Test Kennung:	1.3.6.1.4.1.25623.1.0.71154
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 2426-1 (gimp)
Zusammenfassung:	The remote host is missing an update to gimp;announced via advisory DSA 2426-1.
Beschreibung:	Summary: The remote host is missing an update to gimp announced via advisory DSA 2426-1. Vulnerability Insight: Several vulnerabilities have been identified in GIMP, the GNU Image Manipulation Program. CVE-2010-4540 Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the LIGHTING EFFECTS > LIGHT plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. CVE-2010-4541 Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Number of lights field in a plugin configuration file. CVE-2010-4542 Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in the GFIG plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. CVE-2010-4543 Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. CVE-2011-1782 The correction for CVE-2010-4543 was incomplete. CVE-2011-2896 The LZW decompressor in the LZWReadByte function in plug-ins/common/file-gif-load.c does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream. For the stable distribution (squeeze), these problems have been fixed in version 2.6.10-1+squeeze3. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 2.6.11-5. Solution: We recommend that you upgrade your gimp packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4540 Debian Security Information: DSA-2426 (Google Search) http://www.debian.org/security/2012/dsa-2426 http://security.gentoo.org/glsa/glsa-201209-23.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:103 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497 http://openwall.com/lists/oss-security/2011/01/03/2 http://openwall.com/lists/oss-security/2011/01/04/7 http://osvdb.org/70282 http://www.redhat.com/support/errata/RHSA-2011-0838.html http://www.redhat.com/support/errata/RHSA-2011-0839.html http://secunia.com/advisories/42771 http://secunia.com/advisories/44750 http://secunia.com/advisories/48236 http://secunia.com/advisories/50737 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.vupen.com/english/advisories/2011/0016 XForce ISS Database: gimp-lightning-effects-bo(64582) https://exchange.xforce.ibmcloud.com/vulnerabilities/64582 Common Vulnerability Exposure (CVE) ID: CVE-2010-4541 http://osvdb.org/70281 http://www.redhat.com/support/errata/RHSA-2011-0837.html XForce ISS Database: gimp-sphere-designer-bo(64581) https://exchange.xforce.ibmcloud.com/vulnerabilities/64581 Common Vulnerability Exposure (CVE) ID: CVE-2010-4542 http://osvdb.org/70283 Common Vulnerability Exposure (CVE) ID: CVE-2010-4543 http://osvdb.org/70284 Common Vulnerability Exposure (CVE) ID: CVE-2011-1782 Common Vulnerability Exposure (CVE) ID: CVE-2011-2896 BugTraq ID: 49148 http://www.securityfocus.com/bid/49148 Debian Security Information: DSA-2354 (Google Search) http://www.debian.org/security/2011/dsa-2354 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 http://www.mandriva.com/security/advisories?name=MDVSA-2011:167 http://www.openwall.com/lists/oss-security/2011/08/10/10 http://www.redhat.com/support/errata/RHSA-2011-1635.html RedHat Security Advisories: RHSA-2012:1180 http://rhn.redhat.com/errata/RHSA-2012-1180.html RedHat Security Advisories: RHSA-2012:1181 http://rhn.redhat.com/errata/RHSA-2012-1181.html http://www.securitytracker.com/id?1025929 http://secunia.com/advisories/45621 http://secunia.com/advisories/45900 http://secunia.com/advisories/45945 http://secunia.com/advisories/45948 http://secunia.com/advisories/46024 http://secunia.com/advisories/48308 http://www.ubuntu.com/usn/USN-1207-1 http://www.ubuntu.com/usn/USN-1214-1
Copyright	Copyright (C) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.