Skip to navigation

Security Advisory Moderate: gimp security update

Advisory: RHSA-2011:0837-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-05-31
Last updated on: 2011-05-31
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2009-1570
CVE-2010-4541
CVE-2010-4543
CVE-2011-1178

Details

Updated gimp packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The GIMP (GNU Image Manipulation Program) is an image composition and
editing program.

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer
eXchange (PCX) image file plug-ins. An attacker could create a
specially-crafted BMP or PCX image file that, when opened, could cause the
relevant plug-in to crash or, potentially, execute arbitrary code with the
privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)

A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro
(PSP) image file plug-in. An attacker could create a specially-crafted PSP
image file that, when opened, could cause the PSP plug-in to crash or,
potentially, execute arbitrary code with the privileges of the user running
the GIMP. (CVE-2010-4543)

A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer
image filter. An attacker could create a specially-crafted Sphere Designer
filter configuration file that, when opened, could cause the Sphere
Designer plug-in to crash or, potentially, execute arbitrary code with the
privileges of the user running the GIMP. (CVE-2010-4541)

Red Hat would like to thank Stefan Cornelius of Secunia Research for
responsibly reporting the CVE-2009-1570 flaw.

Users of the GIMP are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The GIMP must be
restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
gimp-2.0.5-7.0.7.el4.1.src.rpm     MD5: a3cef31bdf5eefed877f43a17f731ac7
SHA-256: 823620157f9f9d3b90bbb484bf2bae973b72d2a87407793d2a33b6b0e4a0799e
 
IA-32:
gimp-2.0.5-7.0.7.el4.1.i386.rpm     MD5: 12bf288677eb6de6339b1fc0216d2662
SHA-256: 2e91a58d7f1813c918e92d91c80a05dca3d3f798a67992d8bf3dc9c72b72a241
gimp-devel-2.0.5-7.0.7.el4.1.i386.rpm     MD5: 5ce3053661618fc28884fcbafd77e7c3
SHA-256: 519a217ca645108ed7cfa5b423a321077d93d0aecfcc11e1c508f812a5c8163c
 
x86_64:
gimp-2.0.5-7.0.7.el4.1.x86_64.rpm     MD5: de74e9a77c7f0e3b2e29ebc0e3d49a01
SHA-256: 1e3968061341089121ce96070b9340ecf9d466ac4dae73fb53bca21bd170d54c
gimp-devel-2.0.5-7.0.7.el4.1.x86_64.rpm     MD5: 4e8863c703661ae12238b7b6bba184c2
SHA-256: 2937cbbc4ec73b7beb7e89b4a82b644d77f1221cf3dbef4a129df8a9dd12cc1e
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
gimp-2.0.5-7.0.7.el4.1.src.rpm     MD5: a3cef31bdf5eefed877f43a17f731ac7
SHA-256: 823620157f9f9d3b90bbb484bf2bae973b72d2a87407793d2a33b6b0e4a0799e
 
IA-32:
gimp-2.0.5-7.0.7.el4.1.i386.rpm     MD5: 12bf288677eb6de6339b1fc0216d2662
SHA-256: 2e91a58d7f1813c918e92d91c80a05dca3d3f798a67992d8bf3dc9c72b72a241
gimp-devel-2.0.5-7.0.7.el4.1.i386.rpm     MD5: 5ce3053661618fc28884fcbafd77e7c3
SHA-256: 519a217ca645108ed7cfa5b423a321077d93d0aecfcc11e1c508f812a5c8163c
 
IA-64:
gimp-2.0.5-7.0.7.el4.1.ia64.rpm     MD5: 9f2a005d2ea31855b6edc6206d2cc821
SHA-256: 851d4ab5e74b5f90aeccfd4da1822bdfadf47d011b53ff40e8d7769147c0028d
gimp-devel-2.0.5-7.0.7.el4.1.ia64.rpm     MD5: 3084288d8f37a5213c629c7fcf794ba5
SHA-256: 5cd7c1644546135d9a01f7750d0a2e0316b574b700317fee9ddd95f2bffd83c9
 
PPC:
gimp-2.0.5-7.0.7.el4.1.ppc.rpm     MD5: 5fd49eb29988d9862b0bb2026a85fe42
SHA-256: df23801cf6db5add606c7b3f27a4670fd8bf30633d988c4c1a374d0a9046fdf5
gimp-devel-2.0.5-7.0.7.el4.1.ppc.rpm     MD5: c40476af19e409cb55d35696a04132c1
SHA-256: 7173cc2cce526205ddf8da61330f3eb3922bc1d2b98e35fb31ed6050565b4192
 
s390:
gimp-2.0.5-7.0.7.el4.1.s390.rpm     MD5: ab51c5a14f769bcebef063a0e768cbc0
SHA-256: 694c126c7c2721df49c27d75d7e485207d7ae6007c77b9b0486b804e04bb693e
gimp-devel-2.0.5-7.0.7.el4.1.s390.rpm     MD5: 454c43d5ebe76634ab76207fa6015e9b
SHA-256: 3b72662265920ccd79c4a58be985d5d382968a894029c22820dd9d7c14fa8fdb
 
s390x:
gimp-2.0.5-7.0.7.el4.1.s390x.rpm     MD5: 842b35461ac251aa7053c73c509aba02
SHA-256: b4754c80e23775501323882ce9595215ab9e2446c6b58fc475ee1fa2f834131e
gimp-devel-2.0.5-7.0.7.el4.1.s390x.rpm     MD5: 7da8b6ef9c656a1e3a7371a460eca8d9
SHA-256: e92b7d43cad66bc18d7e4986e259d784bf675889f55ae70f607775d43d558fcc
 
x86_64:
gimp-2.0.5-7.0.7.el4.1.x86_64.rpm     MD5: de74e9a77c7f0e3b2e29ebc0e3d49a01
SHA-256: 1e3968061341089121ce96070b9340ecf9d466ac4dae73fb53bca21bd170d54c
gimp-devel-2.0.5-7.0.7.el4.1.x86_64.rpm     MD5: 4e8863c703661ae12238b7b6bba184c2
SHA-256: 2937cbbc4ec73b7beb7e89b4a82b644d77f1221cf3dbef4a129df8a9dd12cc1e
 
Red Hat Enterprise Linux AS (v. 4.8.z)

SRPMS:
gimp-2.0.5-7.0.7.el4.1.src.rpm     MD5: a3cef31bdf5eefed877f43a17f731ac7
SHA-256: 823620157f9f9d3b90bbb484bf2bae973b72d2a87407793d2a33b6b0e4a0799e
 
IA-32:
gimp-2.0.5-7.0.7.el4.1.i386.rpm     MD5: 12bf288677eb6de6339b1fc0216d2662
SHA-256: 2e91a58d7f1813c918e92d91c80a05dca3d3f798a67992d8bf3dc9c72b72a241
gimp-devel-2.0.5-7.0.7.el4.1.i386.rpm     MD5: 5ce3053661618fc28884fcbafd77e7c3
SHA-256: 519a217ca645108ed7cfa5b423a321077d93d0aecfcc11e1c508f812a5c8163c
 
IA-64:
gimp-2.0.5-7.0.7.el4.1.ia64.rpm     MD5: 9f2a005d2ea31855b6edc6206d2cc821
SHA-256: 851d4ab5e74b5f90aeccfd4da1822bdfadf47d011b53ff40e8d7769147c0028d
gimp-devel-2.0.5-7.0.7.el4.1.ia64.rpm     MD5: 3084288d8f37a5213c629c7fcf794ba5
SHA-256: 5cd7c1644546135d9a01f7750d0a2e0316b574b700317fee9ddd95f2bffd83c9
 
