Test ID:	1.3.6.1.4.1.25623.1.0.831487
Category:	Mandrake Local Security Checks
Title:	Mandriva Update for gimp MDVSA-2011:167 (gimp)
Summary:	The remote host is missing an update for the 'gimp'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'gimp' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been discovered and corrected in gimp: The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895 (CVE-2011-2896). The updated packages have been patched to correct these issues. Affected Software/OS: gimp on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1168 BugTraq ID: 19455 http://www.securityfocus.com/bid/19455 Debian Security Information: DSA-1149 (Google Search) http://www.debian.org/security/2006/dsa-1149 http://security.gentoo.org/glsa/glsa-200610-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:140 http://www.mandriva.com/security/advisories?name=MDVSA-2012:129 http://bugs.gentoo.org/show_bug.cgi?id=141728 https://bugzilla.redhat.com/show_bug.cgi?id=728536 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373 http://www.redhat.com/support/errata/RHSA-2006-0663.html RedHat Security Advisories: RHSA-2012:0810 http://rhn.redhat.com/errata/RHSA-2012-0810.html http://securitytracker.com/id?1016836 http://secunia.com/advisories/21427 http://secunia.com/advisories/21434 http://secunia.com/advisories/21437 http://secunia.com/advisories/21467 http://secunia.com/advisories/21880 http://secunia.com/advisories/22036 http://secunia.com/advisories/22296 http://secunia.com/advisories/22377 SGI Security Advisory: 20060901-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc SuSE Security Announcement: SUSE-SR:2006:020 (Google Search) http://www.novell.com/linux/security/advisories/2006_20_sr.html http://www.vupen.com/english/advisories/2006/3234 XForce ISS Database: ncompress-decompress-underflow(28315) https://exchange.xforce.ibmcloud.com/vulnerabilities/28315 Common Vulnerability Exposure (CVE) ID: CVE-2011-2895 1025920 http://securitytracker.com/id?1025920 45544 http://secunia.com/advisories/45544 45568 http://secunia.com/advisories/45568 45599 http://secunia.com/advisories/45599 45986 http://secunia.com/advisories/45986 46127 http://secunia.com/advisories/46127 48951 http://secunia.com/advisories/48951 49124 http://www.securityfocus.com/bid/49124 APPLE-SA-2012-02-01-1 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html APPLE-SA-2012-05-09-1 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html APPLE-SA-2015-12-08-1 http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html APPLE-SA-2015-12-08-2 http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html APPLE-SA-2015-12-08-3 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html APPLE-SA-2015-12-08-4 http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html DSA-2293 http://www.debian.org/security/2011/dsa-2293 MDVSA-2011:153 http://www.mandriva.com/security/advisories?name=MDVSA-2011:153 NetBSD-SA2011-007 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc RHSA-2011:1154 http://www.redhat.com/support/errata/RHSA-2011-1154.html RHSA-2011:1155 http://www.redhat.com/support/errata/RHSA-2011-1155.html RHSA-2011:1161 http://www.redhat.com/support/errata/RHSA-2011-1161.html RHSA-2011:1834 http://www.redhat.com/support/errata/RHSA-2011-1834.html SUSE-SU-2011:1035 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html USN-1191-1 http://www.ubuntu.com/usn/USN-1191-1 [oss-security] 20110810 LZW decompression issues http://www.openwall.com/lists/oss-security/2011/08/10/10 [xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html [xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4 http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5281 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17 https://bugzilla.redhat.com/show_bug.cgi?id=725760 https://bugzilla.redhat.com/show_bug.cgi?id=727624 https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 https://support.apple.com/HT205641 openSUSE-SU-2011:1299 http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html xorg-lzw-bo(69141) https://exchange.xforce.ibmcloud.com/vulnerabilities/69141 Common Vulnerability Exposure (CVE) ID: CVE-2011-2896 1025929 http://www.securitytracker.com/id?1025929 45621 http://secunia.com/advisories/45621 45900 http://secunia.com/advisories/45900 45945 http://secunia.com/advisories/45945 45948 http://secunia.com/advisories/45948 46024 http://secunia.com/advisories/46024 48236 http://secunia.com/advisories/48236 48308 http://secunia.com/advisories/48308 49148 http://www.securityfocus.com/bid/49148 50737 http://secunia.com/advisories/50737 DSA-2354 http://www.debian.org/security/2011/dsa-2354 DSA-2426 http://www.debian.org/security/2012/dsa-2426 FEDORA-2011-11173 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html FEDORA-2011-11197 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html FEDORA-2011-11221 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html FEDORA-2011-11229 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html FEDORA-2011-11305 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html FEDORA-2011-11318 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html GLSA-201209-23 http://security.gentoo.org/glsa/glsa-201209-23.xml MDVSA-2011:146 http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 MDVSA-2011:167 http://www.mandriva.com/security/advisories?name=MDVSA-2011:167 RHSA-2011:1635 http://www.redhat.com/support/errata/RHSA-2011-1635.html RHSA-2012:1180 http://rhn.redhat.com/errata/RHSA-2012-1180.html RHSA-2012:1181 http://rhn.redhat.com/errata/RHSA-2012-1181.html USN-1207-1 http://www.ubuntu.com/usn/USN-1207-1 USN-1214-1 http://www.ubuntu.com/usn/USN-1214-1 http://cups.org/str.php?L3867 http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4 https://bugzilla.redhat.com/show_bug.cgi?id=727800 https://bugzilla.redhat.com/show_bug.cgi?id=730338
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.