Advisories
Mandriva Advisories
|
 |
| Problem Description |
Marsu discovered a stack overflow issue in the GIMP's RAS file loader.
An attacker could create a carefully crafted file that would cause
the GIMP to crash or potentially execute arbitrary code as the user
opening the file.
The updated packages have been patched to prevent this issue.
| Updated Packages |
Corporate Server 3.0
8b03f11448dbb4e94e2b8b8dc5224fa2 corporate/3.0/i586/gimp-1.2.5-13.1.C30mdk.i586.rpm e2bf163b19111bd0375574ac94f815a0 corporate/3.0/i586/gimp-doc-1.2.5-13.1.C30mdk.i586.rpm 5818d368ee1d660e4c8f15f5e9ac7ebf corporate/3.0/i586/gimp-perl-1.2.5-13.1.C30mdk.i586.rpm 4c6769052b0ffc3929191cd357983345 corporate/3.0/i586/libgimp1.2-1.2.5-13.1.C30mdk.i586.rpm 249569270aca413afc117b1decff2a18 corporate/3.0/i586/libgimp1.2_1-1.2.5-13.1.C30mdk.i586.rpm 13297c783d7b0c16eb86530025e746bb corporate/3.0/i586/libgimp1.2_1-devel-1.2.5-13.1.C30mdk.i586.rpm 88ffadd4803267b9271909c2584bd8d8 corporate/3.0/SRPMS/gimp-1.2.5-13.1.C30mdk.src.rpm
Corporate Server 3.0/X86_64
0b447fbcd1c904381bf2447a314d89af corporate/3.0/x86_64/gimp-1.2.5-13.1.C30mdk.x86_64.rpm 96df5c88bdee06776d0eae5108508c72 corporate/3.0/x86_64/gimp-doc-1.2.5-13.1.C30mdk.x86_64.rpm 5275b1da8478c720e516cce148629e86 corporate/3.0/x86_64/gimp-perl-1.2.5-13.1.C30mdk.x86_64.rpm 0ed195ecae3bcfc25994dee7d8f88134 corporate/3.0/x86_64/lib64gimp1.2-1.2.5-13.1.C30mdk.x86_64.rpm 968cb26a97556435cd19b5f1ee3199e6 corporate/3.0/x86_64/lib64gimp1.2_1-1.2.5-13.1.C30mdk.x86_64.rpm 3054dc681958467b93d83d98351de5da corporate/3.0/x86_64/lib64gimp1.2_1-devel-1.2.5-13.1.C30mdk.x86_64.rpm 88ffadd4803267b9271909c2584bd8d8 corporate/3.0/SRPMS/gimp-1.2.5-13.1.C30mdk.src.rpm
Mandriva Linux 2007
6f2d2ba676a78bc9c8637e594cc7695c 2007.0/i586/gimp-2.3.10-6.2mdv2007.0.i586.rpm e961d511b0a4467c0a71da1abed2d9e1 2007.0/i586/gimp-python-2.3.10-6.2mdv2007.0.i586.rpm c86f942a4a0e60b29a6c25a9ae1a2aa6 2007.0/i586/libgimp2.0-devel-2.3.10-6.2mdv2007.0.i586.rpm bdc40e9348c25965085ab2d38fabca3a 2007.0/i586/libgimp2.0_0-2.3.10-6.2mdv2007.0.i586.rpm 4b3fd719205b5783c8e95b26152754c1 2007.0/SRPMS/gimp-2.3.10-6.2mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
9d649e883a907a4ee14a01bf20d852a0 2007.0/x86_64/gimp-2.3.10-6.2mdv2007.0.x86_64.rpm acebf4019818c698ffa5490226e67b17 2007.0/x86_64/gimp-python-2.3.10-6.2mdv2007.0.x86_64.rpm 4dd4c15971e1940ef4cadb72c634ddf2 2007.0/x86_64/lib64gimp2.0-devel-2.3.10-6.2mdv2007.0.x86_64.rpm 3206abfb7c40c66ae0b1900d09ba3ac7 2007.0/x86_64/lib64gimp2.0_0-2.3.10-6.2mdv2007.0.x86_64.rpm 4b3fd719205b5783c8e95b26152754c1 2007.0/SRPMS/gimp-2.3.10-6.2mdv2007.0.src.rpm
Mandriva Linux 2007.1
a1ab4c6bd8adc03e8dff8d571ea71238 2007.1/i586/gimp-2.3.14-3.1mdv2007.1.i586.rpm df478231fee2f1746100a63ddee9fa1c 2007.1/i586/gimp-python-2.3.14-3.1mdv2007.1.i586.rpm 1e6e115efe6311a08221e59ff0202add 2007.1/i586/libgimp2.0-devel-2.3.14-3.1mdv2007.1.i586.rpm c0ca0e48c691d52c057e2e48f126228d 2007.1/i586/libgimp2.0_0-2.3.14-3.1mdv2007.1.i586.rpm dbd612719f10a2b5f17766baf33994f6 2007.1/SRPMS/gimp-2.3.14-3.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64
61be8d037ff7bb07dbd9456bc787d59c 2007.1/x86_64/gimp-2.3.14-3.1mdv2007.1.x86_64.rpm 809dde5e40c10a22ffa71f79c969c144 2007.1/x86_64/gimp-python-2.3.14-3.1mdv2007.1.x86_64.rpm c16813e13a87f367e29336cf3e2e2cdc 2007.1/x86_64/lib64gimp2.0-devel-2.3.14-3.1mdv2007.1.x86_64.rpm fef1cea1d6c4938053b6844b22c359e4 2007.1/x86_64/lib64gimp2.0_0-2.3.14-3.1mdv2007.1.x86_64.rpm dbd612719f10a2b5f17766baf33994f6 2007.1/SRPMS/gimp-2.3.14-3.1mdv2007.1.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2356
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.