Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2012:1181 - Security Advisory
Issued:
2012-08-20
Updated:
2012-08-20

RHSA-2012:1181 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: gimp security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated gimp packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

The GIMP (GNU Image Manipulation Program) is an image composition and
editing program.

Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An
attacker could create a specially-crafted PSD image file that, when opened,
could cause the PSD plug-in to crash or, potentially, execute arbitrary
code with the privileges of the user running the GIMP. (CVE-2009-3909,
CVE-2012-3402)

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the GIMP's GIF image format plug-in. An attacker could create a
specially-crafted GIF image file that, when opened, could cause the GIF
plug-in to crash or, potentially, execute arbitrary code with the
privileges of the user running the GIMP. (CVE-2012-3481)

A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)
decompression algorithm implementation used by the GIMP's GIF image format
plug-in. An attacker could create a specially-crafted GIF image file that,
when opened, could cause the GIF plug-in to crash or, potentially, execute
arbitrary code with the privileges of the user running the GIMP.
(CVE-2011-2896)

A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file
format plug-in. An attacker could create a specially-crafted KiSS palette
file that, when opened, could cause the CEL plug-in to crash or,
potentially, execute arbitrary code with the privileges of the user running
the GIMP. (CVE-2012-3403)

Red Hat would like to thank Secunia Research for reporting CVE-2009-3909,
and Matthias Weckbecker of the SUSE Security Team for reporting
CVE-2012-3481.

Users of the GIMP are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The GIMP must be
restarted for the update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 537370 - CVE-2009-3909 Gimp: Integer overflow in the PSD image file plugin
  • BZ - 727800 - CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow
  • BZ - 838941 - CVE-2012-3402 gimp (PSD plug-in): Heap-buffer overflow by decoding certain PSD headers
  • BZ - 839020 - CVE-2012-3403 gimp (CEL plug-in): heap buffer overflow when loading external palette files
  • BZ - 847303 - CVE-2012-3481 Gimp (GIF plug-in): Heap-based buffer overflow by loading certain GIF images

CVEs

  • CVE-2011-2896
  • CVE-2012-3403
  • CVE-2012-3481
  • CVE-2012-3402
  • CVE-2009-3909

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
gimp-2.2.13-2.0.7.el5_8.5.src.rpm SHA-256: d7503fe84454fb4083361f7ff390dad280e7aa4605e5f73bc17b59d5c96bc971
x86_64
gimp-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: d740ee590c4910929a7e28433e29b6dd25d7e60a7da561a0aaa3b4ca24abfe9e
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: e49bd6f83915a0fc34f152e31d57bd96213225b7c7005715a3721f5f3f46b9bb
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: da63d4bcbd18b7648c73ee251877ff69a1becdbb7953057b5995a5a23cf1d0c1
gimp-devel-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 91a108ccfd2e364d60a87dd8717c9ea67b2358578e5087dd6b7da5587081ed2e
gimp-devel-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: d68d47f3a354796d3de8ee5041ec98bcbfbaa21322c50d3e9c8720239e6c70c4
gimp-libs-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 6f2c5cb810a41420f5ffde44ffaba9459d4d68190231e74c9a396f146ca80f8a
gimp-libs-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: acfb35251459fff76a0740cc756f2960dc203d3573ee8efe1f7fdfc375c09708
ia64
gimp-2.2.13-2.0.7.el5_8.5.ia64.rpm SHA-256: 10d45e9e07edd8421759445cbc633f86f08e85c6d287cc02b297a33759582989
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.ia64.rpm SHA-256: 631e1f3374c54036ea40a466aa56570296a6a50ba897c0938e607cd54d79c6f4
gimp-devel-2.2.13-2.0.7.el5_8.5.ia64.rpm SHA-256: 60b01539c41773486e0531450ea03afadb73e169843475e0d4ddd6f2928a99ff
gimp-libs-2.2.13-2.0.7.el5_8.5.ia64.rpm SHA-256: 47095dde35d057fcb4e8c5d28b10bb0e2b25adea2bac590fd756a8acdfcd714c
i386
gimp-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 4eda1c8e2f7fdc67df453a4e8c21b8a2f95158432e49f292e8331c30a662efed
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: e49bd6f83915a0fc34f152e31d57bd96213225b7c7005715a3721f5f3f46b9bb
gimp-devel-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 91a108ccfd2e364d60a87dd8717c9ea67b2358578e5087dd6b7da5587081ed2e
gimp-libs-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 6f2c5cb810a41420f5ffde44ffaba9459d4d68190231e74c9a396f146ca80f8a

