Skip to navigation

Security Advisory Moderate: gegl security update

Advisory: RHSA-2012:1455-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-11-12
Last updated on: 2012-11-12
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.3.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-4433

Details

Updated gegl packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

GEGL (Generic Graphics Library) is a graph-based image processing
framework.

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the gegl utility processed .ppm (Portable Pixel Map) image
files. An attacker could create a specially-crafted .ppm file that, when
opened in gegl, would cause gegl to crash or, potentially, execute
arbitrary code. (CVE-2012-4433)

This issue was discovered by Murray McAllister of the Red Hat Security
Response Team.

Users of gegl should upgrade to these updated packages, which contain a
backported patch to correct this issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
gegl-0.1.2-4.el6_3.src.rpm
File outdated by:  RHBA-2013:1021
    MD5: 39d4886619a72e1c348521a4969163b6
SHA-256: 4f32692c88d223f8623b4327e4c7c5b9f7d4fdfe1aa699fbbdfcda4d425db434
 
IA-32:
gegl-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: d35b7af1d2e94db10af1cbbe33f2927d
SHA-256: 7fdbf1207a7948be04c00c3201d6a6b4ef2c045724d12c0bd578e5287d24ab38
gegl-debuginfo-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: cb48f69480932f4743ea721b890f47e1
SHA-256: 15bdc9c541baa2c204cef2bb48f46e388a47fe0a9d5269c27aaaf4b7e8675657
gegl-devel-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: 63dc2720df8c0ae06c8a90e3bc57814d
SHA-256: f2b71e8bb8c1a0001a84c27b93ded1163e495e9375e47a18211a4b7a964032c0
 
x86_64:
gegl-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: d35b7af1d2e94db10af1cbbe33f2927d
SHA-256: 7fdbf1207a7948be04c00c3201d6a6b4ef2c045724d12c0bd578e5287d24ab38
gegl-0.1.2-4.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1021
    MD5: 3ea302a86af78902121d1e06d2f6455e
SHA-256: 707763511749bbb85cff68cb9aba04d1a7d3447883e1079b130c1b6f021b9213
gegl-debuginfo-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: cb48f69480932f4743ea721b890f47e1
SHA-256: 15bdc9c541baa2c204cef2bb48f46e388a47fe0a9d5269c27aaaf4b7e8675657
gegl-debuginfo-0.1.2-4.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1021
    MD5: 3ad96a270ab47c68e98504a5b7f18683
SHA-256: 0ccf143511f9c4e0dcf9a80fefee115b3a13bcc5fd7cbcfddd5be531ffe236bd
gegl-devel-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: 63dc2720df8c0ae06c8a90e3bc57814d
SHA-256: f2b71e8bb8c1a0001a84c27b93ded1163e495e9375e47a18211a4b7a964032c0
gegl-devel-0.1.2-4.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1021
    MD5: 05dbe1a4548309a929d40ef6c0603f78
SHA-256: 869dd3995b42a29632c50e5fdd0a4be34727f92a7f3c00ac7a2eee1d426447bc
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
gegl-0.1.2-4.el6_3.src.rpm
File outdated by:  RHBA-2013:1021
    MD5: 39d4886619a72e1c348521a4969163b6
SHA-256: 4f32692c88d223f8623b4327e4c7c5b9f7d4fdfe1aa699fbbdfcda4d425db434
 
IA-32:
gegl-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: d35b7af1d2e94db10af1cbbe33f2927d
SHA-256: 7fdbf1207a7948be04c00c3201d6a6b4ef2c045724d12c0bd578e5287d24ab38
gegl-debuginfo-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: cb48f69480932f4743ea721b890f47e1
SHA-256: 15bdc9c541baa2c204cef2bb48f46e388a47fe0a9d5269c27aaaf4b7e8675657
gegl-devel-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: 63dc2720df8c0ae06c8a90e3bc57814d
SHA-256: f2b71e8bb8c1a0001a84c27b93ded1163e495e9375e47a18211a4b7a964032c0
 
