Debian: New gimp packages fix arbitrary code execution

    Date21 Jul 2006
    CategoryDebian
    3234
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1116-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    July 21st, 2006                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : gimp
    Vulnerability  : buffer overflow
    Problem-Type   : local(remote)
    Debian-specific: no
    CVE ID         : CVE-2006-3404
    Debian Bug     : 377049
    
    Henning Makholm discovered a buffer overflow in the XCF loading code
    of Gimp, an image editing program. Opening a specially crafted XCF
    image might cause the application to execute arbitrary code.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 2.2.6-1sarge1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 2.2.11-3.1.
    
    We recommend that you upgrade your gimp package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1.dsc
          Size/MD5 checksum:     1089 979559b33614105fa58413378d7c204b
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1.diff.gz
          Size/MD5 checksum:    26122 c56e7ce33568fa577bb965d91a5c9e1c
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6.orig.tar.gz
          Size/MD5 checksum: 20496404 a6450200858c59bb46ace6987f1fc6ee
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/g/gimp/gimp-data_2.2.6-1sarge1_all.deb
          Size/MD5 checksum:  6276584 013c82da61ca8f0c34e7b02995f9a2dc
        http://security.debian.org/pool/updates/main/g/gimp/gimp1.2_2.2.6-1sarge1_all.deb
          Size/MD5 checksum:    31674 f5bf9b1c4d272b6d6a293da92ff1b4cc
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-doc_2.2.6-1sarge1_all.deb
          Size/MD5 checksum:   514958 5dcc11d084fd4e79e055493205cded03
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_alpha.deb
          Size/MD5 checksum:  3872520 f14c5800c1bb4da15eef57a6c9122c61
        http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_alpha.deb
          Size/MD5 checksum:    44970 2476f295f24498674678c8f21b35f26f
        http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_alpha.deb
          Size/MD5 checksum:   126646 244ae4e14a57803e0e04eed254ee845b
        http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_alpha.deb
          Size/MD5 checksum:    44794 5cc2a15a835d6649bbebdd068beaf5d3
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_alpha.deb
          Size/MD5 checksum:   576492 bf73a2b8130cc7a945cdcccb0546ce0b
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_alpha.deb
          Size/MD5 checksum:    98262 7ff13a929c089f127fd29836f780dd38
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_amd64.deb
          Size/MD5 checksum:  3266104 17d46a5010fb7451f6dfbd783caf73e6
        http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_amd64.deb
          Size/MD5 checksum:    43722 0956d860d60ff4394ca0c9b9aac2957f
        http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_amd64.deb
          Size/MD5 checksum:   122012 61a1ca703333bfad94692943c0e6ba86
        http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_amd64.deb
          Size/MD5 checksum:    43464 496e21eff61fedf892eb2f8a52e92857
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_amd64.deb
          Size/MD5 checksum:   543840 224ea85332d7e525aafa14cb1a639614
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_amd64.deb
          Size/MD5 checksum:    98234 a9f687bb252e9adbc91f81b67e42d3d9
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_arm.deb
          Size/MD5 checksum:  2938416 b0901f13d679d1bb41e91c56f22c41d8
        http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_arm.deb
          Size/MD5 checksum:    41934 042f39449706ba1362676520935d98a0
        http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_arm.deb
          Size/MD5 checksum:   114028 d3adb0e677eee5f8484674f1ec29ef11
        http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_arm.deb
          Size/MD5 checksum:    42280 2300ed4a4de2537e30ad4f4df2cf540d
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_arm.deb
          Size/MD5 checksum:   507710 0592a4510f85ebb8c03e74cb2d410d95
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_arm.deb
          Size/MD5 checksum:    98332 57de081bea0749832e5c82e6cbdb28e9
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_i386.deb
          Size/MD5 checksum:  3087556 d4a3d583f932d75e1c49f72a32e9de56
        http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_i386.deb
          Size/MD5 checksum:    42692 35dedb9373d46897709de62a6ba56f22
        http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_i386.deb
          Size/MD5 checksum:   117012 0a76a982e406a236658882f2dabdf464
        http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_i386.deb
          Size/MD5 checksum:    43238 4e585d74f341874b8a31aad60d246caf
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_i386.deb
          Size/MD5 checksum:   521758 bc33f00f99995ffd91ff9bb84c83c4c1
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_i386.deb
          Size/MD5 checksum:    98248 a7d5db0fdf8401bdaef4a9266db6c705
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_ia64.deb
          Size/MD5 checksum:  4581614 af2d82f8c7d4373286f6872709d8bca4
        http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_ia64.deb
          Size/MD5 checksum:    46600 9186a0e6efb81e461d725fa761694f07
        http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_ia64.deb
          Size/MD5 checksum:   135808 7fa53fef4e3772b8f3087e9c5e37e5a0
        http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_ia64.deb
          Size/MD5 checksum:    46852 24434b0212a6792901bc9e2fbbd2bb1f
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_ia64.deb
          Size/MD5 checksum:   632324 c4335842b443c43c0dbe68797264d943
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_ia64.deb
          Size/MD5 checksum:    98240 f07c6a9cd8f7941ff7fd4a93589f7973
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_hppa.deb
          Size/MD5 checksum:  3468190 e9a04a87c97ee78815a3e332dbcccff8
