Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Gimp vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Stefan Cornelius discovered that Gimp could miscalculate the size of heap buffers when processing PSD images. By tricking a user into opening a specially crafted PSD file with Gimp, an attacker could exploit this to execute arbitrary code with the user's privileges.
Ubuntu Security Notice USN-480-1              July 04, 2007
gimp vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  gimp                                     2.2.11-1ubuntu3.3

Ubuntu 6.10:
  gimp                                     2.2.13-1ubuntu3.2

Ubuntu 7.04:
  gimp                                     2.2.13-1ubuntu4.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Stefan Cornelius discovered that Gimp could miscalculate the size of heap
buffers when processing PSD images.  By tricking a user into opening a
specially crafted PSD file with Gimp, an attacker could exploit this to
execute arbitrary code with the user's privileges.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    34697 5e4618f2df99489b5329fe3eaac1a14e
      Size/MD5:     1264 f694f866d0fcc945d6bdeb39caf417d2
      Size/MD5: 18549092 c4312189e3a7f869a26874854dc6a1d7

  Architecture independent packages:
      Size/MD5:  2093646 c22b5b1f08abad78116b0e2390a4248c
      Size/MD5:   527636 723993918c6441a319e6fab7f23cf2d2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  8473614 8341df8c6dbf6cdeb2d0151ec7c317fd
      Size/MD5:    53300 1d1a6d2dedf177abc191845f408d1c48
      Size/MD5:   133682 6fa4416caecfc1fbc4ad5cf2de0d27ac
      Size/MD5:    53358 b4cc98c90cabf637a8ac754f4eeb497f
      Size/MD5:  3148298 80b4ca2df5d73a49290f654b4c2ae207
      Size/MD5:   108934 2d4f5dd440e13d1c98653c6bc2b279e3
      Size/MD5:   453644 20357a4742e5affd82c06410bdf87306

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  7197410 cbd1d9a3261124b02cd36bc8dacf4752
      Size/MD5:    51992 e3bd2a1f092b29707fd4f01c20f4a263
      Size/MD5:   126072 0b44a5031e3d76273ab787afe695d66c
      Size/MD5:    52428 052f5406f4f3ea2b3fa2e4fdead4d6ed
      Size/MD5:  2778040 987110c37fad91d0789282d27143fd56
      Size/MD5:   108920 060899e511d0e9fd5b06cc9ef894b19e
      Size/MD5:   410510 58c11f2802be1f1fc2352a91d0d4ca38

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  8506818 e1c01b45615aa371b2de948516e4a353
      Size/MD5:    53764 bcabb4fb0aff11bfc3b203dc1da4aeac
      Size/MD5:   129592 283e1a4a804c5bbaccf942bcf1667e61
      Size/MD5:    54414 d6d4319437fbdaa3007d5bb44bf86591
      Size/MD5:  3229284 7d92ee31f38e3775f5ae5b666d119ac4
      Size/MD5:   108956 1789be4e3d09af0b3afe17fe1d83b6b3
      Size/MD5:   445070 b217e258c69b2dd01815123fd7d5603e

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:  7493926 08201cfd46cbd6cf512e13187b3577e9
      Size/MD5:    52156 1cc0ecd522a299bbd10d6c4d4e098238
      Size/MD5:   127378 ce1c08f2ecb95120956d2f0ba24393f3
      Size/MD5:    52624 d17e2063823f85fcef47640e9dc06d4b
      Size/MD5:  2821660 647e366e8bd0ae87025f1cf07d9b5d85
      Size/MD5:   108920 36b20df7ca99c639e66e86499e79a823
      Size/MD5:   428956 169aa45233bb078bc35962732f5a19db

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:    30556 ac92ff277574576dc3cacbe53c276163
      Size/MD5:     1276 2d9893246848d09d71aec7fbfe798a46
      Size/MD5: 18816434 20c3cd6b730c11da4d70671ed047f803

  Architecture independent packages:
      Size/MD5:  2105032 c83223f87b66cc4fff2d97d30ad50c1d
      Size/MD5:   556686 ce8d4a0f5ff825161eb5b170e6faa07b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  8425954 d63a25bb3cd01146f14969f2220ae36b
      Size/MD5:    65346 a9bf0fbb79f2516bd130ba824017c8a1
      Size/MD5:   146110 6543f3fd33ecd82bcb334591040c7408
      Size/MD5:    65584 7c319e4988bdd996ac0828aed17ac768
      Size/MD5:  3226316 9c19ed8ab180f8d7610252e74be8d90c
      Size/MD5:   119872 33f136166da7d85ec7dd25a914c0bea2
      Size/MD5:   467064 936278e7cfe77ae37d193ab9db17f9d2

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  7732276 4d43a51ed23fc5c60be15e2399eff8a8
      Size/MD5:    64320 4e2db03e95ff0c6629ca0e4b9366ae4a
      Size/MD5:   139898 9ddca4b8ed2a5429d2126756f391c1b7
      Size/MD5:    64612 e79a95963144005251771ffdc9996a61
      Size/MD5:  2961158 7edc7006cca4337113e591bb50cecfbe
      Size/MD5:   119886 237f7dde997a8dff8ff190e5dde644e1
      Size/MD5:   434526 6760c041fc10a755634f637b8edad40a

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  8625200 b14d21957914b06afa09cfd06569ca43
      Size/MD5:    65796 b67c43aba6c3260c16d4379cda4ac1a2
      Size/MD5:   142366 e15b677c2cccdb7b5e9b2647141d4f8a
      Size/MD5:    66402 c76840dfb2bdfea8500fc31b87db6332
      Size/MD5:  3332880 72794278288db5ec215ed4d3bed38250
      Size/MD5:   119910 c94591e5cdc838ef49f221af706ea14c
      Size/MD5:   460352 ee1d41dc8e9660a71e21958b76cb4ae6

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:  7819080 1485007d30db0831477d6602ea5a84e7
      Size/MD5:    64202 f31fbdf3092fdec0011df59a591bd588
      Size/MD5:   139992 a0e9e0d5aceba6b324f60139bb81c097
      Size/MD5:    64722 f7f53e96dd4963f267d4683404f39eb2
      Size/MD5:  2915400 4185b6b79ac0efa91e72592154c7047b
      Size/MD5:   119892 16abfe121e3ffea933d43103b804f50e
      Size/MD5:   441974 9c1834fc9ab6d84603040a0cfd89ddc3

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:    30654 9bc8455a0eb5a73e6f60b9b8bdbbfda5
      Size/MD5:     1360 77fc2fe02d67b43c468eadbc3dac908a
      Size/MD5: 18816434 20c3cd6b730c11da4d70671ed047f803

  Architecture independent packages:
      Size/MD5:  2105044 8ecb5b149ccabaa42c971b92119ec418
      Size/MD5:   556746 c3dc46d6f48ef382303998a3b4552621

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  8443842 d99eb8edc9e2dadb302a64557039cfb8
      Size/MD5:    65500 ce0a3fef81dde472cdec5b89c21e7426
      Size/MD5:   145954 c9446039956dfece2c07846cc1647190
      Size/MD5:    65746 36823b1301d33c58ed9f8651407a1df2
      Size/MD5:  3241020 2673a312973116c786645ba707ce0abc
      Size/MD5:   119984 c50d05e85f09bb85d2e6432d70aa1e7e
      Size/MD5:   473768 3b3fa199c414afd5302efd0b6a075816

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  7738622 231964ed23afc2b94c32aca185fc8f13
      Size/MD5:    64474 964745594be18e39c0670030b5a65917
      Size/MD5:   139924 addc9b3fef097a6a582ac79fc6a4f9c3
      Size/MD5:    64802 7f53cb5d14d02e9c75903187eafeb49a
      Size/MD5:  2968946 e55782acb574f6c3057bc14a708aea40
      Size/MD5:   119964 8d7c245d7a605be411a6008cc6fa7b41
      Size/MD5:   441168 cb773380abe58f5c8eafd28ca7c1b469

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  8633970 2f78a9f4571029747feae6204b79b7ce
      Size/MD5:    68734 e39836b2b69363216d79b0e5a060c9d5
      Size/MD5:   146212 9ee0e5d188d84532c28167962166b47a
      Size/MD5:    69362 808f3c0e89984cdaa731e35bb74e8e23
      Size/MD5:  3627986 59faf93a2e046c6342e6872cc044e00d
      Size/MD5:   119988 3a3c894c463cffcba39792b9a881732a
      Size/MD5:   491264 24f70a92bbdd996036cec2978e70249b

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:  7838012 c23e1ec30bb7fee7815180663c3eafd6
      Size/MD5:    65152 27bb1368281c4a6d72eb1da98f0bec35
      Size/MD5:   140036 58a8d281a3852405f86bad4727609700
      Size/MD5:    65658 c78b7ebd4b119c805652a586191ca2f2
      Size/MD5:  3018588 e8d34afd2b1f1780be757fd46fe242ec
      Size/MD5:   119970 3c2844094811a9023908f9ce6bcfc2ed
      Size/MD5:   449178 38609306108bce832c89fc63f8dfab02

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.