openSUSE-SU-2021:0027-1

Опубликовано: 07 янв. 2021

Источник: suse-cvrf

Описание

Security update for gimp

This update for gimp fixes the following issues:

CVE-2017-17784: Fixed an insufficient string validation for input names (bsc#1073624).
CVE-2017-17785: Fixed an heap-based buffer overflow in FLI import (bsc#1073625).
CVE-2017-17786: Fixed an out-of-bounds read in TGA (bsc#1073626).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

gimp-2.8.22-lp151.5.9.1

gimp-devel-2.8.22-lp151.5.9.1

gimp-lang-2.8.22-lp151.5.9.1

gimp-plugin-aa-2.8.22-lp151.5.9.1

gimp-plugins-python-2.8.22-lp151.5.9.1

libgimp-2_0-0-2.8.22-lp151.5.9.1

libgimp-2_0-0-32bit-2.8.22-lp151.5.9.1

libgimpui-2_0-0-2.8.22-lp151.5.9.1

libgimpui-2_0-0-32bit-2.8.22-lp151.5.9.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LKBDGMCM5XJOHFKTACI2CEISBTSKVLD3/
E-Mail link for openSUSE-SU-2021:0027-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1073624
SUSE Bug 1073624
https://bugzilla.suse.com/1073625
SUSE Bug 1073625
https://bugzilla.suse.com/1073626
SUSE Bug 1073626
https://www.suse.com/security/cve/CVE-2017-17784/
SUSE CVE CVE-2017-17784 page
https://www.suse.com/security/cve/CVE-2017-17785/
SUSE CVE CVE-2017-17785 page
https://www.suse.com/security/cve/CVE-2017-17786/
SUSE CVE CVE-2017-17786 page

Описание

In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.

Затронутые продукты

openSUSE Leap 15.1:gimp-2.8.22-lp151.5.9.1

openSUSE Leap 15.1:gimp-devel-2.8.22-lp151.5.9.1

openSUSE Leap 15.1:gimp-lang-2.8.22-lp151.5.9.1

openSUSE Leap 15.1:gimp-plugin-aa-2.8.22-lp151.5.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17784.html
CVE-2017-17784
https://bugzilla.suse.com/1073624
SUSE Bug 1073624

Описание

In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.

Затронутые продукты

openSUSE Leap 15.1:gimp-2.8.22-lp151.5.9.1

openSUSE Leap 15.1:gimp-devel-2.8.22-lp151.5.9.1

openSUSE Leap 15.1:gimp-lang-2.8.22-lp151.5.9.1

openSUSE Leap 15.1:gimp-plugin-aa-2.8.22-lp151.5.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17785.html
CVE-2017-17785
https://bugzilla.suse.com/1073625
SUSE Bug 1073625

Описание

In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.

Затронутые продукты

openSUSE Leap 15.1:gimp-2.8.22-lp151.5.9.1

openSUSE Leap 15.1:gimp-devel-2.8.22-lp151.5.9.1

openSUSE Leap 15.1:gimp-lang-2.8.22-lp151.5.9.1

openSUSE Leap 15.1:gimp-plugin-aa-2.8.22-lp151.5.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17786.html
CVE-2017-17786
https://bugzilla.suse.com/1073626
SUSE Bug 1073626

openSUSE-SU-2021:0027-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2017-17784

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-17785

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-17786

Описание

Затронутые продукты

Ссылки