        http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_hppa.deb
          Size/MD5 checksum:    43394 fed2f6e699416c5a03c1d3a130554418
        http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_hppa.deb
          Size/MD5 checksum:   125686 19e8ee051e193546d55788c7b3fb1e7d
        http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_hppa.deb
          Size/MD5 checksum:    43720 b4c52c60b267751689bc57fe7f1e3ded
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_hppa.deb
          Size/MD5 checksum:   583078 bda2acb1a3b23edcd435730ea9c6cd0c
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_hppa.deb
          Size/MD5 checksum:    98302 618bf48bcfe82ee886ad1ec2c9da8746
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_m68k.deb
          Size/MD5 checksum:  2697910 e90af18d0136fbf8d60e2089bac3dbc0
        http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_m68k.deb
          Size/MD5 checksum:    42302 6cffc71d58aa261293428323840eadfa
        http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_m68k.deb
          Size/MD5 checksum:   118392 e533fe00cf69d53713fea16f7c3c351b
        http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_m68k.deb
          Size/MD5 checksum:    42140 b77201f3a42f7be876c13ce803833891
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_m68k.deb
          Size/MD5 checksum:   520078 29e62d2417f9d4bd266e81a65e4d5201
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_m68k.deb
          Size/MD5 checksum:    98478 fe3705144e976a25c49330f2d0f958ab
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_mips.deb
          Size/MD5 checksum:  3448914 3236ee1f78e5d6a30cece944ea1c149e
        http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_mips.deb
          Size/MD5 checksum:    42690 e3a903955904332f1d6e14341de5c55d
        http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_mips.deb
          Size/MD5 checksum:   116280 4e4425ac5ccf0f7923aaa33817f4d3a9
        http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_mips.deb
          Size/MD5 checksum:    42960 8b6f4e92ed5b881e74fca99c4eac478f
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_mips.deb
          Size/MD5 checksum:   524600 978e3ab35f44bd1e516ded87d0fa1a11
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_mips.deb
          Size/MD5 checksum:    98256 b34836f926dea9bc7855c4fec1313db2
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_mipsel.deb
          Size/MD5 checksum:  3445558 fa88e0923517217e1ebc47dcc9e13e91
        http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_mipsel.deb
          Size/MD5 checksum:    42626 7df6dd0e0bcf0fd800b603ff62b088e4
        http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_mipsel.deb
          Size/MD5 checksum:   115598 f5e2fa780ab32a0e8d192209f42cf22c
        http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_mipsel.deb
          Size/MD5 checksum:    42882 8f2c5ead0311336fe8f9d5f73840bd66
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_mipsel.deb
          Size/MD5 checksum:   522138 172dad30e71dacab1aaedfbe2b9ab404
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_mipsel.deb
          Size/MD5 checksum:    98268 b7ad697195e7a622d584caef468bf24b
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_powerpc.deb
          Size/MD5 checksum:  3341118 c3bd01a81f343030030f7285fd35a9a2
        http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_powerpc.deb
          Size/MD5 checksum:    43938 66f8bf50052e465ab6306c0f93441fc1
        http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_powerpc.deb
          Size/MD5 checksum:   118214 7b22438747c7d7eb3ff1112607f36942
        http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_powerpc.deb
          Size/MD5 checksum:    44314 1452917365ca44d0849fd8783d5dc2b9
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_powerpc.deb
          Size/MD5 checksum:   539510 17896bbe9f778c125eed47e96f2582b0
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_powerpc.deb
          Size/MD5 checksum:    98282 c0c35190756c7bc71306d9e32e20770e
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_s390.deb
          Size/MD5 checksum:  3134704 5e3ee587e3af969dbe6b2acf8add98a6
        http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_s390.deb
          Size/MD5 checksum:    43896 17adcff9df203fcee2a2eccb4a7a78f6
        http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_s390.deb
          Size/MD5 checksum:   123904 b0f18ce58f5eb93fa64033b82b64f192
        http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_s390.deb
          Size/MD5 checksum:    43512 5ec341436fcf87c883a7bdff50eba154
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_s390.deb
          Size/MD5 checksum:   555508 eb2c9b65d19b333113a216499ca5b429
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_s390.deb
          Size/MD5 checksum:    98226 1883143a487595484af2def276b08017
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_sparc.deb
          Size/MD5 checksum:  2929592 ab276607e00e8159b855d2d3ddbd7f49
        http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_sparc.deb
          Size/MD5 checksum:    42236 0a2217eeb70903e12052b4111aac2c1d
        http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_sparc.deb
          Size/MD5 checksum:   116426 3eac44e9e3e28330e075385b1197a984
        http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_sparc.deb
          Size/MD5 checksum:    42440 464fe9823e9544cce55688ed1840bd38
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_sparc.deb
          Size/MD5 checksum:   527522 ea220cad0822aaf7f580c0ad76f44cb2
        http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_sparc.deb
          Size/MD5 checksum:    98290 b543cfe8b332246e3e33c4d785fa8957
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":56.1,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.2,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":31.71,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.