PPC:
gimp-2.0.5-7.0.7.el4.1.ppc.rpm     MD5: 5fd49eb29988d9862b0bb2026a85fe42
SHA-256: df23801cf6db5add606c7b3f27a4670fd8bf30633d988c4c1a374d0a9046fdf5
gimp-devel-2.0.5-7.0.7.el4.1.ppc.rpm     MD5: c40476af19e409cb55d35696a04132c1
SHA-256: 7173cc2cce526205ddf8da61330f3eb3922bc1d2b98e35fb31ed6050565b4192
 
s390:
gimp-2.0.5-7.0.7.el4.1.s390.rpm     MD5: ab51c5a14f769bcebef063a0e768cbc0
SHA-256: 694c126c7c2721df49c27d75d7e485207d7ae6007c77b9b0486b804e04bb693e
gimp-devel-2.0.5-7.0.7.el4.1.s390.rpm     MD5: 454c43d5ebe76634ab76207fa6015e9b
SHA-256: 3b72662265920ccd79c4a58be985d5d382968a894029c22820dd9d7c14fa8fdb
 
s390x:
gimp-2.0.5-7.0.7.el4.1.s390x.rpm     MD5: 842b35461ac251aa7053c73c509aba02
SHA-256: b4754c80e23775501323882ce9595215ab9e2446c6b58fc475ee1fa2f834131e
gimp-devel-2.0.5-7.0.7.el4.1.s390x.rpm     MD5: 7da8b6ef9c656a1e3a7371a460eca8d9
SHA-256: e92b7d43cad66bc18d7e4986e259d784bf675889f55ae70f607775d43d558fcc
 
x86_64:
gimp-2.0.5-7.0.7.el4.1.x86_64.rpm     MD5: de74e9a77c7f0e3b2e29ebc0e3d49a01
SHA-256: 1e3968061341089121ce96070b9340ecf9d466ac4dae73fb53bca21bd170d54c
gimp-devel-2.0.5-7.0.7.el4.1.x86_64.rpm     MD5: 4e8863c703661ae12238b7b6bba184c2
SHA-256: 2937cbbc4ec73b7beb7e89b4a82b644d77f1221cf3dbef4a129df8a9dd12cc1e
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
gimp-2.0.5-7.0.7.el4.1.src.rpm     MD5: a3cef31bdf5eefed877f43a17f731ac7
SHA-256: 823620157f9f9d3b90bbb484bf2bae973b72d2a87407793d2a33b6b0e4a0799e
 
IA-32:
gimp-2.0.5-7.0.7.el4.1.i386.rpm     MD5: 12bf288677eb6de6339b1fc0216d2662
SHA-256: 2e91a58d7f1813c918e92d91c80a05dca3d3f798a67992d8bf3dc9c72b72a241
gimp-devel-2.0.5-7.0.7.el4.1.i386.rpm     MD5: 5ce3053661618fc28884fcbafd77e7c3
SHA-256: 519a217ca645108ed7cfa5b423a321077d93d0aecfcc11e1c508f812a5c8163c
 
IA-64:
gimp-2.0.5-7.0.7.el4.1.ia64.rpm     MD5: 9f2a005d2ea31855b6edc6206d2cc821
SHA-256: 851d4ab5e74b5f90aeccfd4da1822bdfadf47d011b53ff40e8d7769147c0028d
gimp-devel-2.0.5-7.0.7.el4.1.ia64.rpm     MD5: 3084288d8f37a5213c629c7fcf794ba5
SHA-256: 5cd7c1644546135d9a01f7750d0a2e0316b574b700317fee9ddd95f2bffd83c9
 
x86_64:
gimp-2.0.5-7.0.7.el4.1.x86_64.rpm     MD5: de74e9a77c7f0e3b2e29ebc0e3d49a01
SHA-256: 1e3968061341089121ce96070b9340ecf9d466ac4dae73fb53bca21bd170d54c
gimp-devel-2.0.5-7.0.7.el4.1.x86_64.rpm     MD5: 4e8863c703661ae12238b7b6bba184c2
SHA-256: 2937cbbc4ec73b7beb7e89b4a82b644d77f1221cf3dbef4a129df8a9dd12cc1e
 
Red Hat Enterprise Linux ES (v. 4.8.z)

SRPMS:
gimp-2.0.5-7.0.7.el4.1.src.rpm     MD5: a3cef31bdf5eefed877f43a17f731ac7
SHA-256: 823620157f9f9d3b90bbb484bf2bae973b72d2a87407793d2a33b6b0e4a0799e
 
