Red Hat Product Errata RHSA-2007:0513 - Security Advisory
Issued:
2007-09-26
Updated:
2007-09-26

RHSA-2007:0513 - Security Advisory

Synopsis

Moderate: gimp security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated gimp packages that fix several security issues are now available
for Red Hat Enterprise Linux.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The GIMP (GNU Image Manipulation Program) is an image composition and
editing program.

Multiple integer overflow and input validation flaws were found in The
GIMP's image loaders. An attacker could create a carefully crafted image
file that could cause The GIMP to crash or possibly execute arbitrary code
if the file was opened by a victim. (CVE-2006-4519, CVE-2007-2949,
CVE-2007-3741)

Users of The GIMP should update to these erratum packages, which contain a
backported fix to correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server 2 ia64
  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Workstation 2 ia64
  • Red Hat Enterprise Linux Workstation 2 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 244400 - CVE-2007-2949 Gimp PSD integer overflow
  • BZ - 247565 - CVE-2006-4519 GIMP multiple image loader integer overflows
  • BZ - 248053 - CVE-2007-3741 Gimp image loader multiple input validation flaws

Red Hat Enterprise Linux Server 5

SRPM
x86_64
gimp-2.2.13-2.0.7.el5.x86_64.rpm SHA-256: 331af76f9192207b507e8cfa4f151c69cce0e6cc71fcad843e41b965465dad2f
gimp-devel-2.2.13-2.0.7.el5.i386.rpm SHA-256: b12f7aa34e0704587276fbd4b82916743913a9b4d822a64f9af9a3e0eebe01c3
gimp-devel-2.2.13-2.0.7.el5.x86_64.rpm SHA-256: d8c35ad480c98f3a972ce1b53510317ba1f4ec3aa723819aabb6825939f42626
gimp-libs-2.2.13-2.0.7.el5.i386.rpm SHA-256: 242ff308ffe252110da19d43ce0c72e83d3efbafd1db8eb4a6a1f1e6cee6ddab
gimp-libs-2.2.13-2.0.7.el5.x86_64.rpm SHA-256: cb54b206d8f39e11c2bb6066c877485bbe07e86749f9844dfb80ac5c980428cd
ia64
gimp-2.2.13-2.0.7.el5.ia64.rpm SHA-256: 17a5a746caa4a55e1b16c1c0e30f9e68ac2af8e4b384540fe4f1cba7582aa4a3
gimp-devel-2.2.13-2.0.7.el5.ia64.rpm SHA-256: 23a511fc07fa13886706a79b0d74a9bbebef7e2a7117f7b6c5bec86069322f86
gimp-libs-2.2.13-2.0.7.el5.ia64.rpm SHA-256: 7829bac8e56a77542bc7421420024330898b3bbedd642a3ec3641bf4237620f3
i386
gimp-2.2.13-2.0.7.el5.i386.rpm SHA-256: b0ce6e351b02e56c8032283b1d25e235b65430ed545c4203b2b57daa72828e80
gimp-devel-2.2.13-2.0.7.el5.i386.rpm SHA-256: b12f7aa34e0704587276fbd4b82916743913a9b4d822a64f9af9a3e0eebe01c3
gimp-libs-2.2.13-2.0.7.el5.i386.rpm SHA-256: 242ff308ffe252110da19d43ce0c72e83d3efbafd1db8eb4a6a1f1e6cee6ddab

Red Hat Enterprise Linux Server 4

SRPM
x86_64
gimp-2.0.5-7.0.7.el4.x86_64.rpm SHA-256: 7be8230c1b8567a33ce85294725a7afd17adb5614f2123ee4a1be13817018c72
gimp-2.0.5-7.0.7.el4.x86_64.rpm SHA-256: 7be8230c1b8567a33ce85294725a7afd17adb5614f2123ee4a1be13817018c72
gimp-devel-2.0.5-7.0.7.el4.x86_64.rpm SHA-256: b0cfba333f3c480cbe7f8950c84f1c44bcb819dcaaf7ed347793050597f42204
gimp-devel-2.0.5-7.0.7.el4.x86_64.rpm SHA-256: b0cfba333f3c480cbe7f8950c84f1c44bcb819dcaaf7ed347793050597f42204
ia64
gimp-2.0.5-7.0.7.el4.ia64.rpm SHA-256: 9d73d8b7fcd37dc10dd4f4a0424c3977aed785ce2a3faa577f5a6e7bccdf38c3
gimp-2.0.5-7.0.7.el4.ia64.rpm SHA-256: 9d73d8b7fcd37dc10dd4f4a0424c3977aed785ce2a3faa577f5a6e7bccdf38c3
gimp-devel-2.0.5-7.0.7.el4.ia64.rpm SHA-256: 26aab83759bc5bb53ced5167354502f3fd1766bdd503e12b7c3a2444b3cd2dcf
gimp-devel-2.0.5-7.0.7.el4.ia64.rpm SHA-256: 26aab83759bc5bb53ced5167354502f3fd1766bdd503e12b7c3a2444b3cd2dcf
i386
gimp-2.0.5-7.0.7.el4.i386.rpm SHA-256: f389397d43a8358e4ef791bfad752491a925349b054af363975b35ae69db7ade
gimp-2.0.5-7.0.7.el4.i386.rpm SHA-256: f389397d43a8358e4ef791bfad752491a925349b054af363975b35ae69db7ade
gimp-devel-2.0.5-7.0.7.el4.i386.rpm SHA-256: 30d62c571f78f2e28998004b886920e33b659307285d48ef250b8f1ac899e9e7
gimp-devel-2.0.5-7.0.7.el4.i386.rpm SHA-256: 30d62c571f78f2e28998004b886920e33b659307285d48ef250b8f1ac899e9e7

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5

SRPM
x86_64
gimp-2.0.5-7.0.7.el4.x86_64.rpm SHA-256: 7be8230c1b8567a33ce85294725a7afd17adb5614f2123ee4a1be13817018c72
gimp-2.0.5-7.0.7.el4.x86_64.rpm SHA-256: 7be8230c1b8567a33ce85294725a7afd17adb5614f2123ee4a1be13817018c72
gimp-devel-2.0.5-7.0.7.el4.x86_64.rpm SHA-256: b0cfba333f3c480cbe7f8950c84f1c44bcb819dcaaf7ed347793050597f42204
gimp-devel-2.0.5-7.0.7.el4.x86_64.rpm SHA-256: b0cfba333f3c480cbe7f8950c84f1c44bcb819dcaaf7ed347793050597f42204
ia64
gimp-2.0.5-7.0.7.el4.ia64.rpm SHA-256: 9d73d8b7fcd37dc10dd4f4a0424c3977aed785ce2a3faa577f5a6e7bccdf38c3
gimp-2.0.5-7.0.7.el4.ia64.rpm SHA-256: 9d73d8b7fcd37dc10dd4f4a0424c3977aed785ce2a3faa577f5a6e7bccdf38c3
gimp-devel-2.0.5-7.0.7.el4.ia64.rpm SHA-256: 26aab83759bc5bb53ced5167354502f3fd1766bdd503e12b7c3a2444b3cd2dcf
gimp-devel-2.0.5-7.0.7.el4.ia64.rpm SHA-256: 26aab83759bc5bb53ced5167354502f3fd1766bdd503e12b7c3a2444b3cd2dcf
i386
gimp-2.0.5-7.0.7.el4.i386.rpm SHA-256: f389397d43a8358e4ef791bfad752491a925349b054af363975b35ae69db7ade
gimp-2.0.5-7.0.7.el4.i386.rpm SHA-256: f389397d43a8358e4ef791bfad752491a925349b054af363975b35ae69db7ade
gimp-devel-2.0.5-7.0.7.el4.i386.rpm SHA-256: 30d62c571f78f2e28998004b886920e33b659307285d48ef250b8f1ac899e9e7
gimp-devel-2.0.5-7.0.7.el4.i386.rpm SHA-256: 30d62c571f78f2e28998004b886920e33b659307285d48ef250b8f1ac899e9e7

Red Hat Enterprise Linux Workstation 5

SRPM
x86_64
gimp-2.2.13-2.0.7.el5.x86_64.rpm SHA-256: 331af76f9192207b507e8cfa4f151c69cce0e6cc71fcad843e41b965465dad2f
gimp-devel-2.2.13-2.0.7.el5.i386.rpm SHA-256: b12f7aa34e0704587276fbd4b82916743913a9b4d822a64f9af9a3e0eebe01c3
gimp-devel-2.2.13-2.0.7.el5.x86_64.rpm SHA-256: d8c35ad480c98f3a972ce1b53510317ba1f4ec3aa723819aabb6825939f42626
gimp-libs-2.2.13-2.0.7.el5.i386.rpm SHA-256: 242ff308ffe252110da19d43ce0c72e83d3efbafd1db8eb4a6a1f1e6cee6ddab
gimp-libs-2.2.13-2.0.7.el5.x86_64.rpm SHA-256: cb54b206d8f39e11c2bb6066c877485bbe07e86749f9844dfb80ac5c980428cd
i386
gimp-2.2.13-2.0.7.el5.i386.rpm SHA-256: b0ce6e351b02e56c8032283b1d25e235b65430ed545c4203b2b57daa72828e80
gimp-devel-2.2.13-2.0.7.el5.i386.rpm SHA-256: b12f7aa34e0704587276fbd4b82916743913a9b4d822a64f9af9a3e0eebe01c3
gimp-libs-2.2.13-2.0.7.el5.i386.rpm SHA-256: 242ff308ffe252110da19d43ce0c72e83d3efbafd1db8eb4a6a1f1e6cee6ddab

