Skip to navigation

Security Advisory Moderate: gimp security update

Advisory: RHSA-2011:0838-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-05-31
Last updated on: 2011-05-31
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.6.z server)
Red Hat Enterprise Linux Long Life (v. 5.6 server)
CVEs (cve.mitre.org): CVE-2009-1570
CVE-2010-4540
CVE-2010-4541
CVE-2010-4542
CVE-2010-4543
CVE-2011-1178

Details

Updated gimp packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The GIMP (GNU Image Manipulation Program) is an image composition and
editing program.

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer
eXchange (PCX) image file plug-ins. An attacker could create a
specially-crafted BMP or PCX image file that, when opened, could cause the
relevant plug-in to crash or, potentially, execute arbitrary code with the
privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)

A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro
(PSP) image file plug-in. An attacker could create a specially-crafted PSP
image file that, when opened, could cause the PSP plug-in to crash or,
potentially, execute arbitrary code with the privileges of the user running
the GIMP. (CVE-2010-4543)

A stack-based buffer overflow flaw was found in the GIMP's Lightning,
Sphere Designer, and Gfig image filters. An attacker could create a
specially-crafted Lightning, Sphere Designer, or Gfig filter configuration
file that, when opened, could cause the relevant plug-in to crash or,
potentially, execute arbitrary code with the privileges of the user running
the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)

Red Hat would like to thank Stefan Cornelius of Secunia Research for
responsibly reporting the CVE-2009-1570 flaw.

Users of the GIMP are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The GIMP must be
restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
gimp-2.2.13-2.0.7.el5_6.2.src.rpm
File outdated by:  RHSA-2013:1778
    MD5: d87a368e755653269127af23b0cd9b25
SHA-256: 1e204b4d747de72f8c56a70e33f7512bb079e8931eb15e64af50e6a1815b50a0
 
IA-32:
gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm
File outdated by:  RHSA-2013:1778
    MD5: e3e64c0d4c241ed08a1920e62a4a106c
SHA-256: 6c1d26861d86f3b0e59833eac7d0710d8c2c50f5421eca86d2371be648f6d9ed
 
x86_64:
gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm
File outdated by:  RHSA-2013:1778
    MD5: e3e64c0d4c241ed08a1920e62a4a106c
SHA-256: 6c1d26861d86f3b0e59833eac7d0710d8c2c50f5421eca86d2371be648f6d9ed
gimp-devel-2.2.13-2.0.7.el5_6.2.x86_64.rpm
File outdated by:  RHSA-2013:1778
    MD5: 0600bdfe2b8825bfa59711866dbbbd68
SHA-256: 47f385ec5f5c2261ce94529e15ab73d252c60e4a3188b1c6820bb135230926b3
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
gimp-2.2.13-2.0.7.el5_6.2.src.rpm
File outdated by:  RHSA-2013:1778
    MD5: d87a368e755653269127af23b0cd9b25
SHA-256: 1e204b4d747de72f8c56a70e33f7512bb079e8931eb15e64af50e6a1815b50a0
 
IA-32:
gimp-2.2.13-2.0.7.el5_6.2.i386.rpm
File outdated by:  RHSA-2013:1778
    MD5: 873d844c32299b777d37e4df97e0a1e9
SHA-256: a574d6c779324d32a0325ea87f4155d65c2fe11a9c2dfaa3ea2e9852cd035ad0
gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm
File outdated by:  RHSA-2013:1778
    MD5: e3e64c0d4c241ed08a1920e62a4a106c
SHA-256: 6c1d26861d86f3b0e59833eac7d0710d8c2c50f5421eca86d2371be648f6d9ed
gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm
File outdated by:  RHSA-2013:1778
    MD5: dcc121b097f10397516a29083240c9a6
SHA-256: 1524e7cfb12ef236af6f6456ce98c82e2b2fb30a1fc671764c930782c3238dc5
 