Red Hat Enterprise Linux Workstation 5

SRPM
gimp-2.2.13-2.0.7.el5_8.5.src.rpm SHA-256: d7503fe84454fb4083361f7ff390dad280e7aa4605e5f73bc17b59d5c96bc971
x86_64
gimp-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: d740ee590c4910929a7e28433e29b6dd25d7e60a7da561a0aaa3b4ca24abfe9e
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: e49bd6f83915a0fc34f152e31d57bd96213225b7c7005715a3721f5f3f46b9bb
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: e49bd6f83915a0fc34f152e31d57bd96213225b7c7005715a3721f5f3f46b9bb
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: da63d4bcbd18b7648c73ee251877ff69a1becdbb7953057b5995a5a23cf1d0c1
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: da63d4bcbd18b7648c73ee251877ff69a1becdbb7953057b5995a5a23cf1d0c1
gimp-devel-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 91a108ccfd2e364d60a87dd8717c9ea67b2358578e5087dd6b7da5587081ed2e
gimp-devel-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: d68d47f3a354796d3de8ee5041ec98bcbfbaa21322c50d3e9c8720239e6c70c4
gimp-libs-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 6f2c5cb810a41420f5ffde44ffaba9459d4d68190231e74c9a396f146ca80f8a
gimp-libs-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: acfb35251459fff76a0740cc756f2960dc203d3573ee8efe1f7fdfc375c09708
i386
gimp-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 4eda1c8e2f7fdc67df453a4e8c21b8a2f95158432e49f292e8331c30a662efed
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: e49bd6f83915a0fc34f152e31d57bd96213225b7c7005715a3721f5f3f46b9bb
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: e49bd6f83915a0fc34f152e31d57bd96213225b7c7005715a3721f5f3f46b9bb
gimp-devel-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 91a108ccfd2e364d60a87dd8717c9ea67b2358578e5087dd6b7da5587081ed2e
gimp-libs-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 6f2c5cb810a41420f5ffde44ffaba9459d4d68190231e74c9a396f146ca80f8a

Red Hat Enterprise Linux Desktop 5

SRPM
gimp-2.2.13-2.0.7.el5_8.5.src.rpm SHA-256: d7503fe84454fb4083361f7ff390dad280e7aa4605e5f73bc17b59d5c96bc971
x86_64
gimp-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: d740ee590c4910929a7e28433e29b6dd25d7e60a7da561a0aaa3b4ca24abfe9e
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: e49bd6f83915a0fc34f152e31d57bd96213225b7c7005715a3721f5f3f46b9bb
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: da63d4bcbd18b7648c73ee251877ff69a1becdbb7953057b5995a5a23cf1d0c1
gimp-libs-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 6f2c5cb810a41420f5ffde44ffaba9459d4d68190231e74c9a396f146ca80f8a
gimp-libs-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: acfb35251459fff76a0740cc756f2960dc203d3573ee8efe1f7fdfc375c09708
i386
gimp-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 4eda1c8e2f7fdc67df453a4e8c21b8a2f95158432e49f292e8331c30a662efed
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: e49bd6f83915a0fc34f152e31d57bd96213225b7c7005715a3721f5f3f46b9bb
gimp-libs-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 6f2c5cb810a41420f5ffde44ffaba9459d4d68190231e74c9a396f146ca80f8a

