Bug 176226 - media-gfx/gimp buffer overflow in sunras plugin (CVE-2007-2356)
|
Bug#:
176226
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: enhancement
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: py@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://secunia.com/advisories/25012/
|
|
Summary: media-gfx/gimp buffer overflow in sunras plugin (CVE-2007-2356)
|
|
Keywords:
|
|
Status Whiteboard: A2 [glsa] p-y
|
|
Opened: 2007-04-27 11:29 0000
|
Marsu has discovered a vulnerability in Gimp, which can be exploited by
malicious people to compromise a user's system.
The vulnerability is caused due to an error within the "set_color_table()"
function in plug-ins/common/sunras.c. This can be exploited to cause a
stack-based buffer overflow by e.g. tricking a user into opening a specially
crafted .RAS file.
Successful exploitation may allow the execution of arbitrary code.
The vulnerability is confirmed in version 2.2.14. Other versions may also be
affected.
Solution:
Do not open untrusted .RAS files.
setting status and cc'ing maintainer.
No patch, no upstream information...
I'll try to get some statement from upstream asap.
Bumped with patch from upstream svn. Fixed in 2.2.14 and 2.3.16.
Archs please go on with stablemarking 2.2.14.
mips, fyi, I've removed the ~mips-keyword from 2.3.16, if you wanna have gimp
2.4 look that you get your dependencies ready.
gimp--2.2.14 fails with collision-detect on
* checking 1768 files for package collisions
existing file /usr/lib64/gimp/2.0/python/gimpenums.pyc is not owned by this
package
existing file /usr/lib64/gimp/2.0/python/gimpfu.pyc is not owned by this
package
1000 files checked ...
Jeffrey, collision with what? I can't think of another package owning these
files, so I wonder why they are there on your system.
hppa cannot currently test gimp, as we need glibc-2.5 stable before gimp will
work (again). Right now, gimp does not even finish loading, and hangs before it
could possibly do damage through this vulnerability. When hppa's glibc-2.5 ship
comes in, I will be sure to revisit gimp, test it and mark it, but as for now,
gimp cannot possibly pose a threat. Please move forward without us.
security: I think we're ready for GLSA.
collission-issues should be fixed now, but anyway, if they still occur, please
open a new bug as they've nothing to do with this security-issue.
well hum, keeping opened in "enhancement" pending hppa/glibc resolution. Feel
sorry for crashing the party, but I think the glsa is wrong.
It's not "fixed in >=2.2.14", but "fixed in (>=2.2.14 <2.2.999) and >=2.3.16.
It's important that ~-users update their gimp 2.3.x as well (and, of course,
svn/9999-users shoudl re-merge).
Don't know if this is worth releasing an updated glsa, I leave this up to
security.
2.3.x seems to be marked ~ so we don't consider that. However I do think that
the GLSA lacks a warning for hppa users.
Hi jer or any member of HPPA team,
please could you fix the keywording stuff of gimp so that the hppa users don't
remain with an apparently/possibly vulnerable version on their system:
- either mark stable 2.2.14,
- either dekeyword 2.2.*,
as you prefer, thanks
(In reply to comment #19)
> Hi jer or any member of HPPA team,
Hi there!
> - either mark stable 2.2.14,
Done.
