copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
Search this site

On this site

 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login


ESB-2007.0539 -- [Debian] -- New gimp packages fix arbitrary code execution

Date: 19 July 2007

Click here for printable version
Click here for PGP verifiable version
Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

                         ESB-2007.0539 -- [Debian]
              New gimp packages fix arbitrary code execution
                               19 July 2007


        AusCERT Security Bulletin Summary

Product:              gimp
Publisher:            Debian
Operating System:     Debian GNU/Linux
Impact:               Execute Arbitrary Code/Commands
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-2949 CVE-2006-4519

Ref:                  ESB-2007-500

Original Bulletin:

Comment: This advisory references vulnerabilities in products which run on
         platforms other than Debian. It is recommended that administrators
         running gimp check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1335-1                                   Moritz Muehlenhoff
July 18th, 2007               
- - --------------------------------------------------------------------------

Package        : gimp
Vulnerability  : several
Problem-Type   : local(remote)
Debian-specific: no
CVE ID         : CVE-2006-4519 CVE-2007-2949

Several remote vulnerabilities have been discovered in Gimp, the GNU Image
Manipulation Program, which might lead to the execution of arbitrary code.
The Common Vulnerabilities and Exposures project identifies the following


    Sean Larsson discovered several integer overflows in the processing
    code for DICOM, PNM, PSD, RAS, XBM and XWD images, which might lead
    to the execution of arbitrary code if a user is tricked into opening
    such a malformed media file.


    Stefan Cornelius discovered an integer overflow in the processing
    code for PSD images, which might lead to the execution of arbitrary
    code if a user is tricked into opening such a malformed media file.

For the oldstable distribution (sarge) these problems have been fixed in
version 2.2.6-1sarge4. Packages for mips and mipsel are not yet

For the stable distribution (etch) these problems have been fixed
in version 2.2.13-1etch4. Packages for mips are not yet available.

For the unstable distribution (sid) these problems have been fixed in
version 2.2.17-1.

We recommend that you upgrade your gimp packages.

Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:
      Size/MD5 checksum:     1089 344f1d886ca3e9d1c9667a82d3bfe5c8
      Size/MD5 checksum:    33037 d311b98590cfc013a797b634d218cd70
      Size/MD5 checksum: 20496404 a6450200858c59bb46ace6987f1fc6ee

  Architecture independent components:
      Size/MD5 checksum:  6276298 3fb6080d9ae6e19ab433f8dedda6b998
      Size/MD5 checksum:    31856 485fe214852413df46436416a690e4c9
      Size/MD5 checksum:   515094 66bbc311d11232cf5b445cada1a1b78a

  Alpha architecture:
      Size/MD5 checksum:  3892160 c82b24236425fde06cb0c637be2e6255
      Size/MD5 checksum:    45364 0b6bc7fef786373f1bb69d3dbbe4ee91
      Size/MD5 checksum:   127204 2db0f7923864de7445943114ad849e3f
      Size/MD5 checksum:    45162 ae941c83c93a8f90a37462ddf285b8b2
      Size/MD5 checksum:   577106 f662b5fecd51821f51f2d890e481ae76
      Size/MD5 checksum:    99256 74c769611be9a5b8f26cc15d6912fe76

  AMD64 architecture:
      Size/MD5 checksum:  3268176 62c840774d113ecf009d24eb928f092f
      Size/MD5 checksum:    43898 953d58ebf20c56f15290655e562ef360
      Size/MD5 checksum:   122184 4121ee3d5953b430207fad46542cf8eb
      Size/MD5 checksum:    43646 f9004008612ffe6238eac0fbc8b994b1
      Size/MD5 checksum:   543996 95741b9ea838a33f3db6cee5658d4672
      Size/MD5 checksum:    98434 e04ef4ce3ae063940908e396f6bf9d74