PPC:
gegl-0.1.2-4.el6_3.ppc.rpm
File outdated by:  RHBA-2013:1021
    MD5: 71f3a19899164cb9776aa20a6821d2f9
SHA-256: d949b348ecbc8c9957052f51862637e75c2a203f58d123476db3d4f5e28d5853
gegl-0.1.2-4.el6_3.ppc64.rpm
File outdated by:  RHBA-2013:1021
    MD5: 5ee873a8f178e070f48304c54dac0936
SHA-256: 41a0e1314295cce1510b0639af258e010979db080845caeba542651aa8e586cd
gegl-debuginfo-0.1.2-4.el6_3.ppc.rpm
File outdated by:  RHBA-2013:1021
    MD5: f3646aea026a28a12263d019b2f1eca4
SHA-256: 69ae9871d77d34c6fe41bd3127d8390783d98fa2c21824b558c4966d1ad67a07
gegl-debuginfo-0.1.2-4.el6_3.ppc64.rpm
File outdated by:  RHBA-2013:1021
    MD5: 0837adab478594c5668f43bce6a082b2
SHA-256: e8df9595953aaf733c1f0de03679a1454d4583e14ab48f752874e95d2ad79a48
gegl-devel-0.1.2-4.el6_3.ppc.rpm
File outdated by:  RHBA-2013:1021
    MD5: 1c89118b81592c1fd95434f62866d36e
SHA-256: 2a0fdd73530c74904553b2b113027adee44165180453864f0f39620ef8152993
gegl-devel-0.1.2-4.el6_3.ppc64.rpm
File outdated by:  RHBA-2013:1021
    MD5: 6ee84521f7793b715502ebab2c2b0b94
SHA-256: 57c053c06e6f774f07320f3aa7a61a481000bd1c7faf5f396266cef8b5cb794f
 
s390x:
gegl-0.1.2-4.el6_3.s390.rpm
File outdated by:  RHBA-2013:1021
    MD5: efb99f21d4e2751247565a1c2c0fea04
SHA-256: 85fe8d928c69664bb675b66566487cf96d3819e2167e48476c91904f3699e195
gegl-0.1.2-4.el6_3.s390x.rpm
File outdated by:  RHBA-2013:1021
    MD5: 6e6a392cf0b986578150fef50448c35e
SHA-256: c16d58bc4d9f91bc6f4d89342266284ccab6784f4d297bc10edab37b6b5f78e1
gegl-debuginfo-0.1.2-4.el6_3.s390.rpm
File outdated by:  RHBA-2013:1021
    MD5: 79f926a9ce231e8ff9035e22779c9bf2
SHA-256: a1f7959210c3a3a9ed810c3919646de2dd9493585f6d83677b6b9a5d3a779b57
gegl-debuginfo-0.1.2-4.el6_3.s390x.rpm
File outdated by:  RHBA-2013:1021
    MD5: 6abfb8a0bf60eb686f579dc9b7bdd69d
SHA-256: c212e3fa055d6b5d745346adc99eb0dbfebc90d6180b29d7d7cd8d9ea157e5eb
gegl-devel-0.1.2-4.el6_3.s390.rpm
File outdated by:  RHBA-2013:1021
    MD5: dad8ad7fcecc06323f6383e6b5a03c78
SHA-256: 8a73d19ded357a7b1a10f1e8396a71f978915fba709467dfd6bc2bf367f059cd
gegl-devel-0.1.2-4.el6_3.s390x.rpm
File outdated by:  RHBA-2013:1021
    MD5: b246a627cad6c302712dd0b01ecfb1b1
SHA-256: 71bca84b411a35fd4350fe9e182c25252b782b7336cd8c814c908e260f7eccb0
 
x86_64:
gegl-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: d35b7af1d2e94db10af1cbbe33f2927d
SHA-256: 7fdbf1207a7948be04c00c3201d6a6b4ef2c045724d12c0bd578e5287d24ab38
gegl-0.1.2-4.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1021
    MD5: 3ea302a86af78902121d1e06d2f6455e
SHA-256: 707763511749bbb85cff68cb9aba04d1a7d3447883e1079b130c1b6f021b9213
gegl-debuginfo-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: cb48f69480932f4743ea721b890f47e1
SHA-256: 15bdc9c541baa2c204cef2bb48f46e388a47fe0a9d5269c27aaaf4b7e8675657
gegl-debuginfo-0.1.2-4.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1021
    MD5: 3ad96a270ab47c68e98504a5b7f18683
SHA-256: 0ccf143511f9c4e0dcf9a80fefee115b3a13bcc5fd7cbcfddd5be531ffe236bd
gegl-devel-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: 63dc2720df8c0ae06c8a90e3bc57814d
SHA-256: f2b71e8bb8c1a0001a84c27b93ded1163e495e9375e47a18211a4b7a964032c0
gegl-devel-0.1.2-4.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1021
    MD5: 05dbe1a4548309a929d40ef6c0603f78
SHA-256: 869dd3995b42a29632c50e5fdd0a4be34727f92a7f3c00ac7a2eee1d426447bc
 
