Joined: 12 May 2004
|Posted: Sun Mar 06, 2016 8:26 pm Post subject: [ glsa 201603-01 ] gimp
|Gentoo Linux Security Advisory
Title: GIMP: Multiple vulnerabilities (GLSA 201603-01)
Date: March 06, 2016
Updated: May 04, 2016
Bug(s): #434582, #493372
GIMP is vulnerable to multiple buffer overflows which could result
in the execution of arbitrary code or Denial of Service.
GIMP is a cross-platform image editor available for GNU/Linux, OS X,
Windows and more operating systems.
Vulnerable: < 2.8.0
Unaffected: >= 2.8.0
Architectures: All supported architectures
GIMP’s network server, scriptfu, is vulnerable to the remote execution
of arbitrary code via the python-fu-eval command due to not requiring
authentication. Additionally, the X Window Dump (XWD) plugin is
vulnerable to multiple buffer overflows possibly allowing the remote
execution of arbitrary code or Denial of Service. The XWD plugin is
vulnerable due to not validating large color entries.
A remote attacker could possibly execute arbitrary code with the
privileges of the process due or perform a Denial of Service.
There is no known work around at this time.
All GIMP users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.8.0"
Last edited by GLSA on Sun May 15, 2016 4:17 am; edited 2 times in total