Technical Description

A vulnerability has been identified in Mandriva, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in GIMP. For additional information, see : VUPEN/ADV-2007-1560

Affected Products

Mandriva Linux 2007.0
Mandriva Linux 2007.1
Mandriva Corporate 3.0

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
6f2d2ba676a78bc9c8637e594cc7695c 2007.0/i586/gimp-2.3.10-6.2mdv2007.0.i586.rpm
e961d511b0a4467c0a71da1abed2d9e1 2007.0/i586/gimp-python-2.3.10-6.2mdv2007.0.i586.rpm
c86f942a4a0e60b29a6c25a9ae1a2aa6 2007.0/i586/libgimp2.0-devel-2.3.10-6.2mdv2007.0.i586.rpm
bdc40e9348c25965085ab2d38fabca3a 2007.0/i586/libgimp2.0_0-2.3.10-6.2mdv2007.0.i586.rpm
4b3fd719205b5783c8e95b26152754c1 2007.0/SRPMS/gimp-2.3.10-6.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
9d649e883a907a4ee14a01bf20d852a0 2007.0/x86_64/gimp-2.3.10-6.2mdv2007.0.x86_64.rpm
acebf4019818c698ffa5490226e67b17 2007.0/x86_64/gimp-python-2.3.10-6.2mdv2007.0.x86_64.rpm
4dd4c15971e1940ef4cadb72c634ddf2 2007.0/x86_64/lib64gimp2.0-devel-2.3.10-6.2mdv2007.0.x86_64.rpm
3206abfb7c40c66ae0b1900d09ba3ac7 2007.0/x86_64/lib64gimp2.0_0-2.3.10-6.2mdv2007.0.x86_64.rpm
4b3fd719205b5783c8e95b26152754c1 2007.0/SRPMS/gimp-2.3.10-6.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
a1ab4c6bd8adc03e8dff8d571ea71238 2007.1/i586/gimp-2.3.14-3.1mdv2007.1.i586.rpm
df478231fee2f1746100a63ddee9fa1c 2007.1/i586/gimp-python-2.3.14-3.1mdv2007.1.i586.rpm
1e6e115efe6311a08221e59ff0202add 2007.1/i586/libgimp2.0-devel-2.3.14-3.1mdv2007.1.i586.rpm
c0ca0e48c691d52c057e2e48f126228d 2007.1/i586/libgimp2.0_0-2.3.14-3.1mdv2007.1.i586.rpm
dbd612719f10a2b5f17766baf33994f6 2007.1/SRPMS/gimp-2.3.14-3.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
61be8d037ff7bb07dbd9456bc787d59c 2007.1/x86_64/gimp-2.3.14-3.1mdv2007.1.x86_64.rpm
809dde5e40c10a22ffa71f79c969c144 2007.1/x86_64/gimp-python-2.3.14-3.1mdv2007.1.x86_64.rpm
c16813e13a87f367e29336cf3e2e2cdc 2007.1/x86_64/lib64gimp2.0-devel-2.3.14-3.1mdv2007.1.x86_64.rpm
fef1cea1d6c4938053b6844b22c359e4 2007.1/x86_64/lib64gimp2.0_0-2.3.14-3.1mdv2007.1.x86_64.rpm
dbd612719f10a2b5f17766baf33994f6 2007.1/SRPMS/gimp-2.3.14-3.1mdv2007.1.src.rpm

Corporate 3.0:
8b03f11448dbb4e94e2b8b8dc5224fa2 corporate/3.0/i586/gimp-1.2.5-13.1.C30mdk.i586.rpm
e2bf163b19111bd0375574ac94f815a0 corporate/3.0/i586/gimp-doc-1.2.5-13.1.C30mdk.i586.rpm
5818d368ee1d660e4c8f15f5e9ac7ebf corporate/3.0/i586/gimp-perl-1.2.5-13.1.C30mdk.i586.rpm
4c6769052b0ffc3929191cd357983345 corporate/3.0/i586/libgimp1.2-1.2.5-13.1.C30mdk.i586.rpm
249569270aca413afc117b1decff2a18 corporate/3.0/i586/libgimp1.2_1-1.2.5-13.1.C30mdk.i586.rpm
13297c783d7b0c16eb86530025e746bb corporate/3.0/i586/libgimp1.2_1-devel-1.2.5-13.1.C30mdk.i586.rpm
88ffadd4803267b9271909c2584bd8d8 corporate/3.0/SRPMS/gimp-1.2.5-13.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
0b447fbcd1c904381bf2447a314d89af corporate/3.0/x86_64/gimp-1.2.5-13.1.C30mdk.x86_64.rpm
96df5c88bdee06776d0eae5108508c72 corporate/3.0/x86_64/gimp-doc-1.2.5-13.1.C30mdk.x86_64.rpm
5275b1da8478c720e516cce148629e86 corporate/3.0/x86_64/gimp-perl-1.2.5-13.1.C30mdk.x86_64.rpm
0ed195ecae3bcfc25994dee7d8f88134 corporate/3.0/x86_64/lib64gimp1.2-1.2.5-13.1.C30mdk.x86_64.rpm
968cb26a97556435cd19b5f1ee3199e6 corporate/3.0/x86_64/lib64gimp1.2_1-1.2.5-13.1.C30mdk.x86_64.rpm
3054dc681958467b93d83d98351de5da corporate/3.0/x86_64/lib64gimp1.2_1-devel-1.2.5-13.1.C30mdk.x86_64.rpm
88ffadd4803267b9271909c2584bd8d8 corporate/3.0/SRPMS/gimp-1.2.5-13.1.C30mdk.src.rpm

References

http://www.vupen.com/english/advisories/2007/1913
http://archives.mandrivalinux.com/security-announce/2007-05/msg00027.php

ChangeLog

2007-05-23 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.