Test ID:	1.3.6.1.4.1.25623.1.0.57086
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-312-1 (gimp)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gimp announced via advisory USN-312-1. A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Henning Makholm discovered that gimp did not sufficiently validate the 'num_axes' parameter in XCF files. By tricking a user into opening a specially crafted XCF file with Gimp, an attacker could exploit this to execute arbitrary code with the user's privileges. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: gimp 2.2.2-1ubuntu5.1 libgimp2.0 2.2.2-1ubuntu5.1 Ubuntu 5.10: gimp 2.2.8-2ubuntu6.1 libgimp2.0 2.2.8-2ubuntu6.1 Ubuntu 6.06 LTS: gimp 2.2.11-1ubuntu3.1 libgimp2.0 2.2.11-1ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-312-1 Risk factor : High CVSS Score: 5.1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3404 BugTraq ID: 18877 http://www.securityfocus.com/bid/18877 Bugtraq: 20060724 ERRATA: [ GLSA 200607-08 ] GIMP: Buffer overflow (Google Search) http://www.securityfocus.com/archive/1/441012/100/0/threaded Bugtraq: 20060724 Re: [ GLSA 200607-08 ] GIMP: Buffer overflow (Google Search) http://www.securityfocus.com/archive/1/440987/100/0/threaded Bugtraq: 20060724 rPSA-2006-0135-1 gimp (Google Search) http://www.securityfocus.com/archive/1/441030/100/0/threaded Debian Security Information: DSA-1116 (Google Search) http://www.debian.org/security/2006/dsa-1116 http://security.gentoo.org/glsa/glsa-200607-08.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:127 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049 http://www.osvdb.org/27037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11259 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5908 http://www.redhat.com/support/errata/RHSA-2006-0598.html http://securitytracker.com/id?1016527 http://secunia.com/advisories/20976 http://secunia.com/advisories/20979 http://secunia.com/advisories/21069 http://secunia.com/advisories/21104 http://secunia.com/advisories/21170 http://secunia.com/advisories/21182 http://secunia.com/advisories/21198 http://secunia.com/advisories/21459 http://secunia.com/advisories/23044 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102720-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200070-1 SuSE Security Announcement: SUSE-SR:2006:019 (Google Search) http://www.novell.com/linux/security/advisories/2006_19_sr.html http://www.ubuntu.com/usn/usn-312-1 http://www.vupen.com/english/advisories/2006/2703 http://www.vupen.com/english/advisories/2006/4634 XForce ISS Database: gimp-xcfloadvector-bo(27687) https://exchange.xforce.ibmcloud.com/vulnerabilities/27687
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.