ID FEDORA_2011-10761.NASL Type nessus Reporter Tenable Modified 2016-05-11T00:00:00
Description
This update adds checks to avoid heap corruption and buffer overflows when loading GIF image files (CVE-2011-2896). Additionally, it fixes a bug which caused GIMP to print an unnecessary warning to the command line on startup.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2011-10761.
#
include("compat.inc");
if (description)
{
script_id(55949);
script_version("$Revision: 1.8 $");
script_cvs_date("$Date: 2016/05/11 13:24:19 $");
script_cve_id("CVE-2011-2896");
script_bugtraq_id(49148);
script_xref(name:"FEDORA", value:"2011-10761");
script_name(english:"Fedora 16 : gimp-2.6.11-21.fc16 (2011-10761)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update adds checks to avoid heap corruption and buffer overflows
when loading GIF image files (CVE-2011-2896). Additionally, it fixes a
bug which caused GIMP to print an unnecessary warning to the command
line on startup.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=727800"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064232.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?9d3ff5d7"
);
script_set_attribute(attribute:"solution", value:"Update the affected gimp package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gimp");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16");
script_set_attribute(attribute:"patch_publication_date", value:"2011/08/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/23");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC16", reference:"gimp-2.6.11-21.fc16")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp");
}
{"id": "FEDORA_2011-10761.NASL", "bulletinFamily": "scanner", "title": "Fedora 16 : gimp-2.6.11-21.fc16 (2011-10761)", "description": "This update adds checks to avoid heap corruption and buffer overflows when loading GIF image files (CVE-2011-2896). Additionally, it fixes a bug which caused GIMP to print an unnecessary warning to the command line on startup.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-08-23T00:00:00", "modified": "2016-05-11T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=55949", "reporter": "Tenable", "references": ["http://www.nessus.org/u?9d3ff5d7", "https://bugzilla.redhat.com/show_bug.cgi?id=727800"], "cvelist": ["CVE-2011-2896"], "type": "nessus", "lastseen": "2017-10-29T13:43:20", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2011-2896"], "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This update adds checks to avoid heap corruption and buffer overflows when loading GIF image files (CVE-2011-2896). Additionally, it fixes a bug which caused GIMP to print an unnecessary warning to the command line on startup.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "b4b8b3e2321a94baba8fe77d563caa0ad0b856ba8661d48a7ba920121a767c20", "hashmap": [{"hash": "2f98c4deb1f1fb7aa0a16013a9f5ee01", "key": "modified"}, {"hash": "b01e4b92ec32116a3ec3d9ad6b1efaf2", "key": "cvelist"}, {"hash": "15c0583006ff0096279ead9178924a1c", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "631eb300ecd8211a618ba152ab44deb1", "key": "href"}, {"hash": "47615f03f7d90a0ab5e71169bb26602b", "key": "sourceData"}, {"hash": "88e04999358e76acae57a21bcf224d40", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "7ce220cfb26941a5edb55433c24ad6a7", "key": "references"}, {"hash": "370af1d9602b0e2a3e11fe4282b7eb46", "key": "title"}, {"hash": "fe347e3dee23c9904f39c3b770a25ea3", "key": "published"}, {"hash": "20d8ac862aab02f1dc901eca7d65b401", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=55949", "id": "FEDORA_2011-10761.NASL", "lastseen": "2016-09-26T17:26:02", "modified": "2016-05-11T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "55949", "published": "2011-08-23T00:00:00", "references": ["http://www.nessus.org/u?9d3ff5d7", "https://bugzilla.redhat.com/show_bug.cgi?id=727800"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-10761.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55949);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/05/11 13:24:19 $\");\n\n script_cve_id(\"CVE-2011-2896\");\n script_bugtraq_id(49148);\n script_xref(name:\"FEDORA\", value:\"2011-10761\");\n\n script_name(english:\"Fedora 16 : gimp-2.6.11-21.fc16 (2011-10761)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update adds checks to avoid heap corruption and buffer overflows\nwhen loading GIF image files (CVE-2011-2896). Additionally, it fixes a\nbug which caused GIMP to print an unnecessary warning to the command\nline on startup.