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
gimp-2.2.13-2.0.7.el5_8.5.src.rpm SHA-256: d7503fe84454fb4083361f7ff390dad280e7aa4605e5f73bc17b59d5c96bc971
s390x
gimp-2.2.13-2.0.7.el5_8.5.s390x.rpm SHA-256: a76bb0f748c61e54b6c4b55d9dc5d17114a894abb07b3bda4c91f0826dbee37a
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.s390.rpm SHA-256: 65ccbdda3af41a00264f12c254ff1565e2826e8da219bf94e5262a95fe9ec54e
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.s390x.rpm SHA-256: 78647e6038f78aa7d2bc2ea3a8df7200fd0c17f0b00f32fbbf136a7477237111
gimp-devel-2.2.13-2.0.7.el5_8.5.s390.rpm SHA-256: 472a67af2de5bdca2ac3059c7719df5233312c9f82978a6a8ee294b14c48975a
gimp-devel-2.2.13-2.0.7.el5_8.5.s390x.rpm SHA-256: 1f60b559b52c1312fdb54436105fb47a81ab5797b039942750973847dfb04ad9
gimp-libs-2.2.13-2.0.7.el5_8.5.s390.rpm SHA-256: 4f40f4f8b7f2e9bde31b10f44fc471e43525183abbe80ccafe519db7db3dfb6e
gimp-libs-2.2.13-2.0.7.el5_8.5.s390x.rpm SHA-256: 1a85b9ab0dffae0b2fc842a94140d753f509061573723b7d5831dd11bd71bfe6

Red Hat Enterprise Linux for Power, big endian 5

SRPM
gimp-2.2.13-2.0.7.el5_8.5.src.rpm SHA-256: d7503fe84454fb4083361f7ff390dad280e7aa4605e5f73bc17b59d5c96bc971
ppc
gimp-2.2.13-2.0.7.el5_8.5.ppc.rpm SHA-256: c8e482110567497a3c7bad350fd9b6af4ebd2c1bb3e9d0dbb895251e6e5bc307
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.ppc.rpm SHA-256: 2d0becda1c5ddd0e4da380b28d5a1a60e753f2d707f79b8843244532ef805167
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.ppc64.rpm SHA-256: fe7688f3c4b7b7a8fec628ec2c51d954617b8ed8b180f0bbd4cd81c6a8e2ff97
gimp-devel-2.2.13-2.0.7.el5_8.5.ppc.rpm SHA-256: b1e722ea3db103d7831a8079ac8c4a4762fdc90a2b2bf37f032549fa29b49273
gimp-devel-2.2.13-2.0.7.el5_8.5.ppc64.rpm SHA-256: 0efbc7f2486f57f841ec9dcf740e354b7679bab4b1392c5dab738b0fe88b8f29
gimp-libs-2.2.13-2.0.7.el5_8.5.ppc.rpm SHA-256: 0b589e0102caa671620948b05c6ce22b9e19aab9925196a0ad1b3ac805c6fb8e
gimp-libs-2.2.13-2.0.7.el5_8.5.ppc64.rpm SHA-256: b2311b66612cdb98a26b1d6ceea36112fefcafbdda45f21f0b0f49b53beed549

Red Hat Enterprise Linux Server from RHUI 5

SRPM
gimp-2.2.13-2.0.7.el5_8.5.src.rpm SHA-256: d7503fe84454fb4083361f7ff390dad280e7aa4605e5f73bc17b59d5c96bc971
x86_64
gimp-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: d740ee590c4910929a7e28433e29b6dd25d7e60a7da561a0aaa3b4ca24abfe9e
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: e49bd6f83915a0fc34f152e31d57bd96213225b7c7005715a3721f5f3f46b9bb
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: da63d4bcbd18b7648c73ee251877ff69a1becdbb7953057b5995a5a23cf1d0c1
gimp-devel-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 91a108ccfd2e364d60a87dd8717c9ea67b2358578e5087dd6b7da5587081ed2e
gimp-devel-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: d68d47f3a354796d3de8ee5041ec98bcbfbaa21322c50d3e9c8720239e6c70c4
gimp-libs-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 6f2c5cb810a41420f5ffde44ffaba9459d4d68190231e74c9a396f146ca80f8a
gimp-libs-2.2.13-2.0.7.el5_8.5.x86_64.rpm SHA-256: acfb35251459fff76a0740cc756f2960dc203d3573ee8efe1f7fdfc375c09708
i386
gimp-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 4eda1c8e2f7fdc67df453a4e8c21b8a2f95158432e49f292e8331c30a662efed
gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: e49bd6f83915a0fc34f152e31d57bd96213225b7c7005715a3721f5f3f46b9bb
gimp-devel-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 91a108ccfd2e364d60a87dd8717c9ea67b2358578e5087dd6b7da5587081ed2e
gimp-libs-2.2.13-2.0.7.el5_8.5.i386.rpm SHA-256: 6f2c5cb810a41420f5ffde44ffaba9459d4d68190231e74c9a396f146ca80f8a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter