Описание
Security update for gimp
This update for gimp fixes the following issues:
- Fix for crashing due to segmentation fault caused by importing ghostscript files. (bsc#1161998)
Security issues fixed:
- CVE-2017-17785: Fixed an heap-based buffer overflow in FLI import (bsc#1073625)
- CVE-2017-17786: Fixed an out-of-bounds read in TGA (bsc#1073626)
- CVE-2017-17788: Fixed an out-of-bounds read in XCF (bsc#1073629)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP4
gimp-2.8.18-9.8.1
gimp-lang-2.8.18-9.8.1
gimp-plugins-python-2.8.18-9.8.1
libgimp-2_0-0-2.8.18-9.8.1
libgimpui-2_0-0-2.8.18-9.8.1
SUSE Linux Enterprise Software Development Kit 12 SP4
gimp-devel-2.8.18-9.8.1
libgimp-2_0-0-2.8.18-9.8.1
libgimpui-2_0-0-2.8.18-9.8.1
SUSE Linux Enterprise Software Development Kit 12 SP5
gimp-devel-2.8.18-9.8.1
libgimp-2_0-0-2.8.18-9.8.1
libgimpui-2_0-0-2.8.18-9.8.1
SUSE Linux Enterprise Workstation Extension 12 SP4
gimp-2.8.18-9.8.1
gimp-lang-2.8.18-9.8.1
gimp-plugins-python-2.8.18-9.8.1
libgimp-2_0-0-2.8.18-9.8.1
libgimpui-2_0-0-2.8.18-9.8.1
SUSE Linux Enterprise Workstation Extension 12 SP5
gimp-2.8.18-9.8.1
gimp-lang-2.8.18-9.8.1
gimp-plugins-python-2.8.18-9.8.1
libgimp-2_0-0-2.8.18-9.8.1
libgimpui-2_0-0-2.8.18-9.8.1
Ссылки
- Link for SUSE-SU-2020:0601-1
- E-Mail link for SUSE-SU-2020:0601-1
- SUSE Security Ratings
- SUSE Bug 1073625
- SUSE Bug 1073626
- SUSE Bug 1073629
- SUSE Bug 1161998
- SUSE CVE CVE-2017-17785 page
- SUSE CVE CVE-2017-17786 page
- SUSE CVE CVE-2017-17788 page
Описание
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:gimp-2.8.18-9.8.1
SUSE Linux Enterprise Desktop 12 SP4:gimp-lang-2.8.18-9.8.1
SUSE Linux Enterprise Desktop 12 SP4:gimp-plugins-python-2.8.18-9.8.1
SUSE Linux Enterprise Desktop 12 SP4:libgimp-2_0-0-2.8.18-9.8.1
Ссылки
- CVE-2017-17785
- SUSE Bug 1073625
Описание
In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:gimp-2.8.18-9.8.1
SUSE Linux Enterprise Desktop 12 SP4:gimp-lang-2.8.18-9.8.1
SUSE Linux Enterprise Desktop 12 SP4:gimp-plugins-python-2.8.18-9.8.1
SUSE Linux Enterprise Desktop 12 SP4:libgimp-2_0-0-2.8.18-9.8.1
Ссылки
- CVE-2017-17786
- SUSE Bug 1073626
Описание
In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:gimp-2.8.18-9.8.1
SUSE Linux Enterprise Desktop 12 SP4:gimp-lang-2.8.18-9.8.1
SUSE Linux Enterprise Desktop 12 SP4:gimp-plugins-python-2.8.18-9.8.1
SUSE Linux Enterprise Desktop 12 SP4:libgimp-2_0-0-2.8.18-9.8.1
Ссылки
- CVE-2017-17788
- SUSE Bug 1073629