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=727800\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064232.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9d3ff5d7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"gimp-2.6.11-21.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp\");\n}\n", "title": "Fedora 16 : gimp-2.6.11-21.fc16 (2011-10761)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:02"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "c046d9f3e58fcd9810e74d7740e93459"}, {"key": "cvelist", "hash": "b01e4b92ec32116a3ec3d9ad6b1efaf2"}, {"key": "cvss", "hash": "88e04999358e76acae57a21bcf224d40"}, {"key": "description", "hash": "20d8ac862aab02f1dc901eca7d65b401"}, {"key": "href", "hash": "631eb300ecd8211a618ba152ab44deb1"}, {"key": "modified", "hash": "2f98c4deb1f1fb7aa0a16013a9f5ee01"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "15c0583006ff0096279ead9178924a1c"}, {"key": "published", "hash": "fe347e3dee23c9904f39c3b770a25ea3"}, {"key": "references", "hash": "7ce220cfb26941a5edb55433c24ad6a7"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "47615f03f7d90a0ab5e71169bb26602b"}, {"key": "title", "hash": "370af1d9602b0e2a3e11fe4282b7eb46"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "8a1d849548b4e08f28957f28bda85cd3426e70dfccfeb2df18d24c5297784648", "viewCount": 0, "enchantments": {"vulnersScore": 2.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-10761.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55949);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/05/11 13:24:19 $\");\n\n script_cve_id(\"CVE-2011-2896\");\n script_bugtraq_id(49148);\n script_xref(name:\"FEDORA\", value:\"2011-10761\");\n\n script_name(english:\"Fedora 16 : gimp-2.6.11-21.fc16 (2011-10761)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update adds checks to avoid heap corruption and buffer overflows\nwhen loading GIF image files (CVE-2011-2896). Additionally, it fixes a\nbug which caused GIMP to print an unnecessary warning to the command\nline on startup.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=727800\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064232.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9d3ff5d7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"gimp-2.6.11-21.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "55949", "cpe": ["cpe:/o:fedoraproject:fedora:16", "p-cpe:/a:fedoraproject:fedora:gimp"]}
{"result": {"cve": [{"id": "CVE-2011-2896", "type": "cve", "title": "CVE-2011-2896", "description": "The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.", "published": "2011-08-19T13:55:03", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2896", "cvelist": ["CVE-2011-2896"], "lastseen": "2018-01-06T12:20:45"}], "openvas": [{"id": "OPENVAS:870561", "type": "openvas", "title": "RedHat Update for cups RHSA-2012:0302-03", "description": "Check for the Version of cups", "published": "2012-02-21T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870561", "cvelist": ["CVE-2011-2896"], "lastseen": "2018-01-02T10:56:50"}, {"id": "OPENVAS:1361412562310122039", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1635", "description": "Oracle Linux Local Security Checks ELSA-2011-1635", "published": "2015-10-06T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122039", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-07-24T12:53:27"}, {"id": "OPENVAS:840753", "type": "openvas", "title": "Ubuntu Update for gimp USN-1214-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1214-1", "published": "2011-09-23T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840753", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-12-04T11:27:15"}, {"id": "OPENVAS:863486", "type": "openvas", "title": "Fedora Update for pl FEDORA-2011-11318", "description": "Check for the Version of pl", "published": "2011-09-12T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=863486", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-07-25T10:55:33"}, {"id": "OPENVAS:1361412562310123973", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0302", "description": "Oracle Linux Local Security Checks ELSA-2012-0302", "published": "2015-10-06T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123973", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-07-24T12:52:50"}, {"id": "OPENVAS:1361412562310863486", "type": "openvas", "title": "Fedora Update for pl FEDORA-2011-11318", "description": "Check for the Version of pl", "published": "2011-09-12T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863486", "cvelist": ["CVE-2011-2896"], "lastseen": "2018-04-09T11:36:27"}, {"id": "OPENVAS:863867", "type": "openvas", "title": "Fedora Update for gimp FEDORA-2011-10761", "description": "Check for the Version of gimp", "published": "2012-04-02T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=863867", "cvelist": ["CVE-2011-2896"], "lastseen": "2018-01-03T10:56:46"}, {"id": "OPENVAS:863485", "type": "openvas", "title": "Fedora Update for pl FEDORA-2011-11305", "description": "Check for the Version of pl", "published": "2011-09-12T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=863485", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-07-25T10:55:25"}, {"id": "OPENVAS:1361412562310870611", "type": "openvas", "title": "RedHat Update for cups RHSA-2011:1635-03", "description": "Check for the Version of cups", "published": "2012-07-09T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870611", "cvelist": ["CVE-2011-2896"], "lastseen": "2018-04-06T11:17:49"}, {"id": "OPENVAS:1361412562310863485", "type": "openvas", "title": "Fedora Update for pl FEDORA-2011-11305", "description": "Check for the Version of pl", "published": "2011-09-12T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863485", "cvelist": ["CVE-2011-2896"], "lastseen": "2018-04-09T11:35:49"}], "redhat": [{"id": "RHSA-2012:0302", "type": "redhat", "title": "(RHSA-2012:0302) Low: cups security and bug fix update", "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\nfor Linux, UNIX, and similar operating systems.\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)\ndecompression algorithm implementation used by the CUPS GIF image format\nreader. An attacker could create a malicious GIF image file that, when\nprinted, could possibly cause CUPS to crash or, potentially, execute\narbitrary code with the privileges of the \"lp\" user. (CVE-2011-2896)\n\nThis update also fixes the following bugs:\n\n* Prior to this update, the \"Show Completed Jobs,\" \"Show All Jobs,\" and\n\"Show Active Jobs\" buttons returned results globally across all printers\nand not the results for the specified printer. With this update, jobs from\nonly the selected printer are shown. (BZ#625900)\n\n* Prior to this update, the code of the serial backend contained a wrong\ncondition. As a consequence, print jobs on the raw print queue could not be\ncanceled. This update modifies the condition in the serial backend code.\nNow, the user can cancel these print jobs. (BZ#625955)\n\n* Prior to this update, the textonly filter did not work if used as a pipe,\nfor example when the command line did not specify the filename and the\nnumber of copies was always 1. This update modifies the condition in the\ntextonly filter. Now, the data are sent to the printer regardless of the\nnumber of copies specified. (BZ#660518)\n\n* Prior to this update, the file descriptor count increased until it ran\nout of resources when the cups daemon was running with enabled\nSecurity-Enhanced Linux (SELinux) features. With this update, all resources\nare allocated only once. (BZ#668009)\n\n* Prior to this update, CUPS incorrectly handled the en_US.ASCII value for\nthe LANG environment variable. As a consequence, the lpadmin, lpstat, and\nlpinfo binaries failed to write to standard output if using LANG with the\nvalue. This update fixes the handling of the en_US.ASCII value and the\nbinaries now write to standard output properly. (BZ#759081)\n\nAll users of cups are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing this\nupdate, the cupsd daemon will be restarted automatically.\n", "published": "2012-02-21T05:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2012:0302", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-09-09T07:20:34"}, {"id": "RHSA-2011:1635", "type": "redhat", "title": "(RHSA-2011:1635) Low: cups security and bug fix update", "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems.\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)\ndecompression algorithm implementation used by the CUPS GIF image format\nreader. An attacker could create a malicious GIF image file that, when\nprinted, could possibly cause CUPS to crash or, potentially, execute\narbitrary code with the privileges of the \"lp\" user. (CVE-2011-2896)\n\nThese updated cups packages also provide fixes for the following bugs:\n\n* Previously CUPS was not correctly handling the language setting\nLANG=en_US.ASCII. As a consequence lpadmin, lpstat and lpinfo binaries were\nnot displaying any output when the LANG=en_US.ASCII environment variable\nwas used. As a result of this update the problem is fixed and the expected\noutput is now displayed. (BZ#681836)\n\n* Previously the scheduler did not check for empty values of several\nconfiguration directives. As a consequence it was possible for the CUPS\ndaemon (cupsd) to crash when a configuration file contained certain empty\nvalues. With this update the problem is fixed and cupsd no longer crashes\nwhen reading such a configuration file. (BZ#706673)\n\n* Previously when printing to a raw print queue, when using certain printer\nmodels, CUPS was incorrectly sending SNMP queries. As a consequence there\nwas a noticeable 4-second delay between queueing the job and the start of\nprinting. With this update the problem is fixed and CUPS no longer tries to\ncollect SNMP supply and status information for raw print queues.\n(BZ#709896)\n\n* Previously when using the BrowsePoll directive it could happen that the\nCUPS printer polling daemon (cups-polld) began polling before the network\ninterfaces were set up after a system boot. CUPS was then caching the\nfailed hostname lookup. As a consequence no printers were found and the\nerror, \"Host name lookup failure\", was logged. With this update the code\nthat re-initializes the resolver after failure in cups-polld is fixed and\nas a result CUPS will obtain the correct network settings to use in printer\ndiscovery. (BZ#712430)\n\n* The MaxJobs directive controls the maximum number of print jobs that are\nkept in memory. Previously, once the number of jobs reached the limit, the\nCUPS system failed to automatically purge the data file associated with the\noldest completed job from the system in order to make room for a new print\njob. This bug has been fixed, and the jobs beyond the set limit are now\nproperly purged. (BZ#735505)\n\n* The cups init script (/etc/rc.d/init.d/cups) uses the daemon function\n(from /etc/rc.d/init.d/functions) to start the cups process, but previously\nit did not source a configuration file from the /etc/sysconfig/ directory.\nAs a consequence, it was difficult to cleanly set the nice level or cgroup\nfor the cups daemon by setting the NICELEVEL or CGROUP_DAEMON variables.\nWith this update, the init script is fixed. (BZ#744791)\n\nAll users of CUPS are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing this\nupdate, the cupsd daemon will be restarted automatically.\n", "published": "2011-12-06T05:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:1635", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-12-25T20:06:18"}, {"id": "RHSA-2012:1180", "type": "redhat", "title": "(RHSA-2012:1180) Moderate: gimp security update", "description": "The GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's GIF image format plug-in. An attacker could create a\nspecially-crafted GIF image file that, when opened, could cause the GIF\nplug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2012-3481)\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)\ndecompression algorithm implementation used by the GIMP's GIF image format\nplug-in. An attacker could create a specially-crafted GIF image file that,\nwhen opened, could cause the GIF plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2011-2896)\n\nA heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file\nformat plug-in. An attacker could create a specially-crafted KiSS palette\nfile that, when opened, could cause the CEL plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2012-3403)\n\nRed Hat would like to thank Matthias Weckbecker of the SUSE Security Team\nfor reporting the CVE-2012-3481 issue.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The GIMP must be\nrestarted for the update to take effect.\n", "published": "2012-08-20T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1180", "cvelist": ["CVE-2011-2896", "CVE-2012-3403", "CVE-2012-3481"], "lastseen": "2017-12-25T20:05:43"}, {"id": "RHSA-2012:1181", "type": "redhat", "title": "(RHSA-2012:1181) Moderate: gimp security update", "description": "The GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An\nattacker could create a specially-crafted PSD image file that, when opened,\ncould cause the PSD plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-3909,\nCVE-2012-3402)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's GIF image format plug-in. An attacker could create a\nspecially-crafted GIF image file that, when opened, could cause the GIF\nplug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2012-3481)\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)\ndecompression algorithm implementation used by the GIMP's GIF image format\nplug-in. An attacker could create a specially-crafted GIF image file that,\nwhen opened, could cause the GIF plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2011-2896)\n\nA heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file\nformat plug-in. An attacker could create a specially-crafted KiSS palette\nfile that, when opened, could cause the CEL plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2012-3403)\n\nRed Hat would like to thank Secunia Research for reporting CVE-2009-3909,\nand Matthias Weckbecker of the SUSE Security Team for reporting\nCVE-2012-3481.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The GIMP must be\nrestarted for the update to take effect.\n", "published": "2012-08-20T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1181", "cvelist": ["CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403", "CVE-2012-3481"], "lastseen": "2017-09-09T07:19:22"}], "nessus": [{"id": "REDHAT-RHSA-2011-1635.NASL", "type": "nessus", "title": "RHEL 6 : cups (RHSA-2011:1635)", "description": "Updated cups packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems.\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the 'lp' user. (CVE-2011-2896)\n\nThese updated cups packages also provide fixes for the following bugs :\n\n* Previously CUPS was not correctly handling the language setting LANG=en_US.ASCII. As a consequence lpadmin, lpstat and lpinfo binaries were not displaying any output when the LANG=en_US.ASCII environment variable was used. As a result of this update the problem is fixed and the expected output is now displayed. (BZ#681836)\n\n* Previously the scheduler did not check for empty values of several configuration directives. As a consequence it was possible for the CUPS daemon (cupsd) to crash when a configuration file contained certain empty values. With this update the problem is fixed and cupsd no longer crashes when reading such a configuration file. (BZ#706673)\n\n* Previously when printing to a raw print queue, when using certain printer models, CUPS was incorrectly sending SNMP queries. As a consequence there was a noticeable 4-second delay between queueing the job and the start of printing. With this update the problem is fixed and CUPS no longer tries to collect SNMP supply and status information for raw print queues. (BZ#709896)\n\n* Previously when using the BrowsePoll directive it could happen that the CUPS printer polling daemon (cups-polld) began polling before the network interfaces were set up after a system boot. CUPS was then caching the failed hostname lookup. As a consequence no printers were found and the error, 'Host name lookup failure', was logged. With this update the code that re-initializes the resolver after failure in cups-polld is fixed and as a result CUPS will obtain the correct network settings to use in printer discovery. (BZ#712430)\n\n* The MaxJobs directive controls the maximum number of print jobs that are kept in memory. Previously, once the number of jobs reached the limit, the CUPS system failed to automatically purge the data file associated with the oldest completed job from the system in order to make room for a new print job. This bug has been fixed, and the jobs beyond the set limit are now properly purged. (BZ#735505)\n\n* The cups init script (/etc/rc.d/init.d/cups) uses the daemon function (from /etc/rc.d/init.d/functions) to start the cups process, but previously it did not source a configuration file from the /etc/sysconfig/ directory. As a consequence, it was difficult to cleanly set the nice level or cgroup for the cups daemon by setting the NICELEVEL or CGROUP_DAEMON variables. With this update, the init script is fixed. (BZ#744791)\n\nAll users of CUPS are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the cupsd daemon will be restarted automatically.", "published": "2011-12-06T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57018", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-10-29T13:42:31"}, {"id": "FEDORA_2011-11221.NASL", "type": "nessus", "title": "Fedora 14 : cups-1.4.8-2.fc14 (2011-11221)", "description": "This update avoids a GIF reader loop (CVE-2011-2896). The new upstream release fixes a number of scheduler, driver, and backend issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-09-12T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56148", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-10-29T13:45:50"}, {"id": "SUSE_GIMP-7776.NASL", "type": "nessus", "title": "SuSE 10 Security Update : Gimp (ZYPP Patch Number 7776)", "description": "Specially crafted gif files could have caused an infinite loop or a heap-based buffer overflow in the gif decoder (CVE-2011-2896). This has been fixed.", "published": "2011-12-13T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57200", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-10-29T13:33:26"}, {"id": "SL_20111206_CUPS_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : cups on SL6.x i386/x86_64", "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems.\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the 'lp' user. (CVE-2011-2896)\n\nThese updated cups packages also provide fixes for the following bugs :\n\n - Previously CUPS was not correctly handling the language setting LANG=en_US.ASCII. As a consequence lpadmin, lpstat and lpinfo binaries were not displaying any output when the LANG=en_US.ASCII environment variable was used. As a result of this update the problem is fixed and the expected output is now displayed.\n\n - Previously the scheduler did not check for empty values of several configuration directives. As a consequence it was possible for the CUPS daemon (cupsd) to crash when a configuration file contained certain empty values. With this update the problem is fixed and cupsd no longer crashes when reading such a configuration file.\n\n - Previously when printing to a raw print queue, when using certain printer models, CUPS was incorrectly sending SNMP queries. As a consequence there was a noticeable 4-second delay between queueing the job and the start of printing. With this update the problem is fixed and CUPS no longer tries to collect SNMP supply and status information for raw print queues.\n\n - Previously when using the BrowsePoll directive it could happen that the CUPS printer polling daemon (cups-polld) began polling before the network interfaces were set up after a system boot. CUPS was then caching the failed hostname lookup. As a consequence no printers were found and the error, 'Host name lookup failure', was logged.\n With this update the code that re-initializes the resolver after failure in cups-polld is fixed and as a result CUPS will obtain the correct network settings to use in printer discovery.\n\n - The MaxJobs directive controls the maximum number of print jobs that are kept in memory. Previously, once the number of jobs reached the limit, the CUPS system failed to automatically purge the data file associated with the oldest completed job from the system in order to make room for a new print job. This bug has been fixed, and the jobs beyond the set limit are now properly purged.\n\n - The cups init script (/etc/rc.d/init.d/cups) uses the daemon function (from /etc/rc.d/init.d/functions) to start the cups process, but previously it did not source a configuration file from the /etc/sysconfig/ directory.\n As a consequence, it was difficult to cleanly set the nice level or cgroup for the cups daemon by setting the NICELEVEL or CGROUP_DAEMON variables. With this update, the init script is fixed.\n\nAll users of CUPS are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the cupsd daemon will be restarted automatically.", "published": "2012-08-01T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=61186", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-10-29T13:37:04"}, {"id": "SUSE_11_3_GIMP-110916.NASL", "type": "nessus", "title": "openSUSE Security Update : gimp (openSUSE-SU-2011:1152-1)", "description": "specially crafted gif files could cause an infinite loop or a heap-based buffer overflow in the gif decoder (CVE-2011-2896).", "published": "2014-06-13T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75515", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-10-29T13:35:50"}, {"id": "UBUNTU_USN-1214-1.NASL", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : gimp vulnerability (USN-1214-1)", "description": "Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-09-23T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56280", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-10-29T13:44:40"}, {"id": "FEDORA_2011-10788.NASL", "type": "nessus", "title": "Fedora 15 : gimp-2.6.11-21.fc15 (2011-10788)", "description": "This update adds checks to avoid heap corruption and buffer overflows when loading GIF image files (CVE-2011-2896). Additionally, it fixes a bug which caused GIMP to print an unnecessary warning to the command line on startup.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-08-20T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=55911", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-10-29T13:35:49"}, {"id": "ORACLELINUX_ELSA-2012-0302.NASL", "type": "nessus", "title": "Oracle Linux 5 : cups (ELSA-2012-0302)", "description": "From Red Hat Security Advisory 2012:0302 :\n\nUpdated cups packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the 'lp' user. (CVE-2011-2896)\n\nThis update also fixes the following bugs :\n\n* Prior to this update, the 'Show Completed Jobs,' 'Show All Jobs,' and 'Show Active Jobs' buttons returned results globally across all printers and not the results for the specified printer. With this update, jobs from only the selected printer are shown. (BZ#625900)\n\n* Prior to this update, the code of the serial backend contained a wrong condition. As a consequence, print jobs on the raw print queue could not be canceled. This update modifies the condition in the serial backend code. Now, the user can cancel these print jobs.\n(BZ#625955)\n\n* Prior to this update, the textonly filter did not work if used as a pipe, for example when the command line did not specify the filename and the number of copies was always 1. This update modifies the condition in the textonly filter. Now, the data are sent to the printer regardless of the number of copies specified. (BZ#660518)\n\n* Prior to this update, the file descriptor count increased until it ran out of resources when the cups daemon was running with enabled Security-Enhanced Linux (SELinux) features. With this update, all resources are allocated only once. (BZ#668009)\n\n* Prior to this update, CUPS incorrectly handled the en_US.ASCII value for the LANG environment variable. As a consequence, the lpadmin, lpstat, and lpinfo binaries failed to write to standard output if using LANG with the value. This update fixes the handling of the en_US.ASCII value and the binaries now write to standard output properly. (BZ#759081)\n\nAll users of cups are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the cupsd daemon will be restarted automatically.", "published": "2013-07-12T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68473", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-10-29T13:37:26"}, {"id": "FEDORA_2011-11173.NASL", "type": "nessus", "title": "Fedora 16 : cups-1.5.0-6.fc16 (2011-11173)", "description": "This update avoids a GIF reader loop (CVE-2011-2896). This update enables CUPS by default. This update re-introduces support for Avahi.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-08-31T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56014", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-10-29T13:44:55"}, {"id": "SUSE_11_4_GIMP-110916.NASL", "type": "nessus", "title": "openSUSE Security Update : gimp (openSUSE-SU-2011:1152-1)", "description": "specially crafted gif files could cause an infinite loop or a heap-based buffer overflow in the gif decoder (CVE-2011-2896).", "published": "2014-06-13T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75850", "cvelist": ["CVE-2011-2896"], "lastseen": "2017-10-29T13:35:53"}], "oraclelinux": [{"id": "ELSA-2011-1635", "type": "oraclelinux", "title": "cups security and bug fix update", "description": "[1.4.2-44]\n- Init script should source /etc/sysconfig/cups (bug #744791)\n[1.4.2-43]\n- The scheduler might leave old job data files in the spool directory\n (STR #3795, STR #3880, bug #735505).\n[1.4.2-42]\n- A further fix for imageto* filters crashing with bad GIF files\n (STR #3914, bug #714118).\n[1.4.2-41]\n- The imageto* filters could crash with bad GIF files (STR #3867, bug #714118).\n[1.4.2-40]\n- Map ASCII to ISO-8859-1 in the transcoding code (STR #3832, bug #681836).\n- Check for empty values for some configuration directives (STR #3861, bug #706673).\n- The network backends no longer try to collect SNMP supply and status\n information for raw queues (STR #3809, bug #709896).\n- Handle EAI_NONAME when resolving hostnames (bug #712430).", "published": "2011-12-14T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2011-1635.html", "cvelist": ["CVE-2011-2896"], "lastseen": "2016-09-04T11:16:04"}, {"id": "ELSA-2012-0302", "type": "oraclelinux", "title": "cups security and bug fix update", "description": "[1:1.3.7-30]\n- Backported patch to fix transcoding for ASCII (bug #759081, STR #3832).\n[1:1.3.7-29]\n- The imageto* filters could crash with bad GIF files\n (CVE-2011-2896, STR #3867, STR #3914, bug #752118).