Security update for gimp

SUSE Security Update: Security update for gimp

Announcement ID:	SUSE-SU-2014:0214-1
Rating:	moderate
References:	#791372 #853423 #853425
Affected Products:	SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Desktop 11 SP3

An update that fixes three vulnerabilities is now available.

Description:

This update fixes the following security issues with gimp:

* bnc#853423: XWD plugin g_new() integer overflow
(CVE-2013-1913)
* bnc#853425: XWD plugin color map heap-based buffer
overflow (CVE-2013-1978)
* bnc#791372: memory corruption via XWD files
(CVE-2012-5576)

Security Issue references:

* CVE-2013-1913
>
* CVE-2012-5576
>
* CVE-2013-1978
>

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-gimp-8856
SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-gimp-8856

To bring your system up-to-date, use "zypper patch".

Package List:

SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):

gimp-2.6.2-3.34.45.1

gimp-devel-2.6.2-3.34.45.1

gimp-lang-2.6.2-3.34.45.1

gimp-plugins-python-2.6.2-3.34.45.1
SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):

gimp-2.6.2-3.34.45.1

gimp-lang-2.6.2-3.34.45.1

gimp-plugins-python-2.6.2-3.34.45.1

References:

http://support.novell.com/security/cve/CVE-2012-5576.html
http://support.novell.com/security/cve/CVE-2013-1913.html
http://support.novell.com/security/cve/CVE-2013-1978.html
https://bugzilla.novell.com/791372
https://bugzilla.novell.com/853423
https://bugzilla.novell.com/853425
http://download.novell.com/patch/finder/?keywords=0ad1765a09ee9612a60c4db564f15ae0