Otkriveni nedostaci paketa gimp

Kod programskog paketa gimp uočeno je nekoliko nedostataka koje zlonamjerni korisnici mogu iskoristiti za izvođenje DoS napada, a moguće je i pokretanje proizvoljnog programskog koda.

Paket:	gimp 2.x
Operacijski sustavi:	openSUSE 11.4, openSUSE 12.1
Kritičnost:	5.9
Problem:	cjelobrojno prepisivanje
Iskorištavanje:	udaljeno
Posljedica:	proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2012-2763, CVE-2012-3236, CVE-2012-3403, CVE-2012-3481
Izvorni ID preporuke:	openSUSE-SU-2012:1080-1
Izvor:	SUSE

Problem:
Propusti su posljedica višestrukih cjelobrojnih prepisivanja u različitim dekoder plugin-ovima.
Posljedica:
Propuste je moguće iskoristiti za izvođenje napada uskraćivanjem usluge te izvršavanje proizvoljnog programskog koda.
Rješenje:
Korisnike se potiče na primjenu dostupnih zakrpi.

Izvorni tekst preporuke

   openSUSE Security Update: gimp to fix various issues
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:1080-1
Rating:             important
References:         #724628 #763595 #769565 #775433 
Cross-References:   CVE-2012-2763 CVE-2012-3236 CVE-2012-3403
                    CVE-2012-3481
Affected Products:
                    openSUSE 12.1
                    openSUSE 11.4
______________________________________________________________________________

   An update that fixes four vulnerabilities is now available.

Description:

   Multiple integer overflows in various decoder plug-ins of
   GIMP have been fixed.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.1:

      zypper in -t patch openSUSE-2012-543

   - openSUSE 11.4:

      zypper in -t patch openSUSE-2012-543

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.1 (i586 x86_64):

      gimp-2.6.11-28.26.1
      gimp-debuginfo-2.6.11-28.26.1
      gimp-debugsource-2.6.11-28.26.1
      gimp-devel-2.6.11-28.26.1
      gimp-devel-debuginfo-2.6.11-28.26.1
      gimp-help-browser-2.6.11-28.26.1
      gimp-help-browser-debuginfo-2.6.11-28.26.1
      gimp-plugins-python-2.6.11-28.26.1
      gimp-plugins-python-debuginfo-2.6.11-28.26.1
      libgimp-2_0-0-2.6.11-28.26.1
      libgimp-2_0-0-debuginfo-2.6.11-28.26.1
      libgimpui-2_0-0-2.6.11-28.26.1
      libgimpui-2_0-0-debuginfo-2.6.11-28.26.1

   - openSUSE 12.1 (x86_64):

      libgimp-2_0-0-32bit-2.6.11-28.26.1
      libgimp-2_0-0-debuginfo-32bit-2.6.11-28.26.1
      libgimpui-2_0-0-32bit-2.6.11-28.26.1
      libgimpui-2_0-0-debuginfo-32bit-2.6.11-28.26.1

   - openSUSE 12.1 (noarch):

      gimp-branding-upstream-2.6.11-28.26.1
      gimp-lang-2.6.11-28.26.1

   - openSUSE 12.1 (ia64):

      libgimp-2_0-0-debuginfo-x86-2.6.11-28.26.1
      libgimp-2_0-0-x86-2.6.11-28.26.1
      libgimpui-2_0-0-debuginfo-x86-2.6.11-28.26.1
      libgimpui-2_0-0-x86-2.6.11-28.26.1

   - openSUSE 11.4 (i586 x86_64):

      gimp-2.6.11-13.58.1
      gimp-branding-upstream-2.6.11-13.58.1
      gimp-debuginfo-2.6.11-13.58.1
      gimp-debugsource-2.6.11-13.58.1
      gimp-devel-2.6.11-13.58.1
      gimp-devel-debuginfo-2.6.11-13.58.1
      gimp-help-browser-2.6.11-13.58.1
      gimp-help-browser-debuginfo-2.6.11-13.58.1
      gimp-module-hal-2.6.11-13.58.1
      gimp-module-hal-debuginfo-2.6.11-13.58.1
      gimp-plugins-python-2.6.11-13.58.1
      gimp-plugins-python-debuginfo-2.6.11-13.58.1
      libgimp-2_0-0-2.6.11-13.58.1
      libgimp-2_0-0-debuginfo-2.6.11-13.58.1
      libgimpui-2_0-0-2.6.11-13.58.1
      libgimpui-2_0-0-debuginfo-2.6.11-13.58.1

   - openSUSE 11.4 (x86_64):

      libgimp-2_0-0-32bit-2.6.11-13.58.1
      libgimp-2_0-0-debuginfo-32bit-2.6.11-13.58.1
      libgimpui-2_0-0-32bit-2.6.11-13.58.1
      libgimpui-2_0-0-debuginfo-32bit-2.6.11-13.58.1

   - openSUSE 11.4 (noarch):

      gimp-lang-2.6.11-13.58.1

   - openSUSE 11.4 (ia64):

      libgimp-2_0-0-debuginfo-x86-2.6.11-13.58.1
      libgimp-2_0-0-x86-2.6.11-13.58.1
      libgimpui-2_0-0-debuginfo-x86-2.6.11-13.58.1
      libgimpui-2_0-0-x86-2.6.11-13.58.1


References:

   http://support.novell.com/security/cve/CVE-2012-2763.html
   http://support.novell.com/security/cve/CVE-2012-3236.html
   http://support.novell.com/security/cve/CVE-2012-3403.html
   http://support.novell.com/security/cve/CVE-2012-3481.html
   https://bugzilla.novell.com/724628
   https://bugzilla.novell.com/763595
   https://bugzilla.novell.com/769565
   https://bugzilla.novell.com/775433

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Otkriveni nedostaci paketa gimp

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Otkriveni nedostaci paketa gimp

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti