Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201209-23 ] GIMP: Multiple vulnerabilities
Date: Fri, 28 Sep 2012 11:49:08
Message-Id: 50658CD7.2010704@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201209-23
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: GIMP: Multiple vulnerabilities
9 Date: September 28, 2012
10 Bugs: #293127, #350915, #372975, #379289, #418425, #432582
11 ID: 201209-23
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in GIMP, the worst of which
19 allow execution of arbitrary code or Denial of Service.
20
21 Background
22 ==========
23
24 GIMP is the GNU Image Manipulation Program.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 media-gfx/gimp < 2.6.12-r2 >= 2.6.12-r2
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in GIMP. Please review
38 the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 A remote attacker could possibly execute arbitrary code with the
44 privileges of the process or cause a Denial of Service condition.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All GIMP users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.6.12-r2"
58
59 References
60 ==========
61
62 [ 1 ] CVE-2009-1570
63 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1570
64 [ 2 ] CVE-2009-3909
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3909
66 [ 3 ] CVE-2010-4540
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4540
68 [ 4 ] CVE-2010-4541
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4541
70 [ 5 ] CVE-2010-4542
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4542
72 [ 6 ] CVE-2010-4543
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4543
74 [ 7 ] CVE-2011-1178
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1178
76 [ 8 ] CVE-2011-2896
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2896
78 [ 9 ] CVE-2012-2763
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2763
80 [ 10 ] CVE-2012-3402
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3402
82
83 Availability
84 ============
85
86 This GLSA and any updates to it are available for viewing at
87 the Gentoo Security Website:
88
89 http://security.gentoo.org/glsa/glsa-201209-23.xml
90
91 Concerns?
92 =========
93
94 Security is a primary focus of Gentoo Linux and ensuring the
95 confidentiality and security of our users' machines is of utmost
96 importance to us. Any security concerns should be addressed to
97 security@g.o or alternatively, you may file a bug at
98 https://bugs.gentoo.org.
99
100 License
101 =======
102
103 Copyright 2012 Gentoo Foundation, Inc; referenced text
104 belongs to its owner(s).
105
106 The contents of this document are licensed under the
107 Creative Commons - Attribution / Share Alike license.
108
109 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups