RedHat has issued an advisory today (August 20): https://rhn.redhat.com/errata/RHSA-2012-1180.html Patched packages uploaded for Mageia 1, Mageia 2, and Cauldron. CVE-2011-2896 was previously fixed in Bug 3096. Advisory: ======================== Updated gimp packages fix security vulnerabilities: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP (CVE-2012-3481). A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP (CVE-2012-3403). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3481 https://rhn.redhat.com/errata/RHSA-2012-1180.html ======================== Updated packages in core/updates_testing: ======================== gimp-2.6.11-7.2.mga1 libgimp2.0-devel-2.6.11-7.2.mga1 libgimp2.0_0-2.6.11-7.2.mga1 gimp-python-2.6.11-7.2.mga1 gimp-2.8.0-1.1.mga2. libgimp2.0-devel-2.8.0-1.1.mga2 libgimp2.0_0-2.8.0-1.1.mga2 gimp-python-2.8.0-1.1.mga2 from SRPMS: gimp-2.6.11-7.2.mga1.src.rpm gimp-2.8.0-1.1.mga2.src.rpm
Whiteboard: (none) => MGA1TOOSeverity: normal => major
Works ok on Mageia 2 i568.
CC: (none) => ed_rus099Whiteboard: MGA1TOO => MGA1TOO MGA2-32-OK
Tested on Mageia 2 x86_64. No problems.
Whiteboard: MGA1TOO MGA2-32-OK => MGA1TOO MGA2-32-OK MGA2-64-OK
PoC gif for CVE-2012-3481 here: https://bugzilla.novell.com/attachment.cgi?id=502827 I've not managed to get a kiss cel file to work with gimp so far. lzh files from here won't open directly but renaming to .cel did open a blank window using 8.9Gb of memory.
from here: http://otakuworld.com/kiss/
Testing Mageia 1 shortly.
CC: (none) => davidwhodgins
Testing complete on Mageia 1 i586 and x86-64. Testing using the attachment from https://bugzilla.redhat.com/show_bug.cgi?id=727800 Could someone from the sysadmin team push the srpm gimp-2.8.0-1.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm gimp-2.6.11-7.2.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated gimp packages fix security vulnerabilities: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP (CVE-2012-3481). A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP (CVE-2012-3403). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3481 https://rhn.redhat.com/errata/RHSA-2012-1180.html https://bugs.mageia.org/show_bug.cgi?id=7128
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO MGA2-32-OK MGA2-64-OK => MGA1TOO MGA2-32-OK MGA2-64-OK MGA1-64-OK MGA1-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0236
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED