Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Gimp vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Sean Larsson discovered multiple integer overflows in Gimp. By tricking a user into opening a specially crafted DICOM, PNM, PSD, PSP, RAS, XBM, or XWD image, a remote attacker could exploit this to execute arbitrary code with the user's privileges.
Ubuntu Security Notice USN-494-1            August 02, 2007
gimp vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  gimp                                     2.2.11-1ubuntu3.4

Ubuntu 6.10:
  gimp                                     2.2.13-1ubuntu3.3

Ubuntu 7.04:
  gimp                                     2.2.13-1ubuntu4.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Sean Larsson discovered multiple integer overflows in Gimp.  By tricking
a user into opening a specially crafted DICOM, PNM, PSD, PSP, RAS, XBM,
or XWD image, a remote attacker could exploit this to execute arbitrary
code with the user's privileges.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    40714 e96cfd660a58bc8288c988b969157d6b
      Size/MD5:     1264 d450d6ab08bf1c072d311ba71072791f
      Size/MD5: 18549092 c4312189e3a7f869a26874854dc6a1d7

  Architecture independent packages:
      Size/MD5:  2093694 d16fb4c13ac33029dff5dc32e8e552d4
      Size/MD5:   527776 d895ca836319b95386904d8efda512a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  8475322 63ec56235fad14ab72ab96679b944f05
      Size/MD5:    53378 fc4a117ee1bc83bd27eb56297a6fa0dd
      Size/MD5:   133776 e50ab7750e11e7e4c9e1919f3b484005
      Size/MD5:    53436 efd05f053cf35f1049d53d6c0963047b
      Size/MD5:  3149614 f4229dd88a78787d8e373bce18105215
      Size/MD5:   108984 0b1336e1ac4e2211eac44fb4c129b1f2
      Size/MD5:   453724 aaafa0232a9a42c46bf1461dafd7b86d

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  7197820 1b987d4594f0f45a0ac668e9640f632e
      Size/MD5:    52076 2a708b944d8e2aeaecdb756b676e8cb8
      Size/MD5:   126150 73cd34003a262b96510a8af3b4b4aac3
      Size/MD5:    52504 897af1ccc8ae7d8755e8d4660f017af1
      Size/MD5:  2779336 35c21e1c52949d6ce5c92b76ef38f7f1
      Size/MD5:   109000 20b2c8c342dd911a05d5e0a3873a2e68
      Size/MD5:   410586 ca461595eae44fd4baee26785940b423

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  8507148 ca9c4f366ce537ed55b720a89c029ea4
      Size/MD5:    53842 94fccb99502f4997be925b12d63acf16
      Size/MD5:   129688 fe89075ba197890ff94407c1cdbb04b1
      Size/MD5:    54504 1d1cb56601efa23820e4769e87b023bf
      Size/MD5:  3229686 d02a45ac4edb2f05a104b2c77f6c3223
      Size/MD5:   109008 aaa4cb1499002f20efe288a19ffd64f6
      Size/MD5:   445156 aba29dfcc4b9929cd8209c60ae4223d9

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:  7495724 d64eb97a23b92f802f6f14c9dd53d424
      Size/MD5:    52228 74944a4b65d98b6da67fccfa510ecaa3
      Size/MD5:   127460 bf1fd8971a3541ecaa039d36ab65954d
      Size/MD5:    52692 816d5bd5cb762429d6b7535efebd77df
      Size/MD5:  2822954 861508dda7aeb030abc3d61b6f5e1de7
      Size/MD5:   109012 5414a692b0ad167fa9029b51b92bba08
      Size/MD5:   429062 0d5cd39f28a0500f8751a269e97363f8

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:    37218 30fa96ec8818a17273572ac7f68e6a04
      Size/MD5:     1276 565cdf503fd883d8d08989a8f551ecc3
      Size/MD5: 18816434 20c3cd6b730c11da4d70671ed047f803

  Architecture independent packages:
      Size/MD5:  2105122 4e2fa9213d2eddc2e3472f81b1062ed9
      Size/MD5:   556804 6bd4bd9ea06f1f118a0f006f132185f0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  8429844 f7f3b67aed982009fb488cf5c415afb0
      Size/MD5:    65436 bd5b465c36a97d143aa7d4d562dcc0a6
      Size/MD5:   146194 590332f3b3cbc3edad9025d911c65917
      Size/MD5:    65682 2c4355b46c388f2171cc100c7f69744c
      Size/MD5:  3227262 c7bd58fff4e374ed89a574e5cd7d2842
      Size/MD5:   119978 c6fef6b3e4f9bb576684a197f9998974
      Size/MD5:   467154 2f435ca0a12bbb12a49ede229a6fce24

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  7735134 ecd4d497c1e0d596d2fa772f8e639b24
      Size/MD5:    64416 dc4d06fafb5a59627ae764c520963632
      Size/MD5:   139986 7a94f5435890d76efb76afbfb0c6ff25
      Size/MD5:    64712 90bde79e99c8eeedec8a0ab45667e6ca
      Size/MD5:  2961882 c0b6dcf6538b5ac86f9d125f9dd203b7
      Size/MD5:   119992 06d53e7b9e7d0a30ccb2aa8813826096
      Size/MD5:   434618 75b211153c355592955b38d21c5220af

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  8626876 333d0666fbd892d3f1738fbe14da9c47
      Size/MD5:    65890 9adec551deb8de1935b68549ab9c3791
      Size/MD5:   142454 fbc0d591472e294655651fa807e57553
      Size/MD5:    66524 3d00c54e0b92bb521f4157500d7f7fb0
      Size/MD5:  3333888 a708499f06c57056f7b5ae651fceda12
      Size/MD5:   119994 c9b345c690051ed7efeb806574581d42
      Size/MD5:   460444 2d2699e7c0e86b92d0236c71832bf899

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:  7822108 cf608fc53706c60a8260c66a36e6ad28
      Size/MD5:    64300 854ff8a7d2635398edb7c7ae459f9bb9
      Size/MD5:   140090 c48e6e79544c182bbe1fc303a94eeb76
      Size/MD5:    64816 a8a5e932b0370d45f71edd78be76fa74
      Size/MD5:  2916898 5209249169b8c146d34023b8df3d3070
      Size/MD5:   119992 ddf0fdb8f18ae4410fc23152b72da2d4
      Size/MD5:   442072 2f9fd937bac1b6a27ab12c30d5e5def0

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:    37327 30a6e5192d93d10c893bb7225d9d419d
      Size/MD5:     1360 8d8f41ad1544cf07929f64d707393555
      Size/MD5: 18816434 20c3cd6b730c11da4d70671ed047f803

  Architecture independent packages:
      Size/MD5:  2105164 cf95796e377bf56b47463f23c4c61949
      Size/MD5:   556852 95f5dc92da9e00ffef1a68bdf144901a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  8447654 e03d8452b4dc2683576cb446b066108d
      Size/MD5:    65582 f3cc1c311b7287f5dc6a923b92208553
      Size/MD5:   146060 d02578ce45a27476457d19b13eb17f9f
      Size/MD5:    65830 7591c7b7d3ccb439cb324f54d2580f45
      Size/MD5:  3243518 c203ec15570ab2fe7dd97764e2e94a7a
      Size/MD5:   120088 95903f7a43680da53404664e7ca3e50b
      Size/MD5:   473860 5a4beaea2dcaed31ca6f887af98b7ea6

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  7739436 cdebe9769c87b14587e27d80d19c8070
      Size/MD5:    64574 81e350bc6db9c2c343f968b9154e5d26
      Size/MD5:   140008 b16c57dd4eea636dd55e019837d897fe
      Size/MD5:    64892 a721fd8ba8243e26c6a6c51f6628f2a3
      Size/MD5:  2970832 a13ebcdc84528ef1ad68d043daad7f68
      Size/MD5:   120064 9d5921414d712e836b82105c9ded0c41
      Size/MD5:   441274 b02ee7097a4554433ba3ea81400b9666

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  8636488 8f46fb5aeb54e5fd64f76a7d6c3386ad
      Size/MD5:    68832 40e8498b023b28eaec0ba6efd10d73cf
      Size/MD5:   146312 bdb88ff597b4ffb37d9cbf87be43da81
      Size/MD5:    69446 0c07d53b90be388295e0e4e2e8c40983
      Size/MD5:  3630398 5f9d2b8ad002bad7880dca7dd0c24f6e
      Size/MD5:   120068 9549d79c33480f047a686fe69a866a5f
      Size/MD5:   491346 9742b67190d3042704ac1e26e7b72d35

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:  7839368 45b55e3efe27d353994576fb233a7227
      Size/MD5:    65240 7055ad252983715abdf1bdb626b51741
      Size/MD5:   140140 d460fbc79dd073306b7a430bb6bf9996
      Size/MD5:    65744 8640ba27ca107016aa36c8b42fcba581
      Size/MD5:  3020190 c1ee9867ce308e43538079c44c32c6ca
      Size/MD5:   120070 7c5d526dbd97a440b5f6a643574e225d
      Size/MD5:   449276 85102704598c1650aad8e0f2b8911353

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.6 (GNU/Linux)



--==============65092211715678589=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

ubuntu-security-announce mailing list
Modify settings or unsubscribe at:

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.