[Security Announce] [ MDKSA-2007:108 ] - Updated gimp packages fix stack overflow in sunras plugin
Posted on: 05/23/2007 06:35 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:108
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gimp
Date : May 22, 2007
Affected: 2007.0, 2007.1, Corporate 3.0
_______________________________________________________________________

Problem Description:

Marsu discovered a stack overflow issue in the GIMP's RAS file loader.
An attacker could create a carefully crafted file that would cause
the GIMP to crash or potentially execute arbitrary code as the user
opening the file.

The updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2356
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
6f2d2ba676a78bc9c8637e594cc7695c 2007.0/i586/gimp-2.3.10-6.2mdv2007.0.i586.rpm
e961d511b0a4467c0a71da1abed2d9e1 2007.0/i586/gimp-python-2.3.10-6.2mdv2007.0.i586.rpm
c86f942a4a0e60b29a6c25a9ae1a2aa6 2007.0/i586/libgimp2.0-devel-2.3.10-6.2mdv2007.0.i586.rpm
bdc40e9348c25965085ab2d38fabca3a 2007.0/i586/libgimp2.0_0-2.3.10-6.2mdv2007.0.i586.rpm
4b3fd719205b5783c8e95b26152754c1 2007.0/SRPMS/gimp-2.3.10-6.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
9d649e883a907a4ee14a01bf20d852a0 2007.0/x86_64/gimp-2.3.10-6.2mdv2007.0.x86_64.rpm
acebf4019818c698ffa5490226e67b17 2007.0/x86_64/gimp-python-2.3.10-6.2mdv2007.0.x86_64.rpm
4dd4c15971e1940ef4cadb72c634ddf2 2007.0/x86_64/lib64gimp2.0-devel-2.3.10-6.2mdv2007.0.x86_64.rpm
3206abfb7c40c66ae0b1900d09ba3ac7 2007.0/x86_64/lib64gimp2.0_0-2.3.10-6.2mdv2007.0.x86_64.rpm
4b3fd719205b5783c8e95b26152754c1 2007.0/SRPMS/gimp-2.3.10-6.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
a1ab4c6bd8adc03e8dff8d571ea71238 2007.1/i586/gimp-2.3.14-3.1mdv2007.1.i586.rpm
df478231fee2f1746100a63ddee9fa1c 2007.1/i586/gimp-python-2.3.14-3.1mdv2007.1.i586.rpm
1e6e115efe6311a08221e59ff0202add 2007.1/i586/libgimp2.0-devel-2.3.14-3.1mdv2007.1.i586.rpm
c0ca0e48c691d52c057e2e48f126228d 2007.1/i586/libgimp2.0_0-2.3.14-3.1mdv2007.1.i586.rpm
dbd612719f10a2b5f17766baf33994f6 2007.1/SRPMS/gimp-2.3.14-3.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
61be8d037ff7bb07dbd9456bc787d59c 2007.1/x86_64/gimp-2.3.14-3.1mdv2007.1.x86_64.rpm
809dde5e40c10a22ffa71f79c969c144 2007.1/x86_64/gimp-python-2.3.14-3.1mdv2007.1.x86_64.rpm
c16813e13a87f367e29336cf3e2e2cdc 2007.1/x86_64/lib64gimp2.0-devel-2.3.14-3.1mdv2007.1.x86_64.rpm
fef1cea1d6c4938053b6844b22c359e4 2007.1/x86_64/lib64gimp2.0_0-2.3.14-3.1mdv2007.1.x86_64.rpm
dbd612719f10a2b5f17766baf33994f6 2007.1/SRPMS/gimp-2.3.14-3.1mdv2007.1.src.rpm

Corporate 3.0:
8b03f11448dbb4e94e2b8b8dc5224fa2 corporate/3.0/i586/gimp-1.2.5-13.1.C30mdk.i586.rpm
e2bf163b19111bd0375574ac94f815a0 corporate/3.0/i586/gimp-doc-1.2.5-13.1.C30mdk.i586.rpm
5818d368ee1d660e4c8f15f5e9ac7ebf corporate/3.0/i586/gimp-perl-1.2.5-13.1.C30mdk.i586.rpm
4c6769052b0ffc3929191cd357983345 corporate/3.0/i586/libgimp1.2-1.2.5-13.1.C30mdk.i586.rpm
249569270aca413afc117b1decff2a18 corporate/3.0/i586/libgimp1.2_1-1.2.5-13.1.C30mdk.i586.rpm
13297c783d7b0c16eb86530025e746bb corporate/3.0/i586/libgimp1.2_1-devel-1.2.5-13.1.C30mdk.i586.rpm
88ffadd4803267b9271909c2584bd8d8 corporate/3.0/SRPMS/gimp-1.2.5-13.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
0b447fbcd1c904381bf2447a314d89af corporate/3.0/x86_64/gimp-1.2.5-13.1.C30mdk.x86_64.rpm
96df5c88bdee06776d0eae5108508c72 corporate/3.0/x86_64/gimp-doc-1.2.5-13.1.C30mdk.x86_64.rpm
5275b1da8478c720e516cce148629e86 corporate/3.0/x86_64/gimp-perl-1.2.5-13.1.C30mdk.x86_64.rpm
0ed195ecae3bcfc25994dee7d8f88134 corporate/3.0/x86_64/lib64gimp1.2-1.2.5-13.1.C30mdk.x86_64.rpm
968cb26a97556435cd19b5f1ee3199e6 corporate/3.0/x86_64/lib64gimp1.2_1-1.2.5-13.1.C30mdk.x86_64.rpm
3054dc681958467b93d83d98351de5da corporate/3.0/x86_64/lib64gimp1.2_1-devel-1.2.5-13.1.C30mdk.x86_64.rpm
88ffadd4803267b9271909c2584bd8d8 corporate/3.0/SRPMS/gimp-1.2.5-13.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGU2TfmqjQ0CJFipgRAqsoAKDf5o0W3r85senIJHTQDhLp68EfPwCfXfyk
M58c1ggv4+7N+5pF4U77xWo=
=RM0Q
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007108__updated_gimp_packages_fix_stack_overflow_in_sunras_plugin.html)