| |||||||||||||||||||
Mageia alert MGASA-2012-0327 (gimp)
MGASA-2012-0327 Date: November 9th, 2012 Affected releases: 1 Description: Updated gimp packages fix security vulnerabilities: Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server (CVE-2012-2763). fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string (CVE-2012-3236). Updated Packages: gimp-2.6.11-7.3.mga1 gimp-python-2.6.11-7.3.mga1 lib(64)gimp2.0_0-2.6.11-7.3.mga1 lib(64)gimp2.0-devel-2.6.11-7.3.mga1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3236 http://lists.opensuse.org/opensuse-updates/2012-09/msg000... https://bugs.mageia.org/show_bug.cgi?id=7351 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||