Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Ubuntu 11.04 USN-1147-1 Critical: GIMP Code Execution Threat

Calendar Jun 13, 2011 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical code execution ubuntu image processing gimp
GIMP could be made to run programs as your login if it opened a specially crafted file. 
=========================================================================Ubuntu Security Notice USN-1147-1
June 13, 2011

gimp vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

GIMP could be made to run programs as your login if it opened a
specially crafted file.

Software Description:
- gimp: The GNU Image Manipulation Program

Details:

Nils Philippsen discovered that GIMP incorrectly handled malformed PSP
image files. If a user were tricked into opening a specially crafted PSP
image file, an attacker could cause GIMP to crash, or possibly execute
arbitrary code with the user's privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  gimp                            2.6.11-1ubuntu6.1

Ubuntu 10.10:
  gimp                            2.6.10-1ubuntu3.3

Ubuntu 10.04 LTS:
  gimp                            2.6.8-2ubuntu1.3

After a standard system update you need to restart GIMP to make all the
necessary changes.

References:
  CVE-2011-1782

Package Information:
  https://launchpad.net/ubuntu/+source/gimp/2.6.11-1ubuntu6.1
  https://launchpad.net/ubuntu/+source/gimp/2.6.10-1ubuntu3.3
  https://launchpad.net/ubuntu/+source/gimp/2.6.8-2ubuntu1.3

Ubuntu 11.04 USN-1147-1 Critical: GIMP Code Execution Threat

ubuntu
Calendar Grey June 13, 2011
Dist Ubuntu Esm H88
GIMP flaw permits tailored file processing as user access; refer to USN-1147-1 issued on June 13, 2011 for further information.
GIMP could be made to run programs as your login if it opened a specially crafted file.

Summary

Topics%20covered

Topics Covered

security advisory critical code execution ubuntu image processing gimp

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: gimp 2.6.11-1ubuntu6.1 Ubuntu 10.10: gimp 2.6.10-1ubuntu3.3 Ubuntu 10.04 LTS: gimp 2.6.8-2ubuntu1.3 After a standard system update you need to restart GIMP to make all the necessary changes.

References

CVE-2011-1782

Severity
critical
Lowest
Low
Medium
High
Critical

June 13, 2011

Topics%20covered

Topics Covered

security advisory critical code execution ubuntu image processing gimp

Package Information

https://launchpad.net/ubuntu/+source/gimp/2.6.11-1ubuntu6.1 https://launchpad.net/ubuntu/+source/gimp/2.6.10-1ubuntu3.3 https://launchpad.net/ubuntu/+source/gimp/2.6.8-2ubuntu1.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here