gimp-2.6.9-6.0.1.AXS4

エラータID: AXSA:2014-037:01

Release date: 
Tuesday, March 18, 2014 - 19:32
Subject: 
gimp-2.6.9-6.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.

Security issues fixed with this release:

• CVE-2012-5576
Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file.

• CVE-2013-1913
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.

• CVE-2013-1978
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.

Solution: 

Update packages.

CVEs: 
CVE-2012-5576
Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file.
CVE-2013-1913
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.
CVE-2013-1978
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.




Additional Info: 

N/A

Download: 

SRPMS
  1. gimp-2.6.9-6.0.1.AXS4.src.rpm
    MD5: b3add9777eca64f2de289885a0855955
    SHA-256: ec7d6d592abace8acb09e842d4415b067e827c56b07b00e1d62f27e0c5bc48b9
    Size: 15.78 MB

Asianux Server 4 for x86
  1. gimp-2.6.9-6.0.1.AXS4.i686.rpm
    MD5: 807fce65b57874b9a54b5b5bed92045e
    SHA-256: 0238c31d1f8c4d85b1c38265909884bd4a7cc02b3c94be64103a11922e2a9ec7
    Size: 12.38 MB
  2. gimp-help-browser-2.6.9-6.0.1.AXS4.i686.rpm
    MD5: 8f5b6c859e9dbee0a9fd9a4bfbc3903c
    SHA-256: 439d327454a8712e730bca6d3be8765f56c1bc329e055273275316947f76232c
    Size: 69.09 kB
  3. gimp-libs-2.6.9-6.0.1.AXS4.i686.rpm
    MD5: 88303e4dc5d5672002571a245280e18a
    SHA-256: 1fbb338a039b515773452599188a0351a78c8ecb124cd39f8a652c4229989dde
    Size: 509.45 kB

Asianux Server 4 for x86_64
  1. gimp-2.6.9-6.0.1.AXS4.x86_64.rpm
    MD5: 2ed6bd63daca93fbd835268f347fe9f8
    SHA-256: a9c2cb00736173eb2dcd0ca680eb798e88d5a148f428c15aefab7890afec319b
    Size: 12.40 MB
  2. gimp-help-browser-2.6.9-6.0.1.AXS4.x86_64.rpm
    MD5: 834e26eab449af58e30acd731da12c53
    SHA-256: 562afb3fa41ed2b7279b3d466ff7991c42bfdf1a5e6dd5b68989e44d662bf011
    Size: 68.70 kB
  3. gimp-libs-2.6.9-6.0.1.AXS4.x86_64.rpm
    MD5: 4cf51b3290507389449bb8fdee6a8e83
    SHA-256: 4292e090e43abee25bb29fd2382287d04c1ddeeec95b808f41cb7e674974b538
    Size: 518.84 kB