From $URL, four CVEs assigned for four buffer overflows in gimp. > This one is from the debian bug tracker [1], there are four buffer > overflows in gimp plugins. > > I am not sure if this would need one CVE or four? > > [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497 > > I'm going to give this four. We *might* be able to get away with two, but since they're all in quite different bits of code, I'm betting the affected versions are different, and it's likely upstream is going to fix these all at different times in their SCM. CVE-2010-4540 gimp LIGHTING EFFECTS > LIGHT plugin stack buffer overflow CVE-2010-4541 gimp SPHERE DESIGNER plugin stack buffer overflow CVE-2010-4542 gimp GFIG plugin stack buffer overflow CVE-2010-4543 gimp heap overflow read_channel_data() in file-psp.c
Did you see any patches for them? Else we'll probably just wait for either debian or upstream to provide some patches.
(In reply to comment #1) > Did you see any patches for them? Else we'll probably just wait for either > debian or upstream to provide some patches. > No, no patches that I can find. I'll keep my eye open for updates as well. Thanks.
Bumped with upstream patches. I'd like to wait some days till stabilizing, shouldn't matter, the issues are pretty minor either.
This is also needed to fix printing with cairo-1.10, I think arches should be CCed as soon as possible. Thanks
Archs, please go ahead stabilizing media-gfx/gimp-2.6.11-r1
Tested OK on SPARC and x86. Stabilisation would be nice.
ppc/ppc64 stable
amd64 ok
x86 stable, thanks Alex
Stable for HPPA.
amd64 done. Thanks Agostino
alpha/ia64/sparc stable
Thanks, folks. Added to existing GLSA request.
CVE-2010-4543 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4543): Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. CVE-2010-4542 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4542): Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information. CVE-2010-4541 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4541): Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. CVE-2010-4540 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4540): Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.
This issue was resolved and addressed in GLSA 201209-23 at http://security.gentoo.org/glsa/glsa-201209-23.xml by GLSA coordinator Sean Amoss (ackle).