Red Hat Enterprise Linux Server EUS (v. 6.3.z)

SRPMS:
gegl-0.1.2-4.el6_3.src.rpm
File outdated by:  RHBA-2013:1021
    MD5: 39d4886619a72e1c348521a4969163b6
SHA-256: 4f32692c88d223f8623b4327e4c7c5b9f7d4fdfe1aa699fbbdfcda4d425db434
 
IA-32:
gegl-0.1.2-4.el6_3.i686.rpm     MD5: d35b7af1d2e94db10af1cbbe33f2927d
SHA-256: 7fdbf1207a7948be04c00c3201d6a6b4ef2c045724d12c0bd578e5287d24ab38
gegl-debuginfo-0.1.2-4.el6_3.i686.rpm     MD5: cb48f69480932f4743ea721b890f47e1
SHA-256: 15bdc9c541baa2c204cef2bb48f46e388a47fe0a9d5269c27aaaf4b7e8675657
gegl-devel-0.1.2-4.el6_3.i686.rpm     MD5: 63dc2720df8c0ae06c8a90e3bc57814d
SHA-256: f2b71e8bb8c1a0001a84c27b93ded1163e495e9375e47a18211a4b7a964032c0
 
PPC:
gegl-0.1.2-4.el6_3.ppc.rpm     MD5: 71f3a19899164cb9776aa20a6821d2f9
SHA-256: d949b348ecbc8c9957052f51862637e75c2a203f58d123476db3d4f5e28d5853
gegl-0.1.2-4.el6_3.ppc64.rpm     MD5: 5ee873a8f178e070f48304c54dac0936
SHA-256: 41a0e1314295cce1510b0639af258e010979db080845caeba542651aa8e586cd
gegl-debuginfo-0.1.2-4.el6_3.ppc.rpm     MD5: f3646aea026a28a12263d019b2f1eca4
SHA-256: 69ae9871d77d34c6fe41bd3127d8390783d98fa2c21824b558c4966d1ad67a07
gegl-debuginfo-0.1.2-4.el6_3.ppc64.rpm     MD5: 0837adab478594c5668f43bce6a082b2
SHA-256: e8df9595953aaf733c1f0de03679a1454d4583e14ab48f752874e95d2ad79a48
gegl-devel-0.1.2-4.el6_3.ppc.rpm     MD5: 1c89118b81592c1fd95434f62866d36e
SHA-256: 2a0fdd73530c74904553b2b113027adee44165180453864f0f39620ef8152993
gegl-devel-0.1.2-4.el6_3.ppc64.rpm     MD5: 6ee84521f7793b715502ebab2c2b0b94
SHA-256: 57c053c06e6f774f07320f3aa7a61a481000bd1c7faf5f396266cef8b5cb794f
 
s390x:
gegl-0.1.2-4.el6_3.s390.rpm     MD5: efb99f21d4e2751247565a1c2c0fea04
SHA-256: 85fe8d928c69664bb675b66566487cf96d3819e2167e48476c91904f3699e195
gegl-0.1.2-4.el6_3.s390x.rpm     MD5: 6e6a392cf0b986578150fef50448c35e
SHA-256: c16d58bc4d9f91bc6f4d89342266284ccab6784f4d297bc10edab37b6b5f78e1
gegl-debuginfo-0.1.2-4.el6_3.s390.rpm     MD5: 79f926a9ce231e8ff9035e22779c9bf2
SHA-256: a1f7959210c3a3a9ed810c3919646de2dd9493585f6d83677b6b9a5d3a779b57
gegl-debuginfo-0.1.2-4.el6_3.s390x.rpm     MD5: 6abfb8a0bf60eb686f579dc9b7bdd69d
SHA-256: c212e3fa055d6b5d745346adc99eb0dbfebc90d6180b29d7d7cd8d9ea157e5eb
gegl-devel-0.1.2-4.el6_3.s390.rpm     MD5: dad8ad7fcecc06323f6383e6b5a03c78
SHA-256: 8a73d19ded357a7b1a10f1e8396a71f978915fba709467dfd6bc2bf367f059cd
gegl-devel-0.1.2-4.el6_3.s390x.rpm     MD5: b246a627cad6c302712dd0b01ecfb1b1
SHA-256: 71bca84b411a35fd4350fe9e182c25252b782b7336cd8c814c908e260f7eccb0
 