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
gimp-2.0.5-7.0.7.el4.x86_64.rpm SHA-256: 7be8230c1b8567a33ce85294725a7afd17adb5614f2123ee4a1be13817018c72
gimp-devel-2.0.5-7.0.7.el4.x86_64.rpm SHA-256: b0cfba333f3c480cbe7f8950c84f1c44bcb819dcaaf7ed347793050597f42204
ia64
gimp-2.0.5-7.0.7.el4.ia64.rpm SHA-256: 9d73d8b7fcd37dc10dd4f4a0424c3977aed785ce2a3faa577f5a6e7bccdf38c3
gimp-devel-2.0.5-7.0.7.el4.ia64.rpm SHA-256: 26aab83759bc5bb53ced5167354502f3fd1766bdd503e12b7c3a2444b3cd2dcf
i386
gimp-2.0.5-7.0.7.el4.i386.rpm SHA-256: f389397d43a8358e4ef791bfad752491a925349b054af363975b35ae69db7ade
gimp-devel-2.0.5-7.0.7.el4.i386.rpm SHA-256: 30d62c571f78f2e28998004b886920e33b659307285d48ef250b8f1ac899e9e7

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 5

SRPM
x86_64
gimp-2.2.13-2.0.7.el5.x86_64.rpm SHA-256: 331af76f9192207b507e8cfa4f151c69cce0e6cc71fcad843e41b965465dad2f
gimp-libs-2.2.13-2.0.7.el5.i386.rpm SHA-256: 242ff308ffe252110da19d43ce0c72e83d3efbafd1db8eb4a6a1f1e6cee6ddab
gimp-libs-2.2.13-2.0.7.el5.x86_64.rpm SHA-256: cb54b206d8f39e11c2bb6066c877485bbe07e86749f9844dfb80ac5c980428cd
i386
gimp-2.2.13-2.0.7.el5.i386.rpm SHA-256: b0ce6e351b02e56c8032283b1d25e235b65430ed545c4203b2b57daa72828e80
gimp-libs-2.2.13-2.0.7.el5.i386.rpm SHA-256: 242ff308ffe252110da19d43ce0c72e83d3efbafd1db8eb4a6a1f1e6cee6ddab

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
gimp-2.0.5-7.0.7.el4.x86_64.rpm SHA-256: 7be8230c1b8567a33ce85294725a7afd17adb5614f2123ee4a1be13817018c72
gimp-devel-2.0.5-7.0.7.el4.x86_64.rpm SHA-256: b0cfba333f3c480cbe7f8950c84f1c44bcb819dcaaf7ed347793050597f42204
i386
gimp-2.0.5-7.0.7.el4.i386.rpm SHA-256: f389397d43a8358e4ef791bfad752491a925349b054af363975b35ae69db7ade
gimp-devel-2.0.5-7.0.7.el4.i386.rpm SHA-256: 30d62c571f78f2e28998004b886920e33b659307285d48ef250b8f1ac899e9e7

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
s390x
gimp-2.2.13-2.0.7.el5.s390x.rpm SHA-256: 24609d2332365b7b1d3ae5f5f57c18261ec146b78e1e86ad003180e13d26abd4
gimp-devel-2.2.13-2.0.7.el5.s390.rpm SHA-256: eafccb8d06891efcd65e97f14762f05786bed429bcc25a6d11d081707532b94d
gimp-devel-2.2.13-2.0.7.el5.s390x.rpm SHA-256: f54acabc239d587092fc2f442ec9bf080d468e5dc9815288e1b03da0d87da8e9
gimp-libs-2.2.13-2.0.7.el5.s390.rpm SHA-256: 38243b8a8c4016151e58d260e68539b7316e124c13948c6504cafbab1f51aec1
gimp-libs-2.2.13-2.0.7.el5.s390x.rpm SHA-256: df6fcf56a1ce76f93018e404957c36643258c203f5f4cd68e64e2e286406f9bc

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
gimp-2.0.5-7.0.7.el4.s390x.rpm SHA-256: 3292693f278b1148b62f9b7a8b1740c918a483c24c29e8a4677031a680e8c7f2
gimp-devel-2.0.5-7.0.7.el4.s390x.rpm SHA-256: fd25a011427fe8d97318ba18ff2d752e1aefd97b1f946d84a0863dfd79395ab4
s390
gimp-2.0.5-7.0.7.el4.s390.rpm SHA-256: e76147aea0da85368b581673d1d74d6d02a2b2c47664752247ad06c7528e8bae
gimp-devel-2.0.5-7.0.7.el4.s390.rpm SHA-256: 896cd8aa7ef8081b79d11972242ea9d82553adcb5c6d94a0aaf494ab5d69d042

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
s390x
gimp-2.0.5-7.0.7.el4.s390x.rpm SHA-256: 3292693f278b1148b62f9b7a8b1740c918a483c24c29e8a4677031a680e8c7f2
gimp-devel-2.0.5-7.0.7.el4.s390x.rpm SHA-256: fd25a011427fe8d97318ba18ff2d752e1aefd97b1f946d84a0863dfd79395ab4
s390
gimp-2.0.5-7.0.7.el4.s390.rpm SHA-256: e76147aea0da85368b581673d1d74d6d02a2b2c47664752247ad06c7528e8bae
gimp-devel-2.0.5-7.0.7.el4.s390.rpm SHA-256: 896cd8aa7ef8081b79d11972242ea9d82553adcb5c6d94a0aaf494ab5d69d042

Red Hat Enterprise Linux for Power, big endian 5

SRPM
ppc
gimp-2.2.13-2.0.7.el5.ppc.rpm SHA-256: 782b98d8c145c1d34767bf12ff824e6fc328102eec4937bd650239c591f7efb1
gimp-devel-2.2.13-2.0.7.el5.ppc.rpm SHA-256: 7317c6d1deaed10202f7d96835f50d76da92f65853c7e7e1bc0f522328a8cee8
gimp-devel-2.2.13-2.0.7.el5.ppc64.rpm SHA-256: 5e838f11626644bd914ab823a559408720e5028d581549f3cc77faea5ec91aef
gimp-libs-2.2.13-2.0.7.el5.ppc.rpm SHA-256: faf8af3b5e23736ea345ae8e99046e5b2201ebf7e876d7749775753d29ef879a
gimp-libs-2.2.13-2.0.7.el5.ppc64.rpm SHA-256: 8245fd3346d20136eff8e40a381a01e9c33fc8d92170f0bb16f491f83995ab02

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
gimp-2.0.5-7.0.7.el4.ppc.rpm SHA-256: 18cd941b5b279f10cbbfda611e7015c9f5ebf322be5a0f85952137a7a261e279
gimp-devel-2.0.5-7.0.7.el4.ppc.rpm SHA-256: 0506ebd31d9af225d0bf7382793a869b937636f352847c21961a0d827b802419

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
ppc
gimp-2.0.5-7.0.7.el4.ppc.rpm SHA-256: 18cd941b5b279f10cbbfda611e7015c9f5ebf322be5a0f85952137a7a261e279
gimp-devel-2.0.5-7.0.7.el4.ppc.rpm SHA-256: 0506ebd31d9af225d0bf7382793a869b937636f352847c21961a0d827b802419

Red Hat Enterprise Linux Server from RHUI 5

SRPM
x86_64
gimp-2.2.13-2.0.7.el5.x86_64.rpm SHA-256: 331af76f9192207b507e8cfa4f151c69cce0e6cc71fcad843e41b965465dad2f
gimp-devel-2.2.13-2.0.7.el5.i386.rpm SHA-256: b12f7aa34e0704587276fbd4b82916743913a9b4d822a64f9af9a3e0eebe01c3
gimp-devel-2.2.13-2.0.7.el5.x86_64.rpm SHA-256: d8c35ad480c98f3a972ce1b53510317ba1f4ec3aa723819aabb6825939f42626
gimp-libs-2.2.13-2.0.7.el5.i386.rpm SHA-256: 242ff308ffe252110da19d43ce0c72e83d3efbafd1db8eb4a6a1f1e6cee6ddab
gimp-libs-2.2.13-2.0.7.el5.x86_64.rpm SHA-256: cb54b206d8f39e11c2bb6066c877485bbe07e86749f9844dfb80ac5c980428cd
i386
gimp-2.2.13-2.0.7.el5.i386.rpm SHA-256: b0ce6e351b02e56c8032283b1d25e235b65430ed545c4203b2b57daa72828e80
gimp-devel-2.2.13-2.0.7.el5.i386.rpm SHA-256: b12f7aa34e0704587276fbd4b82916743913a9b4d822a64f9af9a3e0eebe01c3
gimp-libs-2.2.13-2.0.7.el5.i386.rpm SHA-256: 242ff308ffe252110da19d43ce0c72e83d3efbafd1db8eb4a6a1f1e6cee6ddab

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.