Ubuntu alert USN-7209-1 (gimp-dds)
| From: | John Breton <john.breton@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7209-1] GIMP DDS Plugin vulnerability | |
| Date: | Thu, 16 Jan 2025 13:26:17 -0500 | |
| Message-ID: | <2d425512-e4d9-4cf9-bc72-531cc473beda@canonical.com> |
========================================================================== Ubuntu Security Notice USN-7209-1 January 16, 2025 gimp-dds vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: The GIMP DDS Plugin could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - gimp-dds: DDS (DirectDraw Surface) plugin for GIMP Details: Jacob Boerema discovered that the GIMP DDS Plugin incorrectly processed DDS files due to a memory issue. An attacker could exploit this through a specifically crafted DDS file to cause GIMP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS gimp-dds 3.0.1-1+deb10u1build0.22.04.1 Ubuntu 20.04 LTS gimp-dds 3.0.1-1+deb10u1build0.20.04.1 Ubuntu 18.04 LTS gimp-dds 3.0.1-1+deb10u1build0.18.04.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS gimp-dds 3.0.1-1+deb10u1build0.16.04.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7209-1 CVE-2023-44441 Package Information: https://launchpad.net/ubuntu/+source/gimp-dds/3.0.1-1+deb... https://launchpad.net/ubuntu/+source/gimp-dds/3.0.1-1+deb...
Attachment: OpenPGP_0xF294825506581F28.asc (type=application/pgp-keys)
-----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBGdQrXIBEACdQtlt0q4nFuG/w6jmXuMpI5n1p/REUpoDI3Fu+2C1Ze46ieTM zKl5rh0+/rEBvwGn5Ox1lcu/QnujnNznNQ0g4ZarPRl3kCA2SKeyqe2vj77sfMkj 3NCF9nlvJVR/j3LgWdo8eynohrkPH8nXazSyzyZRWnUSrn7OCKMZ8KLlkixM9Av/ 58Z2lbzVxto3ehTEXprUSn+WZTuKLBuIIE4681Y0lDZbmhi6W0kQBn/kvAlND/ue G9OLijCJFT7HbikxMtKhCK82cXCSw4SeGzdhkHFLa+QdKo9W/iWYyB9jT+zresxj dfA6I/ZBvBINt7VJKxLgE18XGOiqq5TmlI4iadXv2umMBl8QAKuhA8qLBQDUdZx6 XWKO4w3xqPtzJ0fDX8OHopb0+QBtyUuxFAX+uFX0mpWbxkzjcEUxf16zN5EUwDD2 5c8Q7POoWKQWu1pA6JtBpkoPYTpdbg7lm+YIhonZLWdKduaaUXRjtRrbNRTvMZqq dMNn1WSQzrT8/81CitcETIof1G/XA/ktwWDIqzPBgofyja/ffbOLf3V6GieqcaJK oCaowBZeT1cSBw+xrpEIFiVywFFWbv0f5qWW0yOvYI2YVeckkcsJnsF19quAEgck 8zWOgaZJV8JTj0AmuvE1lqBIRBy3OVl/t7FiQ+0wduytN2U9EOvqaxoKlQARAQAB zShKb2huIEJyZXRvbiA8am9obi5icmV0b25AY2Fub25pbmNhbC5jb20+wsGXBBMB CgBBFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmdQrXICGwMFCQWjmoAFCwkIBwIC IgIGFQoJCAsCBBYCAwECHgcCF4AACgkQ8pSCVQZYHygLpQ/9E+KzsXCYkHVtcHmq