 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.831726 |
| Category: | Mandrake Local Security Checks |
| Title: | Mandriva Update for gimp MDVSA-2012:142 (gimp) |
| Summary: | The remote host is missing an update for the 'gimp'; package(s) announced via the referenced advisory. |
| Description: | Summary: The remote host is missing an update for the 'gimp' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been discovered and corrected in gimp: A heap-based buffer overflow flaw, leading to invalid free, was found in the way KISS CEL file format plug-in of Gimp, the GNU Image Manipulation Program, performed loading of certain palette files. A remote attacker could provide a specially-crafted KISS palette file that, when opened in Gimp would cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the gimp executable (CVE-2012-3403). Integer overflow, leading to heap-based buffer overflow flaw was found in the GIMP's GIF (Graphics Interchange Format) image file plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP (CVE-2012-3481). The updated gimp packages have been upgraded to the 2.6.12 version and patched to correct these issues. Additionally for Mandriva Enterprise server 5 the gegl packages was upgraded to the 0.0.22 version and rebuilt for ffmpeg 0.5.9, the enscript packages was added because of a build dependency, the gutenprint and mtink packages was rebuilt against the gimp 2.6.12 libraries. Affected Software/OS: gimp on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-3403 1027411 http://www.securitytracker.com/id?1027411 50296 http://secunia.com/advisories/50296 55101 http://www.securityfocus.com/bid/55101 MDVSA-2012:142 http://www.mandriva.com/security/advisories?name=MDVSA-2012:142 MDVSA-2013:082 http://www.mandriva.com/security/advisories?name=MDVSA-2013:082 RHSA-2012:1180 http://rhn.redhat.com/errata/RHSA-2012-1180.html RHSA-2012:1181 http://rhn.redhat.com/errata/RHSA-2012-1181.html SUSE-SU-2012:1029 http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00020.html USN-1559-1 http://www.ubuntu.com/usn/USN-1559-1 [oss-security] 20120820 The Gimp CEL plug-in CVE-2012-3403 issue http://www.openwall.com/lists/oss-security/2012/08/20/7 https://bugzilla.redhat.com/show_bug.cgi?id=839020 openSUSE-SU-2012:1080 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2012-3481 SUSE-SU-2012:1038 http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00023.html [oss-security] 20120820 The Gimp GIF plug-in CVE-2012-3481 issue http://www.openwall.com/lists/oss-security/2012/08/20/8 https://bugzilla.novell.com/show_bug.cgi?id=776572 https://bugzilla.redhat.com/show_bug.cgi?id=847303 openSUSE-SU-2012:1131 http://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html |
| Copyright | Copyright (C) 2012 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |