Debian 9859 Published by

Updated gimp packages has been released for Debian 8



- -------------------------------------------------------------------------
Debian Security Advisory DSA-3612-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 01, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : gimp
CVE ID : CVE-2016-4994
Debian Bug : 828179

Shmuel H discovered that GIMP, the GNU Image Manipulation Program, is
prone to a use-after-free vulnerability in the channel and layer
properties parsing process when loading a XCF file. An attacker can take
advantage of this flaw to potentially execute arbitrary code with the
privileges of the user running GIMP if a specially crafted XCF file is
processed.

For the stable distribution (jessie), this problem has been fixed in
version 2.8.14-1+deb8u1.

We recommend that you upgrade your gimp packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/