb
Size/MD5 checksum: 2929592 ab276607e00e8159b855d2d3ddbd7f49
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_sparc.deb
Size/MD5 checksum: 42236 0a2217eeb70903e12052b4111aac2c1d
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_sparc.deb
Size/MD5 checksum: 116426 3eac44e9e3e28330e075385b1197a984
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_sparc.deb
Size/MD5 checksum: 42440 464fe9823e9544cce55688ed1840bd38
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_sparc.deb
Size/MD5 checksum: 527522 ea220cad0822aaf7f580c0ad76f44cb2
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_sparc.deb
Size/MD5 checksum: 98290 b543cfe8b332246e3e33c4d785fa8957


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEwP3pXm3vHE4uyloRAhpFAKCCOZdjTM6ucq4eMsCnjuwL9NLBkgCcCkzh
Fb/SjYzkUD0JG41kcwYFgGM=
=MFLL
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1116_1_new_gimp_packages_fix_arbitrary_code_execution.html)