gimp-2.6.9-4.3.0.1.AXS4
エラータID: AXSA:2012-904:01
リリース日:
2012/09/17 Monday - 20:01
題名:
gimp-2.6.9-4.3.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
-GIMPのplug-ins/common/file-gif-load.c の LZWReadByte関数で使用されている PBMPLUS の David Koblas GIF decoder の LWZReadByte 関数の LZW decompressor には,伸長テーブルに欠けているコードワードに遭遇した場合,適切に素のコードワードを処理することができず,リモートの攻撃者が無限ループあるいはヒープベースのバッファーオーバーフローを引き起こしたり,あるいは任意のコードを実行する可能性のある脆弱性があります。(CVE-2011-2896)
-GIMPのKiSS CELファイルフォーマットプラグインにはヒープベースのバッファーオーバーフローが存在し,巧妙に細工されたKiSSパレットファイルによって,リモートの攻撃者ががサービス拒否を引き起こしたり,任意のコードを実行する可能性のある脆弱性があります。(CVE-2012-3403)
-GIMPのGIF イメージフォーマットプラグインのplug-ins/common/file-gif-load.c の ReadImage 関数には整数オーバーフローが存在し,GIFイメージファイルの巧妙に細工された高さと長さのプロパティによって,リモートの攻撃者がサービス拒否 (アプリケーションのクラッシュ) と任意のコードを実行する可能性のある脆弱性があります。(CVE-2012-3481)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2011-2896
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
CVE-2012-3403
Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."
Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."
CVE-2012-3481
Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
追加情報:
N/A
ダウンロード:
SRPMS
- gimp-2.6.9-4.3.0.1.AXS4.src.rpm
MD5: 2a2ec07bd78722d2035092ab39642714
SHA-256: d28ff370e342bf975c4342aca2279a25692c0ab7773b1ca0fce6c2c96563fc80
Size: 15.77 MB
Asianux Server 4 for x86
- gimp-2.6.9-4.3.0.1.AXS4.i686.rpm
MD5: 5f69c39ad77b14faef83aa7ddbf4a68b
SHA-256: 6d0f8d7af7f61636e98b3fb215e380da99c2370ccecb3132d0252a55320145a8
Size: 12.38 MB - gimp-help-browser-2.6.9-4.3.0.1.AXS4.i686.rpm
MD5: 377a84a1f500c29602a9b3b4444369cc
SHA-256: fdbeb3fe2e387ede6858ab2ecb1bcbb824134b3b3b1afe39a9cd44b713d1b9f0
Size: 68.90 kB - gimp-libs-2.6.9-4.3.0.1.AXS4.i686.rpm
MD5: 29c334ae2eeb1f4aef4deb0e05669952
SHA-256: 5a4e85bc0694ef79f29f9daea291ef4e7cbe1373ed45616788648289a6b312c6
Size: 509.27 kB
Asianux Server 4 for x86_64
- gimp-2.6.9-4.3.0.1.AXS4.x86_64.rpm
MD5: d2bdb7d0bf02fa9281364eb44edaf9d5
SHA-256: 87a80862cf5d294c7382fa883d250fad179d4436e2b7926e172d2786a4d0e12e
Size: 12.39 MB - gimp-help-browser-2.6.9-4.3.0.1.AXS4.x86_64.rpm
MD5: 59dd8707209ed7c23c5b393fbe7cf2df
SHA-256: 25c949d8f87e99e1851b046dabfc5adc65ff6da136f20f3aef8a045b9f66d171
Size: 68.40 kB - gimp-libs-2.6.9-4.3.0.1.AXS4.x86_64.rpm
MD5: 3cb826f2a29fa8959989f217208dea97
SHA-256: a67d70b296110548cfb59705d9742f2c61a789fd6641a868b3aa29c3246b75e8
Size: 517.16 kB