Scientific Linux: SLSA-2016:2589-2 Moderate: gimp Use-After-Free Fix

Date: Wed, 14 Dec 2016 18:07:48 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Scott Reid 
Subject: Security ERRATA Moderate: gimp on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20161214180748.15410.39806@slpackages.fnal.gov>

Synopsis: Moderate: gimp security, bug fix, and enhancement update
Advisory ID: SLSA-2016:2589-2
Issue Date: 2016-11-03
CVE Numbers: CVE-2016-4994
--

The following packages have been upgraded to a newer upstream version:
gimp (2.8.16), gimp-help (2.8.2).

Security Fix(es):

* Multiple use-after-free vulnerabilities were found in GIMP in the
channel and layer properties parsing process when loading XCF files. An
attacker could create a specially crafted XCF file which could cause GIMP
to crash. (CVE-2016-4994)

Additional Changes:
--

SL7
 x86_64
 gimp-2.8.16-3.el7.x86_64.rpm
 gimp-debuginfo-2.8.16-3.el7.i686.rpm
 gimp-debuginfo-2.8.16-3.el7.x86_64.rpm
 gimp-libs-2.8.16-3.el7.i686.rpm
 gimp-libs-2.8.16-3.el7.x86_64.rpm
 gimp-devel-2.8.16-3.el7.i686.rpm
 gimp-devel-2.8.16-3.el7.x86_64.rpm
 gimp-devel-tools-2.8.16-3.el7.x86_64.rpm
 noarch
 gimp-help-2.8.2-1.el7.noarch.rpm
 gimp-help-ca-2.8.2-1.el7.noarch.rpm
 gimp-help-da-2.8.2-1.el7.noarch.rpm
 gimp-help-de-2.8.2-1.el7.noarch.rpm
 gimp-help-el-2.8.2-1.el7.noarch.rpm
 gimp-help-en_GB-2.8.2-1.el7.noarch.rpm
 gimp-help-es-2.8.2-1.el7.noarch.rpm
 gimp-help-fr-2.8.2-1.el7.noarch.rpm
 gimp-help-it-2.8.2-1.el7.noarch.rpm
 gimp-help-ja-2.8.2-1.el7.noarch.rpm
 gimp-help-ko-2.8.2-1.el7.noarch.rpm
 gimp-help-nl-2.8.2-1.el7.noarch.rpm
 gimp-help-nn-2.8.2-1.el7.noarch.rpm
 gimp-help-pt_BR-2.8.2-1.el7.noarch.rpm
 gimp-help-ru-2.8.2-1.el7.noarch.rpm
 gimp-help-sl-2.8.2-1.el7.noarch.rpm
 gimp-help-sv-2.8.2-1.el7.noarch.rpm
 gimp-help-zh_CN-2.8.2-1.el7.noarch.rpm

- Scientific Linux Development Team