GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Mar 06, 2016 8:26 pm Post subject: [ glsa 201603-01 ] gimp |
 |
|
Gentoo Linux Security Advisory
Title: GIMP: Multiple vulnerabilities (GLSA 201603-01)
Severity: normal
Exploitable: remote
Date: March 06, 2016
Updated: May 04, 2016
Bug(s): #434582, #493372
ID: 201603-01
Synopsis
GIMP is vulnerable to multiple buffer overflows which could result
in the execution of arbitrary code or Denial of Service.
Background
GIMP is a cross-platform image editor available for GNU/Linux, OS X,
Windows and more operating systems.
Affected Packages
Package: media-gfx/gimp
Vulnerable: < 2.8.0
Unaffected: >= 2.8.0
Architectures: All supported architectures
Description
GIMP’s network server, scriptfu, is vulnerable to the remote execution
of arbitrary code via the python-fu-eval command due to not requiring
authentication. Additionally, the X Window Dump (XWD) plugin is
vulnerable to multiple buffer overflows possibly allowing the remote
execution of arbitrary code or Denial of Service. The XWD plugin is
vulnerable due to not validating large color entries.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process due or perform a Denial of Service.
Workaround
There is no known work around at this time.
Resolution
All GIMP users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.8.0"
|
References
CVE-2012-4245
CVE-2013-1913
CVE-2013-1978
Last edited by GLSA on Sun May 15, 2016 4:17 am; edited 2 times in total |
|
News & Announcements
