Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Slackware 14.0-14.2 SSA:2016-203-01 Critical GIMP DoS Advisory

slackware
Calendar Grey July 21, 2016
Dist Slackware Esm H88
GIMP bundles for Slackware receive an upgrade to mitigate a vulnerability related to remote code execution threats associated with XCF file formats.
New gimp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/gimp-2.8.18-i586-1_slack14.2.txz: Upgraded. This release fixes a security issue: Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file. For more information, see: https://www.cve.org/CVERecord?id=CVE-2016-4994 (* Security fix *)

Topics%20covered

Topics Covered

security advisory denial of service security issue critical software update slackware gimp

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gimp-2.8.18-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gimp-2.8.18-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gimp-2.8.18-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/gimp-2.8.18-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gimp-2.8.18-i586-1_slack14.2.txz
Updated package for Slackware x86_64...

Read the Full Advisory

MD5 Signatures

Slackware 14.0 package: 36cb0b80c948b3012ee5e2130186cc7f gimp-2.8.18-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 180c06dbd99264d71608cf8bb080fdfa gimp-2.8.18-x86_64-1_slack14.0.txz
Slackware 14.1 package: 453923367e46e220f712832cc7dbeaef gimp-2.8.18-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 07f00caa7ff13ef6d0bb0cdc6ae94911 gimp-2.8.18-x86_64-1_slack14.1.txz
Slackware 14.2 package: 099fd28f2dadb1234e4e2ba7285e3477 gimp-2.8.18-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 1446172cd7c363ca66edd2f7053f54bd gimp-2.8.18-x86_64-1_slack14.2.txz
Slackware -current package: 5e987d454c571fae7d78d4ecce595d3f xap/gimp-2.8.18-i586-1.txz
Slackware x86_64 -current package: f9418d356da32a50dbd1029125abb422 xap/gimp-2.8.18-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory denial of service security issue critical software update slackware gimp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg gimp-2.8.18-i586-1_slack14.2.txz

Related News

Your message here