RHSA-2011:0838: gimp security update

Description

The GIMP (GNU Image Manipulation Program) is an image composition andediting program.An integer overflow flaw, leading to a heap-based buffer overflow, wasfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal ComputereXchange (PCX) image file plug-ins. An attacker could create aspecially-crafted BMP or PCX image file that, when opened, could cause therelevant plug-in to crash or, potentially, execute arbitrary code with theprivileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro(PSP) image file plug-in. An attacker could create a specially-crafted PSPimage file that, when opened, could cause the PSP plug-in to crash or,potentially, execute arbitrary code with the privileges of the user runningthe GIMP. (CVE-2010-4543)A stack-based buffer overflow flaw was found in the GIMP's Lightning,Sphere Designer, and Gfig image filters. An attacker could create aspecially-crafted Lightning, Sphere Designer, or Gfig filter configurationfile that, when opened, could cause the relevant plug-in to crash or,potentially, execute arbitrary code with the privileges of the user runningthe GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)Red Hat would like to thank Stefan Cornelius of Secunia Research forresponsibly reporting the CVE-2009-1570 flaw.Users of the GIMP are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. The GIMP must berestarted for the update to take effect.