  ARM architecture:
      Size/MD5 checksum:  2940312 2493d55605cfc6658d5aa3cc8c030ed0
      Size/MD5 checksum:    42112 d6314e21d289b262504237162bea5ff6
      Size/MD5 checksum:   114212 f8d53f138e916ba33fca401aeb0ad02d
      Size/MD5 checksum:    42458 d9d252d1c1cfbe1ca9e3c65f27b4068c
      Size/MD5 checksum:   507900 a73ff8bb7a989343e905133c63ffd1e9
      Size/MD5 checksum:    98598 08ab629c6deb1ead4cf335f0ded999b7

  HP Precision architecture:
      Size/MD5 checksum:  3470636 e7de1e4d1ec5bc9718af90549d9744e2
      Size/MD5 checksum:    43566 f3f38b7ce093d53c2a4915382a12ceae
      Size/MD5 checksum:   125852 41638214f7c8acd34af3d8034d7b3500
      Size/MD5 checksum:    43892 08151f6d298e5741a586b6052c5ef03e
      Size/MD5 checksum:   583230 a8088b3cb18abb2547e72d4f71d08363
      Size/MD5 checksum:    98498 19d31834218921f77a8ba8e16dc088b7

  Intel IA-32 architecture:
      Size/MD5 checksum:  3089518 b473d9f9280b725d567ae96ebd082f34
      Size/MD5 checksum:    42880 784cc603f0c3d6ad709780b1aae0b151
      Size/MD5 checksum:   117196 2f695d3a2b9dec8cc125a591aae725a7
      Size/MD5 checksum:    43434 664262c600381bf091aa69088f6ad3da
      Size/MD5 checksum:   521946 25ffbded4a587c00d1b17a9afb9cef77
      Size/MD5 checksum:    98488 23fc02e84e4f1b7598caf0a71bc316a7

  Intel IA-64 architecture:
      Size/MD5 checksum:  4585190 e38c9123c056ffc323bab598eb479875
      Size/MD5 checksum:    46774 4b2bf244587c1bdce7d470453eb9408e
      Size/MD5 checksum:   135982 a0e6ac478432aea34f74a2e3db6f3860
      Size/MD5 checksum:    47034 c2bc3cdff704cb23e692786f974d9116
      Size/MD5 checksum:   632496 ace8aa10d26a79fa1badcbeaedd7dc2e
      Size/MD5 checksum:    98426 50b40fe8def3ac3f4fd8973a207cacc4

  Motorola 680x0 architecture:
      Size/MD5 checksum:  2699532 17c29208f228b8351321c3a98d561291
      Size/MD5 checksum:    42492 9b97613be40d9eb9d55699005a56ed87
      Size/MD5 checksum:   118584 5ef40a973b3d098b2da89252778be55d
      Size/MD5 checksum:    42320 cb17d1f2e81926211723b23805895a4f
      Size/MD5 checksum:   520286 46775f63f758ddfb629d2d0f18802e84
      Size/MD5 checksum:    98800 79b8ae5f55fd7ac1273af0e5c318480a

  PowerPC architecture:
      Size/MD5 checksum:  3343462 79b8a7e0910ae9fc973e8fff4b695fa2
      Size/MD5 checksum:    44110 74f74f9cf0a1d76badc99b7b56f6c77b
      Size/MD5 checksum:   118374 2a5e90f27e3c5c79aeb1d461c9cf0817
      Size/MD5 checksum:    44496 60078805dc7d6a7c389f7886e720cb33
      Size/MD5 checksum:   539680 bcb8da84b8ee954f3ed31605d0745c42
      Size/MD5 checksum:    98462 72848784cc2f1a7f0b199998ff1cef26

  IBM S/390 architecture:
      Size/MD5 checksum:  3135354 83173a0c68154ed5721eb9d55858d463
      Size/MD5 checksum:    44078 4ccaa516d9575c8b1c5baf86f1e52776
      Size/MD5 checksum:   124092 189cab70a7a0e4bc2054d0e806fd1473
      Size/MD5 checksum:    43694 2759a8e54806525d3277be6dd2140bce
      Size/MD5 checksum:   555680 012596aeb64bf598d989d97d4fd02781
      Size/MD5 checksum:    98424 041750d88d93e72eb7af01a220a0525e

