U radu programskog paketa GIMP, distribuiranog sa sustavom Fedora 18, uočene su dvije sigurnosne ranjivosti. Udaljenim napadačima omogućuju izvođenje DoS napada ili pokretanje proizvoljnog programskog koda.
Paket:
gimp 2.x
Operacijski sustavi:
Fedora 18
Kritičnost:
5.9
Problem:
cjelobrojno prepisivanje, pogreška u programskoj funkciji, pogreška u programskoj komponenti, preljev međuspremnika
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12293
2012-08-20 19:45:12
--------------------------------------------------------------------------------
Name : gimp
Product : Fedora 18
Version : 2.8.2
Release : 1.fc18
URL : http://www.gimp.org/
Summary : GNU Image Manipulation Program
Description :
GIMP (GNU Image Manipulation Program) is a powerful image composition and
editing program, which can be extremely useful for creating logos and other
graphics for webpages. GIMP has many of the tools and filters you would expect
to find in similar commercial offerings, and some interesting extras as well.
GIMP provides a large image manipulation toolbox, including channel operations
and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all
with multi-level undo.
--------------------------------------------------------------------------------
Update Information:
Among other things this update fixes security and stability issues in various
image format loaders. Security issues fixed include CVE-2012-3403 and
CVE-2012-3481.
Overview of Changes from GIMP 2.8.0 to GIMP 2.8.2
=================================================
Core:
- Make tag matching always case-insensitive
- Let the tile-cache-size default to half the physical memory
GUI:
- Mention that the image was exported in the close warning dialog
- Make sure popup windows appear on top on OSX
- Allow file opening by dropping to the OSX dock
- Fix the visibility logic of the export/overwrite menu items
- Remove all "Use GEGL" menu items, they only add bugs and zero function
- Improve performance of display filters, especially color management
- Fix the image window title to comply with the save/export spec
and use the same image name everywhere, not only in the title
- Fix positioning of pasted/dropped stuff to be more reasonable
Libgimp:
- Move gimpdir and thumbnails to proper locations on OSX
- Implement relocation on OSX
- Allow to use $(gimp_installation_dir) in config files
Plug-ins:
- Fix remembering of JPEG load/save defaults
- Revive the page setup dialog on Windows
Source and build system:
- Add Windows installer infrastructure
- Add infrastructure to build GIMP.app on OSX
General:
- Lots of bug fixes
- List of translation updates
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #839020 - CVE-2012-3403 gimp (CEL plug-in): heap buffer overflow
when loading external palette files
https://bugzilla.redhat.com/show_bug.cgi?id=839020
[ 2 ] Bug #847303 - CVE-2012-3481 Gimp (GIF plug-in): Heap-based buffer
overflow by loading certain GIF images
https://bugzilla.redhat.com/show_bug.cgi?id=847303
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gimp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke