Test ID:	1.3.6.1.4.1.25623.1.0.72187
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1559-1 (gimp)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gimp announced via advisory USN-1559-1. Details: Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. (CVE-2012-3236) Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. (CVE-2012-3403) Matthias Weckbecker discovered that GIMP incorrectly handled malformed GIF image files. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. (CVE-2012-3481) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: gimp 2.6.12-1ubuntu1.1 Ubuntu 11.10: gimp 2.6.11-2ubuntu4.1 Ubuntu 11.04: gimp 2.6.11-1ubuntu6.3 Ubuntu 10.04 LTS: gimp 2.6.8-2ubuntu1.5 http://www.securityspace.com/smysecure/catid.html?in=USN-1559-1 CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3236 BugTraq ID: 54246 http://www.securityfocus.com/bid/54246 Bugtraq: 20120629 GIMP FIT File Format DoS (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-06/0192.html http://www.exploit-db.com/exploits/19482 http://www.mandriva.com/security/advisories?name=MDVSA-2013:082 http://www.reactionpenetrationtesting.co.uk/FIT-file-handling-dos.html SuSE Security Announcement: openSUSE-SU-2012:1080 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html http://www.ubuntu.com/usn/USN-1559-1 XForce ISS Database: gimp-fit-dos(76658) https://exchange.xforce.ibmcloud.com/vulnerabilities/76658 Common Vulnerability Exposure (CVE) ID: CVE-2012-3403 1027411 http://www.securitytracker.com/id?1027411 50296 http://secunia.com/advisories/50296 55101 http://www.securityfocus.com/bid/55101 MDVSA-2012:142 http://www.mandriva.com/security/advisories?name=MDVSA-2012:142 MDVSA-2013:082 RHSA-2012:1180 http://rhn.redhat.com/errata/RHSA-2012-1180.html RHSA-2012:1181 http://rhn.redhat.com/errata/RHSA-2012-1181.html SUSE-SU-2012:1029 http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00020.html USN-1559-1 [oss-security] 20120820 The Gimp CEL plug-in CVE-2012-3403 issue http://www.openwall.com/lists/oss-security/2012/08/20/7 https://bugzilla.redhat.com/show_bug.cgi?id=839020 openSUSE-SU-2012:1080 Common Vulnerability Exposure (CVE) ID: CVE-2012-3481 SUSE-SU-2012:1038 http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00023.html [oss-security] 20120820 The Gimp GIF plug-in CVE-2012-3481 issue http://www.openwall.com/lists/oss-security/2012/08/20/8 https://bugzilla.novell.com/show_bug.cgi?id=776572 https://bugzilla.redhat.com/show_bug.cgi?id=847303 openSUSE-SU-2012:1131 http://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.