SUSE-SU-2014:0214-1: moderate: Security update for gimp

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Feb 10 08:04:12 MST 2014 

   SUSE Security Update: Security update for gimp
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0214-1
Rating:             moderate
References:         #791372 #853423 #853425 
Cross-References:   CVE-2012-5576 CVE-2013-1913 CVE-2013-1978
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:


   This update fixes the following security issues with gimp:

   * bnc#853423: XWD plugin g_new() integer overflow
   (CVE-2013-1913)
   * bnc#853425: XWD plugin color map heap-based buffer
   overflow (CVE-2013-1978)
   * bnc#791372: memory corruption via XWD files
   (CVE-2012-5576)

   Security Issue references:

   * CVE-2013-1913
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1913
   >
   * CVE-2012-5576
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5576
   >
   * CVE-2013-1978
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP3:

      zypper in -t patch sdksp3-gimp-8856

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-gimp-8856

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):

      gimp-2.6.2-3.34.45.1
      gimp-devel-2.6.2-3.34.45.1
      gimp-lang-2.6.2-3.34.45.1
      gimp-plugins-python-2.6.2-3.34.45.1

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):

      gimp-2.6.2-3.34.45.1
      gimp-lang-2.6.2-3.34.45.1
      gimp-plugins-python-2.6.2-3.34.45.1


References:

   http://support.novell.com/security/cve/CVE-2012-5576.html
   http://support.novell.com/security/cve/CVE-2013-1913.html
   http://support.novell.com/security/cve/CVE-2013-1978.html
   https://bugzilla.novell.com/791372
   https://bugzilla.novell.com/853423
   https://bugzilla.novell.com/853425
   http://download.novell.com/patch/finder/?keywords=0ad1765a09ee9612a60c4db564f15ae0

More information about the sle-security-updates mailing list