IA-64:
gimp-2.2.13-2.0.7.el5_6.2.ia64.rpm
File outdated by:  RHSA-2013:1778
    MD5: a788fd962c8fdee9153545ccb2bac370
SHA-256: 7ea391e9bc84567bc06f06aeb84530ab0f79e66094c38dd5c945459dcb1d1253
gimp-devel-2.2.13-2.0.7.el5_6.2.ia64.rpm
File outdated by:  RHSA-2013:1778
    MD5: 8b0a9dec55fde2bacddfbd709ba02a99
SHA-256: 6bd16adf610dc21d5691ff2845bdb8f6ed15ef0d3d11b9a27c171d7e4aa0472b
gimp-libs-2.2.13-2.0.7.el5_6.2.ia64.rpm
File outdated by:  RHSA-2013:1778
    MD5: e2cf4938b66e4117a33b01fd39af0d8d
SHA-256: 51284d701b095ed3984f960c4e719016a0cdb64290224d7056fe174d0c917c0d
 
PPC:
gimp-2.2.13-2.0.7.el5_6.2.ppc.rpm
File outdated by:  RHSA-2013:1778
    MD5: 693d7e5deb5a112de7db9a1d64af00e8
SHA-256: c9c4e1f2b2204eea7eb49bc06b52209c11ed9cd9da92e0b8eaa4d7b45aef7fa6
gimp-devel-2.2.13-2.0.7.el5_6.2.ppc.rpm
File outdated by:  RHSA-2013:1778
    MD5: f21cb582d12f6a74c242b0966ed45fe5
SHA-256: f98ec1659740a1773aec4ee2db7c06ba9286c7008e876aac7b27eb351e6efbdf
gimp-devel-2.2.13-2.0.7.el5_6.2.ppc64.rpm
File outdated by:  RHSA-2013:1778
    MD5: 38774e98a132e9f2695ecd8de4387f91
SHA-256: a319e63fa74a380bb4e847cdfe4d320c77f41c693505e2a3c5d4eec70a84077c
gimp-libs-2.2.13-2.0.7.el5_6.2.ppc.rpm
File outdated by:  RHSA-2013:1778
    MD5: 00dd2638a8b73a505d9b03d90ff1d223
SHA-256: c45ce521fbb33b2ff853c62d89dd2c04e0de2d6ac41fbe00d46e9c6d92d422bb
gimp-libs-2.2.13-2.0.7.el5_6.2.ppc64.rpm
File outdated by:  RHSA-2013:1778
    MD5: 24371e7c2f2b213e3c6dcb96f256f735
SHA-256: 94f8123c7d7b00e55ca52d437e27205cf8ecfb292d32223a868868b90d875ec8
 
s390x:
gimp-2.2.13-2.0.7.el5_6.2.s390x.rpm
File outdated by:  RHSA-2013:1778
    MD5: 4cfc4f67a6594419e2b1c860e65bae2e
SHA-256: 78d175ea4869287268032636074fc2363ea8dd81b2310511adea717c70bbd79b
gimp-devel-2.2.13-2.0.7.el5_6.2.s390.rpm
File outdated by:  RHSA-2013:1778
    MD5: 2582109e10bf6c83fe19f6d6cff00c46
SHA-256: ce52e5b26ae836759c1f348a8f2d1a768ffb6450dcb7d07c5f80610300282f32
gimp-devel-2.2.13-2.0.7.el5_6.2.s390x.rpm
File outdated by:  RHSA-2013:1778
    MD5: 7ad0b4834b2fbad1ee6e88525c4eef9b
SHA-256: 7bd526eeae0ad7fac94e36d4721a02f3daaa4c224cb3a6a660c4f496e491172c
gimp-libs-2.2.13-2.0.7.el5_6.2.s390.rpm
File outdated by:  RHSA-2013:1778
    MD5: a88e57781df982e84b95224190bffb7e
SHA-256: f5ffa6f8c753ab9a308bbeb740ba7f4d880863e2ecfee31291a932f8e89d6ad3
gimp-libs-2.2.13-2.0.7.el5_6.2.s390x.rpm
File outdated by:  RHSA-2013:1778
    MD5: c47d241eaf056a386bea1e955570f3a2
SHA-256: e8a02412bd0d8cd5963b2960e44c23a5dca47e6d2e53f8dde98029651ac055e2
 