S/Qyul2l3DID1Skl/4cuL33s8sQC+XQZxXCIYeXkDOhiDsx+cPwCB20c4GhMRkCw kuefTI4vOg50HhcyuKVfm6WvETWMSEYXjM4lnVuRBNkn+XsfmRG9EPk1bIlwjl0L SNY4zKvYAG9C8MZCyC2+Qz+9HQBR+0kR4Xc8Ei+PVHyuGJfdQN+b5lFghXG6zjKr x0tMWpbh9pFpd0zIpWWNMtmiJQgb8nbxrY6KEdqzi3Jqc/1H0zN1+EpmIq3JNcKV Icol4Y7tnqrkMe4Z2vhcYNdm6KyA7RqBJagYfjDKw2ZFyoZGVasbQb9mlFLHEU2p joDq7wDrI2K4RLNen4XjxOfMVG+W7XQO4CmTLZUyEUVNRy6JLepYz8EHGeaDTAnq OsIEDYnqYyHpweK1eZqhlJNNv6QquPqBS/jptGApkcgszH7I3pOhRVlZSRX4JRSm DhulXJEpPv6dGSCOZsMtsLnKRinIt/LHAsgTYLvSJixQKN2Ji3hoQVufoCKI+Qs7 hWu5L3DHxCa7j5ta3kVyrtzXM1kltvd1vAuCGdO0dhI+nZOJ67D4F+BwiTDyWNOC zM0mnHR63mC3phV6uQp2a5UzNsZFeb8l0RvhMWighQOj7pBgf8t3YNKxFb5j+p6Q LaY1OCQl3/uho8dB5ySgLLU1hcnCwYMEMAEKAC0WIQTIwMc5MbRgflSxqMjylIJV BlgfKAUCZ31mgw8dIHR5cG8gaW4gZW1haWwACgkQ8pSCVQZYHygw8w/9EMfmrGvD oW0WrRc1+0LPKUjGvD/1iCmQ0b3iKJp5rtBEsKIXUKGLMKEi/KvJ1SUNqfGR4Dj9 rmrAYDX2f6roqx/YkqTfqABeYG1kHFHXfgCnxzDbIR6ZZYWKXmYjXgQgYwloJFeg cot9/9Bims6k+zgZEtH/bxvULWerEuvkHaZiMsdOHzsiC/VdSXsW2RrH8V5cDH3Q DRsB4YTP/9gdpWprthCWsk2AJUEj/uZNmkuCmRcfxyG4mRUxnFECU0dt1wd+XRmQ 0H8lKrz1hzKJdRh2qjU/4Debf08NDqBzBktaphlPMjXlqPAvIP5NXWAvRFJm27OS LbYZtb32d2pGtu0ad0HI/B8Dqsv1x0TtUL5ymlnjaqXkajoaE7DWzL6XKsY5KStS Eyhy/EC3dskBTLr9lPLBTGzkAFkGAjB/+H2saaleIKctrwjOgD0srr9YvDBduPZJ yE03wEf3ensE6KZmc+HxBFxXz2AIQQKW/lVUC+UPmsb/8FWwmqcwJqczDHdIblEF d4OPU2u2Go1qK0GQf2RddBj2SxN05ZvqJ0iw3cRAl5phXiLzro1aLYoum+lJrtNH TQJeFJIyWe+dx/3BcQ42shzh7ap2Ipn9VGNf/EH17kJ97gRejbHN9XnfmM2MzRqs HFAsaBAd8yZJYDsxR+rnN7/KjDGiWOnROHrNN0pvaG4gQnJldG9uIChjb3JyZWN0 IGVtYWlsKSA8am9obi5icmV0b25AY2Fub25pY2FsLmNvbT7CwZcEEwEKAEEWIQTI wMc5MbRgflSxqMjylIJVBlgfKAUCZ31l3AIbAwUJBaOagAULCQgHAgIiAgYVCgkI CwIEFgIDAQIeBwIXgAAKCRDylIJVBlgfKKoVD/97VtPeqs8Qg84l3Ca83FZIa3Hd GcRCdhGR0dZ3P1xwMnfk3phFyvewSIPYD+bJDlX97z1gxNUnt0GPvpTYyjAL4uVe Yxb0jY68aUtZ6zBccKXDy+jR/8OxWgU9Ulip+LTumVuq8OD6sWIj44hzuSmdH3eC kzsqj6f5ay8SG5BR1EPJjJnAysrWlJx5j95kep+an/19+rto0t5ZGAfbmHHNPExj JbkQnTra88nUiIKRWuwyG3X2kvxL392BYm7S6cxoMADtrkS2ZSogLBBrddIL5Jfb tyS7R5gng7Uy3MTXlwZL6WYNwFX3bAk01DYV2sOn9hFG0Xh/aGx26PFw2I/YA76x AdHXcxdb+1JwTu+REOSMuvEb0M0N+anEsrWvV4BcY/UgShgtEE5+3OT6dKl62g8v 1G/jrXNz6cwbqiJoWi0U6gwsS4zgi8pXO8iCKSLMbf8/kfH1Yo0mSGGtTqt9gotU ULM/snjT3Fb4me/VcVkqOW0viwCMyp6NXdgbAnd+3Lxk9JQgn8Z9FqLIojE7Qjzm aHHK3syhGjcmLmfTFaEpbqOon5iPPjdYgmz1+FAWxekU1M53yoFed0jZEt132aHT Vz5IsJNu6aDmDbxGKARBk6+PPSDl/D5ExPUEX2TSo648lCSNP03NVlR5mToPVXxJ 