[ MDKSA-2007:108 ] - Updated gimp packages fix stack overflow in sunras plugin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:108
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gimp
Date : May 22, 2007
Affected: 2007.0, 2007.1, Corporate 3.0
_______________________________________________________________________
Problem Description:
Marsu discovered a stack overflow issue in the GIMP's RAS file loader.
An attacker could create a carefully crafted file that would cause
the GIMP to crash or potentially execute arbitrary code as the user
opening the file.
The updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2356
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
6f2d2ba676a78bc9c8637e594cc7695c 2007.0/i586/gimp-2.3.10-6.2mdv2007.0.i586.rpm
e961d511b0a4467c0a71da1abed2d9e1
2007.0/i586/gimp-python-2.3.10-6.2mdv2007.0.i586.rpm
c86f942a4a0e60b29a6c25a9ae1a2aa6
2007.0/i586/libgimp2.0-devel-2.3.10-6.2mdv2007.0.i586.rpm
bdc40e9348c25965085ab2d38fabca3a
2007.0/i586/libgimp2.0_0-2.3.10-6.2mdv2007.0.i586.rpm
4b3fd719205b5783c8e95b26152754c1 2007.0/SRPMS/gimp-2.3.10-6.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
9d649e883a907a4ee14a01bf20d852a0
2007.0/x86_64/gimp-2.3.10-6.2mdv2007.0.x86_64.rpm
acebf4019818c698ffa5490226e67b17
2007.0/x86_64/gimp-python-2.3.10-6.2mdv2007.0.x86_64.rpm
4dd4c15971e1940ef4cadb72c634ddf2
2007.0/x86_64/lib64gimp2.0-devel-2.3.10-6.2mdv2007.0.x86_64.rpm
3206abfb7c40c66ae0b1900d09ba3ac7
2007.0/x86_64/lib64gimp2.0_0-2.3.10-6.2mdv2007.0.x86_64.rpm
4b3fd719205b5783c8e95b26152754c1 2007.0/SRPMS/gimp-2.3.10-6.2mdv2007.0.src.rpm
Mandriva Linux 2007.1:
a1ab4c6bd8adc03e8dff8d571ea71238 2007.1/i586/gimp-2.3.14-3.1mdv2007.1.i586.rpm
df478231fee2f1746100a63ddee9fa1c
2007.1/i586/gimp-python-2.3.14-3.1mdv2007.1.i586.rpm
1e6e115efe6311a08221e59ff0202add
2007.1/i586/libgimp2.0-devel-2.3.14-3.1mdv2007.1.i586.rpm
c0ca0e48c691d52c057e2e48f126228d
2007.1/i586/libgimp2.0_0-2.3.14-3.1mdv2007.1.i586.rpm
dbd612719f10a2b5f17766baf33994f6 2007.1/SRPMS/gimp-2.3.14-3.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
61be8d037ff7bb07dbd9456bc787d59c
2007.1/x86_64/gimp-2.3.14-3.1mdv2007.1.x86_64.rpm
809dde5e40c10a22ffa71f79c969c144
2007.1/x86_64/gimp-python-2.3.14-3.1mdv2007.1.x86_64.rpm
c16813e13a87f367e29336cf3e2e2cdc
2007.1/x86_64/lib64gimp2.0-devel-2.3.14-3.1mdv2007.1.x86_64.rpm
fef1cea1d6c4938053b6844b22c359e4
2007.1/x86_64/lib64gimp2.0_0-2.3.14-3.1mdv2007.1.x86_64.rpm
dbd612719f10a2b5f17766baf33994f6 2007.1/SRPMS/gimp-2.3.14-3.1mdv2007.1.src.rpm
Corporate 3.0:
8b03f11448dbb4e94e2b8b8dc5224fa2
corporate/3.0/i586/gimp-1.2.5-13.1.C30mdk.i586.rpm
e2bf163b19111bd0375574ac94f815a0
corporate/3.0/i586/gimp-doc-1.2.5-13.1.C30mdk.i586.rpm
5818d368ee1d660e4c8f15f5e9ac7ebf
corporate/3.0/i586/gimp-perl-1.2.5-13.1.C30mdk.i586.rpm
4c6769052b0ffc3929191cd357983345
corporate/3.0/i586/libgimp1.2-1.2.5-13.1.C30mdk.i586.rpm
249569270aca413afc117b1decff2a18
corporate/3.0/i586/libgimp1.2_1-1.2.5-13.1.C30mdk.i586.rpm
13297c783d7b0c16eb86530025e746bb
corporate/3.0/i586/libgimp1.2_1-devel-1.2.5-13.1.C30mdk.i586.rpm
88ffadd4803267b9271909c2584bd8d8
corporate/3.0/SRPMS/gimp-1.2.5-13.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
0b447fbcd1c904381bf2447a314d89af
corporate/3.0/x86_64/gimp-1.2.5-13.1.C30mdk.x86_64.rpm
96df5c88bdee06776d0eae5108508c72
corporate/3.0/x86_64/gimp-doc-1.2.5-13.1.C30mdk.x86_64.rpm
5275b1da8478c720e516cce148629e86
corporate/3.0/x86_64/gimp-perl-1.2.5-13.1.C30mdk.x86_64.rpm
0ed195ecae3bcfc25994dee7d8f88134
corporate/3.0/x86_64/lib64gimp1.2-1.2.5-13.1.C30mdk.x86_64.rpm
968cb26a97556435cd19b5f1ee3199e6
corporate/3.0/x86_64/lib64gimp1.2_1-1.2.5-13.1.C30mdk.x86_64.rpm
3054dc681958467b93d83d98351de5da
corporate/3.0/x86_64/lib64gimp1.2_1-devel-1.2.5-13.1.C30mdk.x86_64.rpm
88ffadd4803267b9271909c2584bd8d8
corporate/3.0/SRPMS/gimp-1.2.5-13.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGU2TfmqjQ0CJFipgRAqsoAKDf5o0W3r85senIJHTQDhLp68EfPwCfXfyk
M58c1ggv4+7N+5pF4U77xWo=
=RM0Q
-----END PGP SIGNATURE-----