Mageia Bugzilla – Bug 11873
gimp new security issues CVE-2013-1913 and CVE-2013-1978
Last modified: 2013-12-06 23:04:55 CET
RedHat has issued an advisory on December 3:
We already fixed CVE-2012-5576 in Bug 8326.
Patched packages for the other CVEs uploaded for Mageia 3 and Cauldron.
Updated gimp packages fix security vulnerabilities:
An integer overflow flaw and a heap-based buffer overflow were found in the way
GIMP loaded certain X Window System (XWD) image dump files. A remote attacker
could provide a specially crafted XWD image file that, when processed, would
cause the XWD plug-in to crash or, potentially, execute arbitrary code with the
privileges of the user running the GIMP (CVE-2013-1913, CVE-2013-1978).
Updated packages in core/updates_testing:
Steps to Reproduce:
Advisory 11873.adv committed to svn.
No poc provided in the bug report, so just need to confirm the updated
version runs without any obvious regressions.
Testing complete on Mageia 3 i586 and x86_64. Validating the update.
Someone from the sysadmin team please push 11873.adv to updates.