CentOS Local Security Checks : CentOS Update for gimp CESA-2013:1778 centos5

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881828

Categoría: CentOS Local Security Checks

Título: CentOS Update for gimp CESA-2013:1778 centos5

Resumen: The remote host is missing an update for the 'gimp'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'gimp'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The GIMP (GNU Image Manipulation Program) is an image composition and
editing program.

A stack-based buffer overflow flaw, a heap-based buffer overflow, and an
integer overflow flaw were found in the way GIMP loaded certain X Window
System (XWD) image dump files. A remote attacker could provide a specially
crafted XWD image file that, when processed, would cause the XWD plug-in to
crash or, potentially, execute arbitrary code with the privileges of the
user running the GIMP. (CVE-2012-5576, CVE-2013-1913, CVE-2013-1978)

The CVE-2013-1913 and CVE-2013-1978 issues were discovered by Murray
McAllister of the Red Hat Security Response Team.

Users of the GIMP are advised to upgrade to these updated packages, which
correct these issues. The GIMP must be restarted for the update to take
effect.

Affected Software/OS:
gimp on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-5576
50296
http://secunia.com/advisories/50296
51479
http://secunia.com/advisories/51479
51528
http://secunia.com/advisories/51528
56647
http://www.securityfocus.com/bid/56647
MDVSA-2013:082
http://www.mandriva.com/security/advisories?name=MDVSA-2013:082
USN-1659-1
http://www.ubuntu.com/usn/USN-1659-1
[oss-security] 20121126 Re: CVE Request: Gimp memory corruption vulnerability
http://www.openwall.com/lists/oss-security/2012/11/27/1
http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
https://bugzilla.gnome.org/show_bug.cgi?id=687392
openSUSE-SU-2012:1623
http://lists.opensuse.org/opensuse-updates/2012-12/msg00017.html
openSUSE-SU-2013:0123
http://lists.opensuse.org/opensuse-updates/2013-01/msg00014.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-1913
64105
http://www.securityfocus.com/bid/64105
DSA-2813
http://www.debian.org/security/2013/dsa-2813
GLSA-201603-01
https://security.gentoo.org/glsa/201603-01
RHSA-2013:1778
http://rhn.redhat.com/errata/RHSA-2013-1778.html
USN-2051-1
http://www.ubuntu.com/usn/USN-2051-1
https://bugzilla.redhat.com/show_bug.cgi?id=947868
Common Vulnerability Exposure (CVE) ID: CVE-2013-1978
64098
http://www.securityfocus.com/bid/64098
https://bugzilla.redhat.com/show_bug.cgi?id=953902

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881828
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for gimp CESA-2013:1778 centos5
Resumen:	The remote host is missing an update for the 'gimp'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'gimp' package(s) announced via the referenced advisory. Vulnerability Insight: The GIMP (GNU Image Manipulation Program) is an image composition and editing program. A stack-based buffer overflow flaw, a heap-based buffer overflow, and an integer overflow flaw were found in the way GIMP loaded certain X Window System (XWD) image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-5576, CVE-2013-1913, CVE-2013-1978) The CVE-2013-1913 and CVE-2013-1978 issues were discovered by Murray McAllister of the Red Hat Security Response Team. Users of the GIMP are advised to upgrade to these updated packages, which correct these issues. The GIMP must be restarted for the update to take effect. Affected Software/OS: gimp on CentOS 5 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5576 50296 http://secunia.com/advisories/50296 51479 http://secunia.com/advisories/51479 51528 http://secunia.com/advisories/51528 56647 http://www.securityfocus.com/bid/56647 MDVSA-2013:082 http://www.mandriva.com/security/advisories?name=MDVSA-2013:082 USN-1659-1 http://www.ubuntu.com/usn/USN-1659-1 [oss-security] 20121126 Re: CVE Request: Gimp memory corruption vulnerability http://www.openwall.com/lists/oss-security/2012/11/27/1 http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1 https://bugzilla.gnome.org/show_bug.cgi?id=687392 openSUSE-SU-2012:1623 http://lists.opensuse.org/opensuse-updates/2012-12/msg00017.html openSUSE-SU-2013:0123 http://lists.opensuse.org/opensuse-updates/2013-01/msg00014.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1913 64105 http://www.securityfocus.com/bid/64105 DSA-2813 http://www.debian.org/security/2013/dsa-2813 GLSA-201603-01 https://security.gentoo.org/glsa/201603-01 RHSA-2013:1778 http://rhn.redhat.com/errata/RHSA-2013-1778.html USN-2051-1 http://www.ubuntu.com/usn/USN-2051-1 https://bugzilla.redhat.com/show_bug.cgi?id=947868 Common Vulnerability Exposure (CVE) ID: CVE-2013-1978 64098 http://www.securityfocus.com/bid/64098 https://bugzilla.redhat.com/show_bug.cgi?id=953902
Copyright	Copyright (C) 2013 Greenbone AG