  Sun Sparc architecture:
      Size/MD5 checksum:  2930854 eed7a101771b1db48951a96bffd351b5
      Size/MD5 checksum:    42422 a4a2ed8e81beb480747c23a4a9a6f812
      Size/MD5 checksum:   116596 8f35f18d3254f1914e4e668e1b92c685
      Size/MD5 checksum:    42620 8c78a5e81327ef350fd139e60459fa4f
      Size/MD5 checksum:   527586 88012ea10fc33b2e04c661599fc65a03
      Size/MD5 checksum:    98508 4ccd0cec811f0c0dc65c98715a93a423

Debian GNU/Linux 4.0 alias etch
- - -------------------------------

  Source archives:
      Size/MD5 checksum:     1269 0596a7c11c1d70e55ba5590a225d3d5a
      Size/MD5 checksum:   125338 44ec8d280b8e086c69ef028efc4d920b
      Size/MD5 checksum: 18816434 20c3cd6b730c11da4d70671ed047f803

  Architecture independent components:
      Size/MD5 checksum:  6754588 5a4d383bdd68ff44a61de72ed9c51250
      Size/MD5 checksum:   556382 4913e9c4e8e0e55f35c9de72465511e3

  Alpha architecture:
      Size/MD5 checksum:  3676040 50304f3a0da75b5f7e3d34645c76eba6
      Size/MD5 checksum:  8302590 d5ffe3abf9edfdfd4d8fce47f60cd136
      Size/MD5 checksum:    66302 6ab98691c5dade22b848a21aadfa54fd
      Size/MD5 checksum:   148510 d36c93836e3e40514a26c6b2cd9a0d96
      Size/MD5 checksum:    66706 463194d470bbd99c9f0a4519ef610f97
      Size/MD5 checksum:   605170 b1f3f4b1029744e20123503ee9893f5f
      Size/MD5 checksum:   120014 33819b44f9a51043e9aea671f1278cb3

  AMD64 architecture:
      Size/MD5 checksum:  3223048 7790f925fd51e43cfb65259dd47cadfb
      Size/MD5 checksum:  8388544 f2adc19ac6418c550b2f9e8a1805021f
      Size/MD5 checksum:    64970 075509e7aac52204e669edee0a98777b
      Size/MD5 checksum:   145760 985698d84cea9038c81fe7c0b9a429d4
      Size/MD5 checksum:    65190 7a44fd97bd80e82e0b906a8bdc0e8306
      Size/MD5 checksum:   574488 1b0756695599bee7718af646cdffdb52
      Size/MD5 checksum:   119556 9d630b9492be0ffd4dfa75978ca1495f

  ARM architecture:
      Size/MD5 checksum:  2950052 2fef032b294422ea5f8542d710426814
      Size/MD5 checksum:  7985794 71994163262a31d834e6f6bf672f26c2
      Size/MD5 checksum:    63376 0c1b57927839172a25279ce302f56c3b
      Size/MD5 checksum:   137348 ac2a5d8b88759a73b4620107a2f69576
      Size/MD5 checksum:    64066 9e066f44626fcdeb072650f046e6c0de
      Size/MD5 checksum:   535542 2186220b55dfb47930aea58a63279911
      Size/MD5 checksum:   119762 80f49af1823c96a3983f8fba38bf0ba4

  HP Precision architecture:
      Size/MD5 checksum:  3482258 cf283dfeadb58c89305947f29dd36d15
      Size/MD5 checksum:  7989724 42213931370d96182daa27797c37e994
      Size/MD5 checksum:    65120 4397a44052c2368f3440834cd26214d7
      Size/MD5 checksum:   150190 444fa222be9458e3038fd49b20c8f143
      Size/MD5 checksum:    65628 b780260cdff279fc3f307d52b573398d
      Size/MD5 checksum:   606218 9dc70700ffe03cd3b926b333c8d756ea
      Size/MD5 checksum:   119620 9fbd3bd17be5f8aefd1fa2b86f5e02f0

