rPSA-2006-0135-1 gimp

To: security-announce@xxxxxxxxxxxxxxx, update-announce@xxxxxxxxxxxxxxx
Subject: rPSA-2006-0135-1 gimp
From: "Justin M. Forbes" <jmforbes@xxxxxxxxx>
Date: Mon, 24 Jul 2006 17:04:24 -0400
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, lwn@xxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: nail 11.22 3/20/05

rPath Security Advisory: 2006-0135-1
Published: 2006-07-24
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
    User Deterministic Privilege Escalation
Updated Versions:
    gimp=/conary.rpath.com@rpl:devel//1/2.2.8-8.2-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404
    https://issues.rpath.com/browse/RPL-522

Description:
    Previous versions of the gimp package are vulnerable to an attack
    in which an intentionally corrupted XCF file (the native gimp file
    format) could cause the gimp to crash or to execute code supplied
    in the XCF file by the attacker.

Prev by Date: Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability
Next by Date: Opsware NAS 6.0 reveals MySQL 'root' password
Previous by thread: Re: Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability
Next by thread: Opsware NAS 6.0 reveals MySQL 'root' password
Index(es):
- Date
- Thread