Gentoo Security Advisory GLSA 200607-08 (gimp)

H0l@,

The remote host is missing updates announced in
advisory GLSA 200607-08.

GIMP is prone to a buffer overflow which may lead to the execution of
arbitrary code when loading specially crafted XCF files.

Solution:
All GIMP users should update to the latest stable version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=media-gfx/gimp-2.2.12'

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200607-08
http://bugs.gentoo.org/show_bug.cgi?id=139524

Risk factor : Medium
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3404
Bugtraq: 20060724 rPSA-2006-0135-1 gimp (Google Search)
http://www.securityfocus.com/archive/1/archive/1/441030/100/0/threaded
Bugtraq: 20060724 ERRATA: [ GLSA 200607-08 ] GIMP: Buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/441012/100/0/threaded
Bugtraq: 20060724 Re: [ GLSA 200607-08 ] GIMP: Buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/440987/100/0/threaded
Debian Security Information: DSA-1116 (Google Search)
http://www.debian.org/security/2006/dsa-1116
http://security.gentoo.org/glsa/glsa-200607-08.xml
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:127
http://www.redhat.com/support/errata/RHSA-2006-0598.html
SuSE Security Announcement: SUSE-SR:2006:019 (Google Search)
http://www.novell.com/linux/security/advisories/2006_19_sr.html
http://www.ubuntu.com/usn/usn-312-1
BugTraq ID: 18877
http://www.securityfocus.com/bid/18877
http://www.frsirt.com/english/advisories/2006/2703
http://www.osvdb.org/27037
http://securitytracker.com/id?1016527
http://secunia.com/advisories/20976
http://secunia.com/advisories/20979
http://secunia.com/advisories/21069
http://secunia.com/advisories/21104
http://secunia.com/advisories/21170
http://secunia.com/advisories/21182
http://secunia.com/advisories/21198
XForce ISS Database: gimp-xcfloadvector-bo(27687)
http://xforce.iss.net/xforce/xfdb/27687


Good Luck


Dino


Fuente:www.securityspace.com