Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora: Critical GIMP Security Update for Buffer Overflows

fedora
Calendar Grey February 27, 2018
Dist Fedora Esm H88
An important patch for GIMP tackles various memory corruption vulnerabilities in Fedora 26, promoting enhanced security.
Security fix for CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787 CVE-2017-17788 CVE-2017-17789

Summary

GIMP (GNU Image Manipulation Program) is a powerful image composition and

editing program, which can be extremely useful for creating logos and other

graphics for webpages. GIMP has many of the tools and filters you would expect

to find in similar commercial offerings, and some interesting extras as well.

GIMP provides a large image manipulation toolbox, including channel operations

and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all

with multi-level undo.

Security fix for CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787

CVE-2017-17788 CVE-2017-17789

[ 1 ] Bug #1529147 - CVE-2017-17785 gimp: Heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529147

[ 2 ] Bug #1529146 - CVE-2017-17789 gimp: Heap-based buffer overflow in read_channel_data function in plug-ins/common/file-psp.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529146

[ 3 ] Bug #1529145 - CVE-2017-17786 gimp: Heap-based buffer over-read in ReadImage function in plug-ins/common/file-tga.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529145

[ 4 ] Bug #1529144 - CVE-2017-17784 gimp: Heap-based buffer over-read in load_image function in plug-ins/common/file-gbr.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529144

[ 5 ] Bug #1529143 - CVE-2017-17787 gimp: Heap-based buffer over-read in read_creator_block function in plug-ins/common/file-psp.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529143

[ 6 ] Bug #1529141 - CVE-2017-17788 gimp: Stack-based buffer over-read in xcf_load_stream function in app/xcf/xcf.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529141

su -c 'dnf upgrade gimp' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory fedora update buffer overflow critical fix image editing gimp

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 26
Version: 2.8.22
Release: 3.fc26
URL: https://www.gimp.org/
Summary: GNU Image Manipulation Program

Topics%20covered

Topics Covered

security advisory fedora update buffer overflow critical fix image editing gimp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here