Debians sikkerhedsbulletin

DSA-1335-1 gimp -- flere sårbarheder

Rapporteret den:

18. jul 2007

Berørte pakker:

gimp

Sårbar:

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2006-4519, CVE-2007-2949.

Yderligere oplysninger:

Flere fjernudnytbare sårbarheder er opdaget i Gimp, GNU Image Manipulation Program, hvilket kunne føre til udførelse af vilkårlig kode. Projektet Common Vulnerabilities and Exposures har fundet frem til følgende problemer:

CVE-2006-4519
Sean Larsson opdagede flere heltalsoverløbs i behandlingskoden vedrørende DICOM-, PNM-, PSD-, RAS-, XBM- og XWD-billeder, hvilket kunne føre til udførelse af vilkårlig kode hvis en bruger blev narret til at åbne en sådan misdannet mediefil.
CVE-2007-2949
Stefan Cornelius opdagede et heltalsoverløb i behandlingskoden vedrørende PSD-billeder, hvilket kunne føre til udførelse af vilkårlig kode hvis en bruger blev narret til at åbne en sådan misdannet mediefil.

I den gamle stabile distribution (sarge) er disse problemer rettet i version 2.2.6-1sarge4. Pakker til mips og mipsel er endnu ikke tilgængelige.

I den stabile distribution (etch) er disse problemer rettet i version 2.2.13-1etch4. Pakker til mips er endnu ikke tilgængelige.

I den ustabile distribution (sid) er disse problemer rettet i version 2.2.17-1.

Vi anbefaler at du opgraderer dine gimp-pakker.

Rettet i:

Debian GNU/Linux 3.1 (sarge)

Kildekode:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4.dsc; http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4.diff.gz; http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6.orig.tar.gz
Arkitekturuafhængig komponent:: http://security.debian.org/pool/updates/main/g/gimp/gimp-data_2.2.6-1sarge4_all.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp1.2_2.2.6-1sarge4_all.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-doc_2.2.6-1sarge4_all.deb
Alpha:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_alpha.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_alpha.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_alpha.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_alpha.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_alpha.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_amd64.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_amd64.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_amd64.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_amd64.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_amd64.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_arm.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_arm.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_arm.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_arm.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_arm.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_arm.deb
HPPA:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_hppa.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_hppa.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_hppa.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_hppa.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_hppa.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_i386.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_i386.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_i386.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_i386.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_i386.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_ia64.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_ia64.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_ia64.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_ia64.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_ia64.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_ia64.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_m68k.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_m68k.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_m68k.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_m68k.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_m68k.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_m68k.deb
PowerPC:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_powerpc.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_powerpc.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_powerpc.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_powerpc.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_powerpc.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_s390.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_s390.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_s390.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_s390.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_s390.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_sparc.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_sparc.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_sparc.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_sparc.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_sparc.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_sparc.deb

Debian GNU/Linux 4.0 (etch)

Kildekode:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4.dsc; http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4.diff.gz; http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13.orig.tar.gz
Arkitekturuafhængig komponent:: http://security.debian.org/pool/updates/main/g/gimp/gimp-data_2.2.13-1etch4_all.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-doc_2.2.13-1etch4_all.deb
Alpha:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_alpha.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_alpha.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_alpha.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_alpha.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_alpha.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_alpha.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_amd64.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_amd64.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_amd64.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_amd64.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_amd64.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_amd64.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_arm.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_arm.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_arm.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_arm.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_arm.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_arm.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_arm.deb
HPPA:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_hppa.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_hppa.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_hppa.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_hppa.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_hppa.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_hppa.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_i386.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_i386.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_i386.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_i386.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_i386.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_i386.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_ia64.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_ia64.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_ia64.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_ia64.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_ia64.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_ia64.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_ia64.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_mipsel.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_mipsel.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_mipsel.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_mipsel.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_mipsel.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_mipsel.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_powerpc.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_powerpc.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_powerpc.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_powerpc.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_powerpc.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_powerpc.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_s390.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_s390.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_s390.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_s390.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_s390.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_s390.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_sparc.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_sparc.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_sparc.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_sparc.deb; http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_sparc.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_sparc.deb; http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.