Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2426-1: gimp security update

    Date
    118
    Posted By
    Several vulnerabilities have been identified in GIMP, the GNU Image Manipulation Program. CVE-2010-4540
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-2426-1                   securi[email protected]
    https://www.debian.org/security/                            Florian Weimer
    March 06, 2012                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : gimp
    Vulnerability  : several
    Problem type   : local
    Debian-specific: no
    CVE ID         : CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543
                     CVE-2011-1782 CVE-2011-2896
    
    Several vulnerabilities have been identified in GIMP, the GNU Image
    Manipulation Program.
    
    CVE-2010-4540
    	Stack-based buffer overflow in the load_preset_response
    	function in plug-ins/lighting/lighting-ui.c in the "LIGHTING
    	EFFECTS > LIGHT" plugin allows user-assisted remote attackers
    	to cause a denial of service (application crash) or possibly
    	execute arbitrary code via a long Position field in a plugin
    	configuration file.
    
    CVE-2010-4541
    	Stack-based buffer overflow in the loadit function in
    	plug-ins/common/sphere-designer.c in the SPHERE DESIGNER
    	plugin allows user-assisted remote attackers to cause a denial
    	of service (application crash) or possibly execute arbitrary
    	code via a long "Number of lights" field in a plugin
    	configuration file.
    
    CVE-2010-4542
    	Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb
    	function in in the GFIG plugin allows user-assisted remote
    	attackers to cause a denial of service (application crash) or
    	possibly execute arbitrary code via a long Foreground field in a
    	plugin configuration file.
    
    CVE-2010-4543
    	Heap-based buffer overflow in the read_channel_data function in
    	file-psp.c in the Paint Shop Pro (PSP) plugin allows remote
    	attackers to cause a denial of service (application crash) or
    	possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE
    	compression) image file that begins a long run count at the end
    	of the image.
    
    CVE-2011-1782
    	The correction for CVE-2010-4543 was incomplete.
    
    CVE-2011-2896
    	The LZW decompressor in the LZWReadByte function in
    	plug-ins/common/file-gif-load.c does not properly handle code
    	words that are absent from the decompression table when
    	encountered, which allows remote attackers to trigger an
    	infinite loop or a heap-based buffer overflow, and possibly
    	execute arbitrary code, via a crafted compressed stream.
    
    
    For the stable distribution (squeeze), these problems have been fixed in
    version 2.6.10-1+squeeze3.
    
    For the testing distribution (wheezy) and the unstable distribution
    (sid), these problems have been fixed in version 2.6.11-5.
    
    We recommend that you upgrade your gimp packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    Which statement best describes how you feel about the recent Linux 5.9 release?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/40-what-change-are-you-most-excited-about-in-linux-5-9?task=poll.vote&format=json
    40
    radio
    [{"id":"140","title":"Not a game-changer for me.","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"141","title":"I'm happy with the performance improvements it offers.","votes":"3","type":"x","order":"2","pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.