Mageia alert MGASA-2012-0327 (gimp)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2012-0327: gimp-2.6.11-7.3.mga1 (1/core) 
Date:
    	     
 
Fri, 9 Nov 2012 00:29:52 +0100
Message-ID:
    	     
 
<20121108232952.GA17431@valstar.mageia.org>

MGASA-2012-0327
Date: 	November 9th, 2012
Affected releases: 	1


Description:
Updated gimp packages fix security vulnerabilities:

Buffer overflow in the readstr_upto function in
plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and
possibly 2.6.13, allows remote attackers to execute arbitrary code via
a long string in a command to the script-fu server (CVE-2012-2763).

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial
of service (NULL pointer dereference and application crash) via a
malformed
XTENSION header of a .fit file, as demonstrated using a long string
(CVE-2012-3236).


Updated Packages:
gimp-2.6.11-7.3.mga1
gimp-python-2.6.11-7.3.mga1
lib(64)gimp2.0_0-2.6.11-7.3.mga1
lib(64)gimp2.0-devel-2.6.11-7.3.mga1


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2763

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3236

http://lists.opensuse.org/opensuse-updates/2012-09/msg000...
https://bugs.mageia.org/show_bug.cgi?id=7351

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...