[El-errata] ELSA-2007-0513 Moderate: Enterprise Linux 3 gimp security update

el-errata at oss.oracle.com el-errata at oss.oracle.com
Wed Sep 26 15:48:34 PDT 2007 

Enterprise Linux Security Advisory ELSA-2007-0513

https://rhn.redhat.com/errata/RHSA-2007-0513.html

The following updated rpms for Enterprise Linux 3 have been uploaded to 
the Unbreakable Linux Network:

i386:
gimp-1.2.3-20.9.el3.i386.rpm
gimp-devel-1.2.3-20.9.el3.i386.rpm
gimp-perl-1.2.3-20.9.el3.i386.rpm

x86_64:
gimp-1.2.3-20.9.el3.x86_64.rpm
gimp-devel-1.2.3-20.9.el3.x86_64.rpm
gimp-perl-1.2.3-20.9.el3.x86_64.rpm


SRPMS:
http://oss.oracle.com/el3/SRPMS-updates/gimp-1.2.3-20.9.el3.src.rpm

Description of changes:

[1.2.3-20.9.el3]
- validate bytesperline header field when loading PCX files (#247570)

[1.2.3-20.8.el3]
- reduce GIMP_MAX_IMAGE_SIZE to 2^18 to detect bogus image widths/heights
  (#247570)

[1.2.3-20.7.el3]
- replace gimp_error() by gimp_message()/gimp_quit() in a few plugins so 
they
  don't crash but gracefully exit when encountering error conditions
- fix endianness issues in the PSP plugin to avoid it doing (seemingly) 
endless
  loops when loading images
- fix endianness issues in the PCX plugin which cause it to not detect 
corrupt
  images

[1.2.3-20.6.el3]
- add ChangeLog entry to psd-invalid-dimensions patch (#247570)
- validate size values read from files before using them to allocate 
memory in
  various file plugins (#247570, patch by Mukund Sivaraman and Raphaël 
Quinet,
  adapted)
- detect invalid image data when reading files in several plugins (#247570,
  patch by Sven Neumann and Raphaël Quinet, adapted)
- validate size values read from files before using them to allocate 
memory in
  the PSD and sunras plugins (#247570, patch by Mukund Sivaraman and Sven
  Neumann, partly adapted)
- add safeguard to avoid crashes while loading corrupt PSD images (#247570,
  patch by Raphaël Quinet, adapted)
- convert spec file to UTF-8

[1.2.3-20.5.el3]
- use adapted upstream PSD fix by Sven Neumann (#244406)

[1.2.3-20.4.el3]
- refuse to open PSD files with insanely large dimensions (#244406)

More information about the El-errata mailing list