x86_64:
gegl-0.1.2-4.el6_3.i686.rpm     MD5: d35b7af1d2e94db10af1cbbe33f2927d
SHA-256: 7fdbf1207a7948be04c00c3201d6a6b4ef2c045724d12c0bd578e5287d24ab38
gegl-0.1.2-4.el6_3.x86_64.rpm     MD5: 3ea302a86af78902121d1e06d2f6455e
SHA-256: 707763511749bbb85cff68cb9aba04d1a7d3447883e1079b130c1b6f021b9213
gegl-debuginfo-0.1.2-4.el6_3.i686.rpm     MD5: cb48f69480932f4743ea721b890f47e1
SHA-256: 15bdc9c541baa2c204cef2bb48f46e388a47fe0a9d5269c27aaaf4b7e8675657
gegl-debuginfo-0.1.2-4.el6_3.x86_64.rpm     MD5: 3ad96a270ab47c68e98504a5b7f18683
SHA-256: 0ccf143511f9c4e0dcf9a80fefee115b3a13bcc5fd7cbcfddd5be531ffe236bd
gegl-devel-0.1.2-4.el6_3.i686.rpm     MD5: 63dc2720df8c0ae06c8a90e3bc57814d
SHA-256: f2b71e8bb8c1a0001a84c27b93ded1163e495e9375e47a18211a4b7a964032c0
gegl-devel-0.1.2-4.el6_3.x86_64.rpm     MD5: 05dbe1a4548309a929d40ef6c0603f78
SHA-256: 869dd3995b42a29632c50e5fdd0a4be34727f92a7f3c00ac7a2eee1d426447bc
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
gegl-0.1.2-4.el6_3.src.rpm
File outdated by:  RHBA-2013:1021
    MD5: 39d4886619a72e1c348521a4969163b6
SHA-256: 4f32692c88d223f8623b4327e4c7c5b9f7d4fdfe1aa699fbbdfcda4d425db434
 
IA-32:
gegl-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: d35b7af1d2e94db10af1cbbe33f2927d
SHA-256: 7fdbf1207a7948be04c00c3201d6a6b4ef2c045724d12c0bd578e5287d24ab38
gegl-debuginfo-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: cb48f69480932f4743ea721b890f47e1
SHA-256: 15bdc9c541baa2c204cef2bb48f46e388a47fe0a9d5269c27aaaf4b7e8675657
gegl-devel-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: 63dc2720df8c0ae06c8a90e3bc57814d
SHA-256: f2b71e8bb8c1a0001a84c27b93ded1163e495e9375e47a18211a4b7a964032c0
 
x86_64:
gegl-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: d35b7af1d2e94db10af1cbbe33f2927d
SHA-256: 7fdbf1207a7948be04c00c3201d6a6b4ef2c045724d12c0bd578e5287d24ab38
gegl-0.1.2-4.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1021
    MD5: 3ea302a86af78902121d1e06d2f6455e
SHA-256: 707763511749bbb85cff68cb9aba04d1a7d3447883e1079b130c1b6f021b9213
gegl-debuginfo-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: cb48f69480932f4743ea721b890f47e1
SHA-256: 15bdc9c541baa2c204cef2bb48f46e388a47fe0a9d5269c27aaaf4b7e8675657
gegl-debuginfo-0.1.2-4.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1021
    MD5: 3ad96a270ab47c68e98504a5b7f18683
SHA-256: 0ccf143511f9c4e0dcf9a80fefee115b3a13bcc5fd7cbcfddd5be531ffe236bd
gegl-devel-0.1.2-4.el6_3.i686.rpm
File outdated by:  RHBA-2013:1021
    MD5: 63dc2720df8c0ae06c8a90e3bc57814d
SHA-256: f2b71e8bb8c1a0001a84c27b93ded1163e495e9375e47a18211a4b7a964032c0
gegl-devel-0.1.2-4.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1021
    MD5: 05dbe1a4548309a929d40ef6c0603f78
SHA-256: 869dd3995b42a29632c50e5fdd0a4be34727f92a7f3c00ac7a2eee1d426447bc
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

856300 - CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/