MGASA-2012-0236
| Date: | August 23rd, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated gimp packages fix security vulnerabilities:
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the GIMP's GIF image format plug-in. An attacker could create a
specially-crafted GIF image file that, when opened, could cause the GIF
plug-in to crash or, potentially, execute arbitrary code with the
privileges of the user running the GIMP (CVE-2012-3481).
A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file
format plug-in. An attacker could create a specially-crafted KiSS palette
file that, when opened, could cause the CEL plug-in to crash or,
potentially, execute arbitrary code with the privileges of the user
running the GIMP (CVE-2012-3403).
Updated Packages:
Mageia 1:
gimp-2.6.11-7.2.mga1
gimp-python-2.6.11-7.2.mga1
lib(64)gimp2.0_0-2.6.11-7.2.mga1
lib(64)gimp2.0-devel-2.6.11-7.2.mga1
Mageia 2:
gimp-2.8.0-1.1.mga2
gimp-python-2.8.0-1.1.mga2
lib(64)gimp2.0_0-2.8.0-1.1.mga2
lib(64)gimp2.0-devel-2.8.0-1.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3481
https://rhn.redhat.com/errata/RHSA-2012-1180.html
https://bugs.mageia.org/show_bug.cgi?id=7128