x86_64:
gimp-2.2.13-2.0.7.el5_6.2.x86_64.rpm
File outdated by:  RHSA-2013:1778
    MD5: 8ad4e153915e75457843ac5e3a5312e5
SHA-256: 321eee92a6ed52553f2b190137fcc2de459c9c652f7cef8686438800344f6b3e
gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm
File outdated by:  RHSA-2013:1778
    MD5: e3e64c0d4c241ed08a1920e62a4a106c
SHA-256: 6c1d26861d86f3b0e59833eac7d0710d8c2c50f5421eca86d2371be648f6d9ed
gimp-devel-2.2.13-2.0.7.el5_6.2.x86_64.rpm
File outdated by:  RHSA-2013:1778
    MD5: 0600bdfe2b8825bfa59711866dbbbd68
SHA-256: 47f385ec5f5c2261ce94529e15ab73d252c60e4a3188b1c6820bb135230926b3
gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm
File outdated by:  RHSA-2013:1778
    MD5: dcc121b097f10397516a29083240c9a6
SHA-256: 1524e7cfb12ef236af6f6456ce98c82e2b2fb30a1fc671764c930782c3238dc5
gimp-libs-2.2.13-2.0.7.el5_6.2.x86_64.rpm
File outdated by:  RHSA-2013:1778
    MD5: 93930987f1a8a683619c60645e5b4336
SHA-256: f78369db188237c5dfc1f56628e39e7b41fb420461511c817a7978c8364b58f2
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
gimp-2.2.13-2.0.7.el5_6.2.src.rpm
File outdated by:  RHSA-2013:1778
    MD5: d87a368e755653269127af23b0cd9b25
SHA-256: 1e204b4d747de72f8c56a70e33f7512bb079e8931eb15e64af50e6a1815b50a0
 
IA-32:
gimp-2.2.13-2.0.7.el5_6.2.i386.rpm
File outdated by:  RHSA-2013:1778
    MD5: 873d844c32299b777d37e4df97e0a1e9
SHA-256: a574d6c779324d32a0325ea87f4155d65c2fe11a9c2dfaa3ea2e9852cd035ad0
gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm
File outdated by:  RHSA-2013:1778
    MD5: dcc121b097f10397516a29083240c9a6
SHA-256: 1524e7cfb12ef236af6f6456ce98c82e2b2fb30a1fc671764c930782c3238dc5
 
x86_64:
gimp-2.2.13-2.0.7.el5_6.2.x86_64.rpm
File outdated by:  RHSA-2013:1778
    MD5: 8ad4e153915e75457843ac5e3a5312e5
SHA-256: 321eee92a6ed52553f2b190137fcc2de459c9c652f7cef8686438800344f6b3e
gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm
File outdated by:  RHSA-2013:1778
    MD5: dcc121b097f10397516a29083240c9a6
SHA-256: 1524e7cfb12ef236af6f6456ce98c82e2b2fb30a1fc671764c930782c3238dc5
gimp-libs-2.2.13-2.0.7.el5_6.2.x86_64.rpm
File outdated by:  RHSA-2013:1778
    MD5: 93930987f1a8a683619c60645e5b4336
SHA-256: f78369db188237c5dfc1f56628e39e7b41fb420461511c817a7978c8364b58f2
 
Red Hat Enterprise Linux EUS (v. 5.6.z server)

SRPMS:
gimp-2.2.13-2.0.7.el5_6.2.src.rpm
File outdated by:  RHSA-2013:1778
    MD5: d87a368e755653269127af23b0cd9b25
SHA-256: 1e204b4d747de72f8c56a70e33f7512bb079e8931eb15e64af50e6a1815b50a0
 
IA-32:
gimp-2.2.13-2.0.7.el5_6.2.i386.rpm     MD5: 873d844c32299b777d37e4df97e0a1e9
SHA-256: a574d6c779324d32a0325ea87f4155d65c2fe11a9c2dfaa3ea2e9852cd035ad0
gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm     MD5: e3e64c0d4c241ed08a1920e62a4a106c
SHA-256: 6c1d26861d86f3b0e59833eac7d0710d8c2c50f5421eca86d2371be648f6d9ed
gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm     MD5: dcc121b097f10397516a29083240c9a6
SHA-256: 1524e7cfb12ef236af6f6456ce98c82e2b2fb30a1fc671764c930782c3238dc5
 
