SUSE-SU-2021:0015-1

Опубликовано: 04 янв. 2021

Источник: suse-cvrf

Описание

Security update for gimp

This update for gimp fixes the following issues:

CVE-2017-17784: Fixed an insufficient string validation for input names (bsc#1073624).
CVE-2017-17785: Fixed an heap-based buffer overflow in FLI import (bsc#1073625).
CVE-2017-17786: Fixed an out-of-bounds read in TGA (bsc#1073626).

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP5

gimp-devel-2.8.18-9.18.1

libgimp-2_0-0-2.8.18-9.18.1

libgimpui-2_0-0-2.8.18-9.18.1

SUSE Linux Enterprise Workstation Extension 12 SP5

gimp-2.8.18-9.18.1

gimp-lang-2.8.18-9.18.1

gimp-plugins-python-2.8.18-9.18.1

libgimp-2_0-0-2.8.18-9.18.1

libgimpui-2_0-0-2.8.18-9.18.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20210015-1/
Link for SUSE-SU-2021:0015-1
https://lists.suse.com/pipermail/sle-security-updates/2021-January/008130.html
E-Mail link for SUSE-SU-2021:0015-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1073624
SUSE Bug 1073624
https://bugzilla.suse.com/1073625
SUSE Bug 1073625
https://bugzilla.suse.com/1073626
SUSE Bug 1073626
https://www.suse.com/security/cve/CVE-2017-17784/
SUSE CVE CVE-2017-17784 page
https://www.suse.com/security/cve/CVE-2017-17785/
SUSE CVE CVE-2017-17785 page
https://www.suse.com/security/cve/CVE-2017-17786/
SUSE CVE CVE-2017-17786 page

Описание

In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP5:gimp-devel-2.8.18-9.18.1

SUSE Linux Enterprise Software Development Kit 12 SP5:libgimp-2_0-0-2.8.18-9.18.1

SUSE Linux Enterprise Software Development Kit 12 SP5:libgimpui-2_0-0-2.8.18-9.18.1

SUSE Linux Enterprise Workstation Extension 12 SP5:gimp-2.8.18-9.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17784.html
CVE-2017-17784
https://bugzilla.suse.com/1073624
SUSE Bug 1073624

Описание

In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP5:gimp-devel-2.8.18-9.18.1

SUSE Linux Enterprise Software Development Kit 12 SP5:libgimp-2_0-0-2.8.18-9.18.1

SUSE Linux Enterprise Software Development Kit 12 SP5:libgimpui-2_0-0-2.8.18-9.18.1

SUSE Linux Enterprise Workstation Extension 12 SP5:gimp-2.8.18-9.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17785.html
CVE-2017-17785
https://bugzilla.suse.com/1073625
SUSE Bug 1073625

Описание

In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP5:gimp-devel-2.8.18-9.18.1

SUSE Linux Enterprise Software Development Kit 12 SP5:libgimp-2_0-0-2.8.18-9.18.1

SUSE Linux Enterprise Software Development Kit 12 SP5:libgimpui-2_0-0-2.8.18-9.18.1

SUSE Linux Enterprise Workstation Extension 12 SP5:gimp-2.8.18-9.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17786.html
CVE-2017-17786
https://bugzilla.suse.com/1073626
SUSE Bug 1073626

SUSE-SU-2021:0015-1

Описание

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE Linux Enterprise Workstation Extension 12 SP5

Ссылки

Уязвимость: CVE-2017-17784

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-17785

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-17786

Описание

Затронутые продукты

Ссылки