1rJ/JjmcDg1VqAaKLM7BTQRnUz5jARAAvhXhR4FxcGnlv0lmEa+WL+5Sf/ygpFm5 tFHnyXJWQA3nXCJNGkibvCM03iyY8cax6MwLG0faQ9xEqu1vphigyj8kdpAcGkIn ezZWyy2e4XpWg7R3CJXRO/teGpCjxkrJ462NwQD2qFAbxe5MzgyzsmKoeEigUmod 2QGzT4nGRqdAklZ/byMAVs+eyF7X+7hUERCgHATpMELvgcSQdUV/lgrQX0g/UV+9 1CtLlTZ5RYHOlqJEb/2VBkKqXP821UV+wScwmAWOIXHRuGsqzyIb2ZB1/VLhEFEM xxsr+nrgjuzOWS2/jXrn9fSHMYlmW3TGmX9+53UNXhtsyT2FFYOc7SzwEwUDqadW johTv3slOj2vsAIW6NFQY2TjjleZFm3lQPiNDtuWZlmL3Qxz5/TDqTrSb5FHJIEN 81R8OYXzy4QDPJKm553ZKOfGKvhj3DV8BlzRJ83nZ3VcduBlnCMv1SMh8wdf39jI F33JTUqjhIuZHzs+VEYofORH+Q8witwCctH5tiJL9i5feAL04bKxH7wsnnwSl9kE eh/okSLWIglZ1JYJov/8hAnlx65DhYuBuX7s6YDaN6bcEBjJcHFQSILzFz1ulaI1 Vp17Nufsb2gOTBX8wK5K1RBP717r48P4GCHzXK8dnWuFnWAPsiJ2K74aPQ3Ei0N7 4pNp1IfxB4cAEQEAAcLBdgQYAQoAIBYhBMjAxzkxtGB+VLGoyPKUglUGWB8oBQJn Uz5jAhsMAAoJEPKUglUGWB8o5dkP/28eg2EoE/+/svXsQ/apsYClkvuvVUsB6klm HWz1B8S4kRJzwDmF2CUvttNT8PDXARdXaExxYFWU4DrptJNTwCkxMYGJOBCXAnVb T9CXFSe2Uz4Gopb55cmWE/xGPWzeBlnt7A3ImJjYI04C2cPXOF8hceGd9mg6hV23 Fj9q2FdAgO82D4k+HRixhkH0Rk/bHc9a0FKKUUbv97gGTmHo6K4idPHeBobZYYYO 0AS/H0t/ea5Ty5+sDu3O2fjecou6L1dgW6oFK68Tep3Vz+sxI3JVTLMcxNh/hxxk pTvtREFc/6Zo+PFLhuPkbAPJeZvZSG1viHkvxCfPuvySDTvi/htf3TiM9yEWgUkS iDQAy4upf/a0B+t3BSapndFNsT+8j5UinY7ux8HiGrhO5t7Br3EMmpvgStkB4v57 LkNXiwkc899ZYlC1lFOTbVgHI4uH3GTWxVjGxZoq3Bda3JTDxTpC+PM+jK5cWDbO /bieXm+zeA8/Go7vSE4kbj4tDEWpXhcnj7uc274xMepQIaPSEP32jPkDUzwD1804 GaJXC/ChkMykYmdEORRH4EfLlS9W+pBuFtktNhWGwdIVaOqVHMDi3jncz1sBsveC Nwtt7tlhxUEPfMUiH8NznH2aeFll7obgX6/yu0Vg6h+d7HBIwY9WdXyMqm/rWATk X5TWH5FT =NpqL -----END PGP PUBLIC KEY BLOCK-----
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmeJT0kFAwAAAAAACgkQ8pSCVQZYHyi0 nQ//eIlenPc2EbRNFmTvCQ6Gf3FYCxopYsj4+kyQwjHmuMxeR3JWx/b6KZQ4bjz44D/2xViL5QwQ qXytyO1LE4IMId2OxKApGTWMTLyl8D/+p4WSVQdsMeOcqplSMlNOVomBfJJlE8b2+vhhXQCawPV0 ypJQpDzR6K8qp5PPMWHdlBUheUx0/uqYE7V0vJ6O2nvmMJsGnIa7yhzrsjzhlwAdiZA87rzWBs4O o57AzqdPSOyluCSn8NHDG1YdBN9fJPJ1ciTchUeL8BS6vNmwDmmyKvuplLwi3IsDqs6APlTNQCdB Wi9bRuz5cq02Yx6iTBKXA6mFgcMLxSYxvXFavRL+EbULoPoZodEZWBNB660no6RZj8EulmltwMWB Et/9k4Zy9D8MfaD5bPB2yCNzoFVpmjZR99KyIUePI7MOID37PymfA/UwfpwNM2DfPB3zhbJgwUj3 Klr/2VHmFZEqfRu4E+qBP9Mh++u7jKn45sfgtF5xLT6mv2JVxFsLHAaFYmGeEUxbDnpQRB1tmmTk BdEKi5SZrmmNBvndO4RM5l/aPRFdHy6SEbDVRQtKZncrd4dU4nf54RPJGeS21vHqptyPR1g/6BNP s4QpK1DkGm13FbErTVudZlCeOmnNzq5gepUUtnddwGoc3IbhUHa55oYuGo3F4/dUJ2vNImAwJfHi Bj8= =9cWi -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)