Slackware 1078 Published by

New gimp packages are available for Slackware 10.2, 11.0, and 12.0 to fix security issues.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949



Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/gimp-2.2.17-i486-1_slack12.0.tgz:
Upgraded to gimp-2.2.17, which fixes buffer overflows when decoding
certain image types.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/gimp-2.2.17-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gimp-2.2.17-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/gimp-2.2.17-i486-1_slack12.0.tgz


MD5 signatures:
+-------------+

Slackware 10.2 package:
d65dd07991a2cd1acd9a97a2c8710ba5 gimp-2.2.17-i486-1_slack10.2.tgz

Slackware 11.0 package:
b39163ba82020a7d64609729fd51de04 gimp-2.2.17-i486-1_slack11.0.tgz

Slackware 12.0 package:
52fd45595c6c1cf3a2eca6d2960ce32b gimp-2.2.17-i486-1_slack12.0.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg gimp-2.2.17-i486-1_slack12.0.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com