IA-32:
gimp-2.0.5-7.0.7.el4.1.i386.rpm     MD5: 12bf288677eb6de6339b1fc0216d2662
SHA-256: 2e91a58d7f1813c918e92d91c80a05dca3d3f798a67992d8bf3dc9c72b72a241
gimp-devel-2.0.5-7.0.7.el4.1.i386.rpm     MD5: 5ce3053661618fc28884fcbafd77e7c3
SHA-256: 519a217ca645108ed7cfa5b423a321077d93d0aecfcc11e1c508f812a5c8163c
 
IA-64:
gimp-2.0.5-7.0.7.el4.1.ia64.rpm     MD5: 9f2a005d2ea31855b6edc6206d2cc821
SHA-256: 851d4ab5e74b5f90aeccfd4da1822bdfadf47d011b53ff40e8d7769147c0028d
gimp-devel-2.0.5-7.0.7.el4.1.ia64.rpm     MD5: 3084288d8f37a5213c629c7fcf794ba5
SHA-256: 5cd7c1644546135d9a01f7750d0a2e0316b574b700317fee9ddd95f2bffd83c9
 
x86_64:
gimp-2.0.5-7.0.7.el4.1.x86_64.rpm     MD5: de74e9a77c7f0e3b2e29ebc0e3d49a01
SHA-256: 1e3968061341089121ce96070b9340ecf9d466ac4dae73fb53bca21bd170d54c
gimp-devel-2.0.5-7.0.7.el4.1.x86_64.rpm     MD5: 4e8863c703661ae12238b7b6bba184c2
SHA-256: 2937cbbc4ec73b7beb7e89b4a82b644d77f1221cf3dbef4a129df8a9dd12cc1e
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
gimp-2.0.5-7.0.7.el4.1.src.rpm     MD5: a3cef31bdf5eefed877f43a17f731ac7
SHA-256: 823620157f9f9d3b90bbb484bf2bae973b72d2a87407793d2a33b6b0e4a0799e
 
IA-32:
gimp-2.0.5-7.0.7.el4.1.i386.rpm     MD5: 12bf288677eb6de6339b1fc0216d2662
SHA-256: 2e91a58d7f1813c918e92d91c80a05dca3d3f798a67992d8bf3dc9c72b72a241
gimp-devel-2.0.5-7.0.7.el4.1.i386.rpm     MD5: 5ce3053661618fc28884fcbafd77e7c3
SHA-256: 519a217ca645108ed7cfa5b423a321077d93d0aecfcc11e1c508f812a5c8163c
 
IA-64:
gimp-2.0.5-7.0.7.el4.1.ia64.rpm     MD5: 9f2a005d2ea31855b6edc6206d2cc821
SHA-256: 851d4ab5e74b5f90aeccfd4da1822bdfadf47d011b53ff40e8d7769147c0028d
gimp-devel-2.0.5-7.0.7.el4.1.ia64.rpm     MD5: 3084288d8f37a5213c629c7fcf794ba5
SHA-256: 5cd7c1644546135d9a01f7750d0a2e0316b574b700317fee9ddd95f2bffd83c9
 
x86_64:
gimp-2.0.5-7.0.7.el4.1.x86_64.rpm     MD5: de74e9a77c7f0e3b2e29ebc0e3d49a01
SHA-256: 1e3968061341089121ce96070b9340ecf9d466ac4dae73fb53bca21bd170d54c
gimp-devel-2.0.5-7.0.7.el4.1.x86_64.rpm     MD5: 4e8863c703661ae12238b7b6bba184c2
SHA-256: 2937cbbc4ec73b7beb7e89b4a82b644d77f1221cf3dbef4a129df8a9dd12cc1e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

537356 - CVE-2009-1570 Gimp: Integer overflow in the BMP image file plugin
689831 - CVE-2011-1178 Gimp: Integer overflow in the PCX image file plug-in
703403 - CVE-2010-4541 Gimp: Stack-based buffer overflow in SphereDesigner plug-in
703407 - CVE-2010-4543 Gimp: Heap-based buffer overflow in Paint Shop Pro (PSP) plug-in


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/