gimp-2.6.9-4.1.0.1.AXS4
エラータID: AXSA:2011-685:01
GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.
Security issues fixed with this release:
CVE-2010-4540
Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the LIGHTING EFFECTS > LIGHT plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.
CVE-2010-4541
Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Number of lights field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself.
CVE-2010-4542
Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.
CVE-2010-4543
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information.
Update packages.
Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.
Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself.
Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information.
From Asianux Server 4 SP1.
SRPMS
- gimp-2.6.9-4.1.0.1.AXS4.src.rpm
MD5: dfe8962c7ce0ef6a542c0feb50900df4
SHA-256: 740d8607af27417f38fd7b3414f2b3e78b4a70b2cded7f6b98bb43579324a3a4
Size: 15.77 MB
Asianux Server 4 for x86
- gimp-2.6.9-4.1.0.1.AXS4.i686.rpm
MD5: dd7127963c2ac2a28b8fb2dbf793394d
SHA-256: b07c3db61bd401e03718e392b9eacd957c689a5c275958e57103667f7933e921
Size: 12.38 MB - gimp-help-browser-2.6.9-4.1.0.1.AXS4.i686.rpm
MD5: 893ef84d5832e04df1f1caf6280c1bf6
SHA-256: 98b145399a6104d008d5d388545d36a6a3e645a4d0dc3d9fdabf18c8c0c7d1c4
Size: 68.71 kB - gimp-libs-2.6.9-4.1.0.1.AXS4.i686.rpm
MD5: e3223e3b78d6536c67e3cc1a7833f62e
SHA-256: d21140b6eb62e88123a42f73988cf8f6b000bf5f9842b6bbcca674ee84875c00
Size: 509.05 kB
Asianux Server 4 for x86_64
- gimp-2.6.9-4.1.0.1.AXS4.x86_64.rpm
MD5: 9135ddbb144b81db126fa1f0f7684a57
SHA-256: 023043e02ee1cdece7e6ba8f22007948a713c459d0d60c2b0108ed96bcf05f3f
Size: 12.39 MB - gimp-help-browser-2.6.9-4.1.0.1.AXS4.x86_64.rpm
MD5: 632b78590648b20e006e0a68ba005bab
SHA-256: f6687754ab3b896e8725326a8fb8d99c1ec7e91e69daf6c2db2e9c9bd4d150ad
Size: 68.21 kB - gimp-libs-2.6.9-4.1.0.1.AXS4.x86_64.rpm
MD5: e1111d76da51b4595ebef1dc20ca0496
SHA-256: 0b8843e19c4dc015a420b04b68f68ed4ade6adf09466b50dcf56805a3e911ee8
Size: 516.91 kB