MGASA-2012-0327
Date: | November 9th, 2012 |
Affected releases: | 1 |
Description:
Updated gimp packages fix security vulnerabilities:
Buffer overflow in the readstr_upto function in
plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and
possibly 2.6.13, allows remote attackers to execute arbitrary code via
a long string in a command to the script-fu server (CVE-2012-2763).
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial
of service (NULL pointer dereference and application crash) via a malformed
XTENSION header of a .fit file, as demonstrated using a long string
(CVE-2012-3236).
Updated Packages:
gimp-2.6.11-7.3.mga1
gimp-python-2.6.11-7.3.mga1
lib(64)gimp2.0_0-2.6.11-7.3.mga1
lib(64)gimp2.0-devel-2.6.11-7.3.mga1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3236
http://lists.opensuse.org/opensuse-updates/2012-09/msg00001.html
https://bugs.mageia.org/show_bug.cgi?id=7351