Bug 3564 - [UPDATE REQUEST] [UPSTREAM UPDATE] gimp
: [UPDATE REQUEST] [UPSTREAM UPDATE] gimp
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-13 14:30 MSK by Andrew Lukoshko
Modified: 2014-01-13 17:55 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2014-01-13 14:30:45 MSK
A stack-based buffer overflow flaw, a heap-based buffer overflow, and an integer overflow flaw were found in the way GIMP loaded certain X Window System (XWD) image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-5576, CVE-2013-1913, CVE-2013-1978)

https://rhn.redhat.com/errata/RHSA-2013-1778.html

https://abf.rosalinux.ru/build_lists/1513276
https://abf.rosalinux.ru/build_lists/1513277
Comment 1 Vladimir Potapov 2014-01-13 17:18:38 MSK
gimp-2.6.9-6.res6
*********************** RHEL Advisory *****************
A stack-based buffer overflow flaw, a heap-based buffer overflow, and an integer overflow flaw were found in the way GIMP loaded certain X Window System (XWD) image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-5576, CVE-2013-1913, CVE-2013-1978)
********************************************************
QA Verified