  Intel IA-32 architecture:
      Size/MD5 checksum:  3069206 b0af23173d88f8fd5b88b2af4c2fce14
      Size/MD5 checksum:  7781816 b66e02681ca7785997d85302752b9e92
      Size/MD5 checksum:    64264 04a4e8c43f1a6363ea2670a35248662c
      Size/MD5 checksum:   139964 d7feadabc45564c2fd0a2c300a3ad42f
      Size/MD5 checksum:    64892 43bc0ccf10bd8dd4a9e3d03235112575
      Size/MD5 checksum:   547192 d22f64b9f76d890574f3ef6f3b29ce0a
      Size/MD5 checksum:   119598 a96aa6a76a31ba306e0e59ec934beaae

  Intel IA-64 architecture:
      Size/MD5 checksum:  4801200 0e5927e3e3b23dba11a392ced2dfc384
      Size/MD5 checksum:  8080924 5cbb57470b81a943ec1421e1d22fab9c
      Size/MD5 checksum:    69698 8e7699d911747ed965587d2bf36707d2
      Size/MD5 checksum:   162930 390622d0466fd4ee1d645ff24a486241
      Size/MD5 checksum:    69726 ceb2833f35e0b2dd6df42c5b6f7a0924
      Size/MD5 checksum:   674080 02d6349aa77a9598ce6c7ef538ce2d0f
      Size/MD5 checksum:   119572 fa64c57058122edcf0f1c413d21557cb

  Little endian MIPS architecture:
      Size/MD5 checksum:  3316782 65ebad651b17863a9a7def60032e4672
      Size/MD5 checksum:  8368926 443e53afe7639aa6c3d159b6499218b4
      Size/MD5 checksum:    64718 1278a55f7345cefaf0bbde156a01852b
      Size/MD5 checksum:   138848 708f79acae6cda1521d1ac5c4f2f5e2e
      Size/MD5 checksum:    65306 1dcd3cb4aa8e75fc21517d034297e5e7
      Size/MD5 checksum:   552706 a44da4d486e01cadfb7d2f305be3be24
      Size/MD5 checksum:   119612 d13cbaeb0562086ca97cd33ac5b55f68

  PowerPC architecture:
      Size/MD5 checksum:  3322580 34f0de0fa34506224ad8f0d4bb134da4
      Size/MD5 checksum:  8576426 a92e2a144d4bc2007c4426de63f53c9a
      Size/MD5 checksum:    65354 d82e9a5f80edbc335db4543b76368070
      Size/MD5 checksum:   141868 579bcf537af8b4160125cd9e37556a7b
      Size/MD5 checksum:    65918 58e71799fdee25a691e8a90d5da13401
      Size/MD5 checksum:   568094 b9165bf4d4629833de591e9c310e0ae9
      Size/MD5 checksum:   119582 2677fc64c5ff0daeb1661127cbccc0e0

  IBM S/390 architecture:
      Size/MD5 checksum:  3153684 3111fdb75c87d140bde2c84867547e02
      Size/MD5 checksum:  8067256 e7e8921bba628e7e664eb74ccbb65798
      Size/MD5 checksum:    65318 543771b863775a0e5c8399a8bdadc478
      Size/MD5 checksum:   147020 88beac981ba8419b758f8ed062f47923
      Size/MD5 checksum:    65130 8c2d3e9740521f5b864e14e58ca99b78
      Size/MD5 checksum:   579226 5a386add556e7fe707c50a875134cbb6
      Size/MD5 checksum:   119550 0d8676805ac085717ec189e8c156a3f0

  Sun Sparc architecture:
      Size/MD5 checksum:  2913146 938eb0705a8214f68ca74deb46fa585d
      Size/MD5 checksum:  7783506 ae99e650842552c3af62e1af49eecc81
      Size/MD5 checksum:    63802 f7b381f9dd5da63857bb0a1e4703d8a0
      Size/MD5 checksum:   139670 5098cba15eee1a2536bb6ce37237f22f
      Size/MD5 checksum:    64348 0f47f65a9d0edcec71e8c7024bf978c3
      Size/MD5 checksum:   549708 9a5bd7f989b9bc838d46cb401aeab400
      Size/MD5 checksum:   119602 761f5e951f018375b8eaad8a7c52984d

  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>
Version: GnuPG v1.4.6 (GNU/Linux)


- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email:
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.