IA-64:
gimp-2.2.13-2.0.7.el5_6.2.ia64.rpm     MD5: a788fd962c8fdee9153545ccb2bac370
SHA-256: 7ea391e9bc84567bc06f06aeb84530ab0f79e66094c38dd5c945459dcb1d1253
gimp-devel-2.2.13-2.0.7.el5_6.2.ia64.rpm     MD5: 8b0a9dec55fde2bacddfbd709ba02a99
SHA-256: 6bd16adf610dc21d5691ff2845bdb8f6ed15ef0d3d11b9a27c171d7e4aa0472b
gimp-libs-2.2.13-2.0.7.el5_6.2.ia64.rpm     MD5: e2cf4938b66e4117a33b01fd39af0d8d
SHA-256: 51284d701b095ed3984f960c4e719016a0cdb64290224d7056fe174d0c917c0d
 
PPC:
gimp-2.2.13-2.0.7.el5_6.2.ppc.rpm     MD5: 693d7e5deb5a112de7db9a1d64af00e8
SHA-256: c9c4e1f2b2204eea7eb49bc06b52209c11ed9cd9da92e0b8eaa4d7b45aef7fa6
gimp-devel-2.2.13-2.0.7.el5_6.2.ppc.rpm     MD5: f21cb582d12f6a74c242b0966ed45fe5
SHA-256: f98ec1659740a1773aec4ee2db7c06ba9286c7008e876aac7b27eb351e6efbdf
gimp-devel-2.2.13-2.0.7.el5_6.2.ppc64.rpm     MD5: 38774e98a132e9f2695ecd8de4387f91
SHA-256: a319e63fa74a380bb4e847cdfe4d320c77f41c693505e2a3c5d4eec70a84077c
gimp-libs-2.2.13-2.0.7.el5_6.2.ppc.rpm     MD5: 00dd2638a8b73a505d9b03d90ff1d223
SHA-256: c45ce521fbb33b2ff853c62d89dd2c04e0de2d6ac41fbe00d46e9c6d92d422bb
gimp-libs-2.2.13-2.0.7.el5_6.2.ppc64.rpm     MD5: 24371e7c2f2b213e3c6dcb96f256f735
SHA-256: 94f8123c7d7b00e55ca52d437e27205cf8ecfb292d32223a868868b90d875ec8
 
s390x:
gimp-2.2.13-2.0.7.el5_6.2.s390x.rpm     MD5: 4cfc4f67a6594419e2b1c860e65bae2e
SHA-256: 78d175ea4869287268032636074fc2363ea8dd81b2310511adea717c70bbd79b
gimp-devel-2.2.13-2.0.7.el5_6.2.s390.rpm     MD5: 2582109e10bf6c83fe19f6d6cff00c46
SHA-256: ce52e5b26ae836759c1f348a8f2d1a768ffb6450dcb7d07c5f80610300282f32
gimp-devel-2.2.13-2.0.7.el5_6.2.s390x.rpm     MD5: 7ad0b4834b2fbad1ee6e88525c4eef9b
SHA-256: 7bd526eeae0ad7fac94e36d4721a02f3daaa4c224cb3a6a660c4f496e491172c
gimp-libs-2.2.13-2.0.7.el5_6.2.s390.rpm     MD5: a88e57781df982e84b95224190bffb7e
SHA-256: f5ffa6f8c753ab9a308bbeb740ba7f4d880863e2ecfee31291a932f8e89d6ad3
gimp-libs-2.2.13-2.0.7.el5_6.2.s390x.rpm     MD5: c47d241eaf056a386bea1e955570f3a2
SHA-256: e8a02412bd0d8cd5963b2960e44c23a5dca47e6d2e53f8dde98029651ac055e2
 
x86_64:
gimp-2.2.13-2.0.7.el5_6.2.x86_64.rpm     MD5: 8ad4e153915e75457843ac5e3a5312e5
SHA-256: 321eee92a6ed52553f2b190137fcc2de459c9c652f7cef8686438800344f6b3e
gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm     MD5: e3e64c0d4c241ed08a1920e62a4a106c
SHA-256: 6c1d26861d86f3b0e59833eac7d0710d8c2c50f5421eca86d2371be648f6d9ed
gimp-devel-2.2.13-2.0.7.el5_6.2.x86_64.rpm     MD5: 0600bdfe2b8825bfa59711866dbbbd68
SHA-256: 47f385ec5f5c2261ce94529e15ab73d252c60e4a3188b1c6820bb135230926b3
gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm     MD5: dcc121b097f10397516a29083240c9a6
SHA-256: 1524e7cfb12ef236af6f6456ce98c82e2b2fb30a1fc671764c930782c3238dc5
gimp-libs-2.2.13-2.0.7.el5_6.2.x86_64.rpm     MD5: 93930987f1a8a683619c60645e5b4336
SHA-256: f78369db188237c5dfc1f56628e39e7b41fb420461511c817a7978c8364b58f2
 
Red Hat Enterprise Linux Long Life (v. 5.6 server)

SRPMS:
gimp-2.2.13-2.0.7.el5_6.2.src.rpm
File outdated by:  RHSA-2013:1778
    MD5: d87a368e755653269127af23b0cd9b25
SHA-256: 1e204b4d747de72f8c56a70e33f7512bb079e8931eb15e64af50e6a1815b50a0
 
IA-32:
gimp-2.2.13-2.0.7.el5_6.2.i386.rpm     MD5: 873d844c32299b777d37e4df97e0a1e9
SHA-256: a574d6c779324d32a0325ea87f4155d65c2fe11a9c2dfaa3ea2e9852cd035ad0
gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm     MD5: e3e64c0d4c241ed08a1920e62a4a106c
SHA-256: 6c1d26861d86f3b0e59833eac7d0710d8c2c50f5421eca86d2371be648f6d9ed
gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm     MD5: dcc121b097f10397516a29083240c9a6
SHA-256: 1524e7cfb12ef236af6f6456ce98c82e2b2fb30a1fc671764c930782c3238dc5
 
IA-64:
gimp-2.2.13-2.0.7.el5_6.2.ia64.rpm     MD5: a788fd962c8fdee9153545ccb2bac370
SHA-256: 7ea391e9bc84567bc06f06aeb84530ab0f79e66094c38dd5c945459dcb1d1253
gimp-devel-2.2.13-2.0.7.el5_6.2.ia64.rpm     MD5: 8b0a9dec55fde2bacddfbd709ba02a99
SHA-256: 6bd16adf610dc21d5691ff2845bdb8f6ed15ef0d3d11b9a27c171d7e4aa0472b
gimp-libs-2.2.13-2.0.7.el5_6.2.ia64.rpm     MD5: e2cf4938b66e4117a33b01fd39af0d8d
SHA-256: 51284d701b095ed3984f960c4e719016a0cdb64290224d7056fe174d0c917c0d
 
x86_64:
gimp-2.2.13-2.0.7.el5_6.2.x86_64.rpm     MD5: 8ad4e153915e75457843ac5e3a5312e5
SHA-256: 321eee92a6ed52553f2b190137fcc2de459c9c652f7cef8686438800344f6b3e
gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm     MD5: e3e64c0d4c241ed08a1920e62a4a106c
SHA-256: 6c1d26861d86f3b0e59833eac7d0710d8c2c50f5421eca86d2371be648f6d9ed
gimp-devel-2.2.13-2.0.7.el5_6.2.x86_64.rpm     MD5: 0600bdfe2b8825bfa59711866dbbbd68
SHA-256: 47f385ec5f5c2261ce94529e15ab73d252c60e4a3188b1c6820bb135230926b3
gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm     MD5: dcc121b097f10397516a29083240c9a6
SHA-256: 1524e7cfb12ef236af6f6456ce98c82e2b2fb30a1fc671764c930782c3238dc5
gimp-libs-2.2.13-2.0.7.el5_6.2.x86_64.rpm     MD5: 93930987f1a8a683619c60645e5b4336
SHA-256: f78369db188237c5dfc1f56628e39e7b41fb420461511c817a7978c8364b58f2
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

537356 - CVE-2009-1570 Gimp: Integer overflow in the BMP image file plugin
666793 - CVE-2010-4540 Gimp: Stack-based buffer overflow in Lighting plug-in
689831 - CVE-2011-1178 Gimp: Integer overflow in the PCX image file plug-in
703403 - CVE-2010-4541 Gimp: Stack-based buffer overflow in SphereDesigner plug-in
703405 - CVE-2010-4542 Gimp: Stack-based buffer overflow in Gfig plug-in
703407 - CVE-2010-4543 Gimp: Heap-based buffer overflow in Paint Shop Pro (PSP) plug-in


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/