From Mageia wiki
Jump to: navigation, search

MGASA-2012-0327

Date: November 9th, 2012
Affected releases: 1


Description:
Updated gimp packages fix security vulnerabilities:

Buffer overflow in the readstr_upto function in
plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and
possibly 2.6.13, allows remote attackers to execute arbitrary code via
a long string in a command to the script-fu server (CVE-2012-2763).

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial
of service (NULL pointer dereference and application crash) via a malformed
XTENSION header of a .fit file, as demonstrated using a long string
(CVE-2012-3236).


Updated Packages:
gimp-2.6.11-7.3.mga1
gimp-python-2.6.11-7.3.mga1
lib(64)gimp2.0_0-2.6.11-7.3.mga1
lib(64)gimp2.0-devel-2.6.11-7.3.mga1


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3236
http://lists.opensuse.org/opensuse-updates/2012-09/msg00001.html
https://bugs.mageia.org/show_bug.cgi?id=7351