641954 – (CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789) <media-gfx/gimp-2.8.22-r1: Multiple vulnerabilities

Bug 641954 (CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789) - <media-gfx/gimp-2.8.22-r1: Multiple vulnerabilities

Summary: <media-gfx/gimp-2.8.22-r1: Multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-12-21 16:44 UTC by GLSAMaker/CVETool Bot
Modified:	2018-04-22 21:34 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	media-gfx/gimp-2.8.22-r1
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2017-12-21 16:44:46 UTC

CVE-2017-17789 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17789):
  In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data
  in plug-ins/common/file-psp.c.

CVE-2017-17788 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17788):
  In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream
  in app/xcf/xcf.c when there is no '\0' character after the version string.

CVE-2017-17787 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17787):
  In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block
  in plug-ins/common/file-psp.c.

CVE-2017-17786 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17786):
  In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in
  plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected
  bits-per-pixel value for an RGBA image.

CVE-2017-17785 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17785):
  In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun
  function in plug-ins/file-fli/fli.c.

CVE-2017-17784 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17784):
  In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in
  plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling
  of UTF-8 data.

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-12-21 16:45:43 UTC

@Maintainer please call for stabilization when ready. 

Thank you.

Comment 2 Sebastian Pipping gentoo-dev

2018-01-03 03:23:58 UTC

commit c0f2d036a569a8a7d5dca3f17ab8c2f952b8cce6
Author: Sebastian Pipping <sping@g.o>
Date:   Wed Jan 3 04:15:03 2018 +0100

    media-gfx/gimp: CVE-2017-17784 to CVE-2017-17789
    
    Package-Manager: Portage-2.3.16, Repoman-2.3.6

 .../gimp/files/gimp-2.8.22-cve-2017-17784.patch    |  32 ++++
 .../gimp/files/gimp-2.8.22-cve-2017-17785.patch    | 161 ++++++++++++++++
 .../gimp/files/gimp-2.8.22-cve-2017-17786-1.patch  |  53 ++++++
 .../gimp/files/gimp-2.8.22-cve-2017-17786-2.patch  |  31 ++++
 .../gimp/files/gimp-2.8.22-cve-2017-17787.patch    |  33 ++++
 .../gimp/files/gimp-2.8.22-cve-2017-17788.patch    |  29 +++
 .../gimp/files/gimp-2.8.22-cve-2017-17789.patch    |  38 ++++
 .../gimp/files/gimp-2.9.8-cve-2017-17784.patch     |  30 +++
 media-gfx/gimp/gimp-2.8.22-r1.ebuild               | 176 ++++++++++++++++++
 media-gfx/gimp/gimp-2.9.8-r1.ebuild                | 205 +++++++++++++++++++++
 10 files changed, 788 insertions(+)

https://github.com/gentoo/gentoo/commit/c0f2d036a569a8a7d5dca3f17ab8c2f952b8cce6


# eshowkw 
Keywords for media-gfx/gimp:
            |                                 |   u   |  
            | a a         p   a     n r     s |   n   |  
            | l m   h i   p   r m m i i s   p | e u s | r
            | p d a p a p c x m i 6 o s 3   a | a s l | e
            | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o | p
            | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t | o
------------+---------------------------------+-------+-------
  2.8.22    | + + ~ + + + + + o ~ o o o o o + | 5 o 2 | gentoo
  2.8.22-r1 | ~ ~ ~ ~ ~ ~ ~ ~ o ~ o o o o o ~ | 5 o   | gentoo
   2.9.6    | ~ ~ ~ ~ ~ o ~ ~ o o o o o o o o | 6 #   | gentoo
   2.9.8    | ~ ~ ~ ~ ~ o ~ ~ o o o o o o o o | 6 #   | gentoo
[I]2.9.8-r1 | ~ ~ ~ ~ ~ o ~ ~ o o o o o o o o | 6 o   | gentoo
    9999    | o o o o o o o o o o o o o o o o | 6 o   | gentoo


Adding arches: alpha amd64 hppa ia64 ppc64 ppc x86 sparc

Comment 3 Sebastian Pipping gentoo-dev

2018-01-03 19:18:38 UTC

commit 705ff2a4e6bb8b20e389bcc84867f6c75fdc1571
Author: Sebastian Pipping <sping@g.o>
Date:   Wed Jan 3 20:15:58 2018 +0100

    media-gfx/gimp: Remove vulnerable (bug 641954)
    
    Package-Manager: Portage-2.3.16, Repoman-2.3.6

 media-gfx/gimp/Manifest          |   1 -
 media-gfx/gimp/gimp-2.9.6.ebuild | 197 ---------------------------------------
 media-gfx/gimp/gimp-2.9.8.ebuild | 197 ---------------------------------------
 3 files changed, 395 deletions(-)

https://github.com/gentoo/gentoo/commit/705ff2a4e6bb8b20e389bcc84867f6c75fdc1571

Comment 4 Christopher Díaz Riveros (RETIRED) gentoo-dev

2018-01-04 21:28:52 UTC

@Arches please test and mark stable.

Thank you

Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev

2018-01-06 05:25:39 UTC

x86 stable

Comment 6 Agostino Sarubbo gentoo-dev

2018-01-06 17:53:59 UTC

amd64 stable

Comment 7 Larry the Git Cow gentoo-dev

2018-01-15 22:41:16 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d21baa918dfea81fb2d9312f230afead05c041c4

commit d21baa918dfea81fb2d9312f230afead05c041c4
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-01-15 22:39:42 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-01-15 22:41:10 +0000

    media-gfx/gimp: stable 2.8.22-r1 for ia64, bug #641954
    
    Bug: https://bugs.gentoo.org/641954
    Package-Manager: Portage-2.3.19, Repoman-2.3.6
    RepoMan-Options: --include-arches="ia64"

 media-gfx/gimp/gimp-2.8.22-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}

Comment 8 Tobias Klausmann (RETIRED) gentoo-dev

2018-01-20 16:51:53 UTC

Stable on alpha.

Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev

2018-02-03 10:41:40 UTC

commit 79ab5ad90b51506c14225f0123ca0c0e2f294222
Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Sat Feb 3 11:31:25 2018 +0100

    media-gfx/gimp: stable 2.8.22-r1 for sparc, bug #641954

Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev

2018-03-18 22:23:12 UTC

ppc stable

Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev

2018-03-21 22:24:34 UTC

ppc64 stable

Comment 12 Matt Turner gentoo-dev

2018-04-22 21:04:18 UTC

stable hppa keywords dropped to ~hppa

Comment 13 Aaron Bauman (RETIRED) gentoo-dev

2018-04-22 21:33:42 UTC

GLSA Vote: No

Comment 14 Larry the Git Cow gentoo-dev

2018-04-22 21:34:31 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4cd453dd56cbe2533a16c9c6416fd6006f8ccd7

commit e4cd453dd56cbe2533a16c9c6416fd6006f8ccd7
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-04-22 21:34:21 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-04-22 21:34:21 +0000

    media-gfx/gimp: drop vulnerable
    
    Closes: https://bugs.gentoo.org/641954
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 media-gfx/gimp/gimp-2.8.22.ebuild | 165 --------------------------------------
 1 file changed, 165 deletions(-)