\n[1:1.3.7-28]\n- Web interface didn't show completed jobs for printer (STR #3436, bug #625900)\n- Serial backend didn't allow a raw job to be canceled (STR #3649, bug #625955)\n- Fixed condition in textonly filter to create temporary file\n regardless of the number of copies specified. (bug #660518)\n[1:1.3.7-27]\n- Call avc_init() only once to not leak file descriptors (bug #668009).", "published": "2012-03-01T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2012-0302.html", "cvelist": ["CVE-2011-2896"], "lastseen": "2016-09-04T11:16:36"}, {"id": "ELSA-2012-1180", "type": "oraclelinux", "title": "gimp security update", "description": "[2:2.6.9-4.3]\n- fix overflow in GIF loader (#847303)\n[2:2.6.9-4.2]\n- fix overflows in GIF, CEL loaders (#727800, #839020)", "published": "2012-08-20T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2012-1180.html", "cvelist": ["CVE-2012-3403", "CVE-2012-3481", "CVE-2011-2896"], "lastseen": "2016-09-04T11:16:50"}, {"id": "ELSA-2012-1181", "type": "oraclelinux", "title": "gimp security update", "description": "[2:2.2.13-2.0.7.el5_8.5]\n- fix overflow in GIF loader (CVE-2012-3481)\n[2:2.2.13-2.0.7.el5_8.4]\n- fix overflows in PSD plugin (CVE-2009-3909, CVE-2012-3402)\n- fix heap corruption and overflow in GIF plug-in (CVE-2011-2896)\n- fix overflow in CEL plug-in (CVE-2012-3403)", "published": "2012-08-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2012-1181.html", "cvelist": ["CVE-2012-3403", "CVE-2009-3909", "CVE-2012-3402", "CVE-2012-3481", "CVE-2011-2896"], "lastseen": "2016-09-04T11:16:17"}], "ubuntu": [{"id": "USN-1214-1", "type": "ubuntu", "title": "GIMP vulnerability", "description": "Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user\u2019s privileges.", "published": "2011-09-22T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/1214-1/", "cvelist": ["CVE-2011-2896"], "lastseen": "2018-03-29T18:18:51"}, {"id": "USN-1207-1", "type": "ubuntu", "title": "CUPS vulnerabilities", "description": "Tomas Hoger discovered that the CUPS image library incorrectly handled LZW streams. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code.", "published": "2011-09-14T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/1207-1/", "cvelist": ["CVE-2011-3170", "CVE-2011-2896"], "lastseen": "2018-03-29T18:21:19"}], "debian": [{"id": "DSA-2354", "type": "debian", "title": "cups -- several vulnerabilities", "description": "Petr Sklenar and Tomas Hoger discovered that missing input sanitising in the GIF decoder inside the CUPS printing system could lead to denial of service or potentially arbitrary code execution through crafted GIF files.\n\nFor the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny10.\n\nFor the stable distribution (squeeze), this problem has been fixed in version 1.4.4-7+squeeze1.\n\nFor the testing (wheezy) and unstable distributions (sid), this problem has been fixed in version 1.5.0-8.\n\nWe recommend that you upgrade your cups packages.", "published": "2011-11-28T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2354", "cvelist": ["CVE-2011-3170", "CVE-2011-2896"], "lastseen": "2016-09-02T18:34:20"}, {"id": "DSA-2426", "type": "debian", "title": "gimp -- several vulnerabilities", "description": "Several vulnerabilities have been identified in GIMP, the GNU Image Manipulation Program.\n\n * [CVE-2010-4540](<https://security-tracker.debian.org/tracker/CVE-2010-4540>)\n\nStack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the LIGHTING EFFECTS & LIGHT plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file.\n\n * [CVE-2010-4541](<https://security-tracker.debian.org/tracker/CVE-2010-4541>)\n\nStack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Number of lights field in a plugin configuration file.\n\n * [CVE-2010-4542](<https://security-tracker.debian.org/tracker/CVE-2010-4542>)\n\nStack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in the GFIG plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file.\n\n * [CVE-2010-4543](<https://security-tracker.debian.org/tracker/CVE-2010-4543>)\n\nHeap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image.\n\n * [CVE-2011-1782](<https://security-tracker.debian.org/tracker/CVE-2011-1782>)\n\nThe correction for [CVE-2010-4543](<https://security-tracker.debian.org/tracker/CVE-2010-4543>) was incomplete.\n\n * [CVE-2011-2896](<https://security-tracker.debian.org/tracker/CVE-2011-2896>)\n\nThe LZW decompressor in the LZWReadByte function in plug-ins/common/file-gif-load.c does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream.\n\nFor the stable distribution (squeeze), these problems have been fixed in version 2.6.10-1+squeeze3.\n\nFor the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 2.6.11-5.\n\nWe recommend that you upgrade your gimp packages.", "published": "2012-03-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2426", "cvelist": ["CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1782", "CVE-2010-4540", "CVE-2010-4543", "CVE-2011-2896"], "lastseen": "2016-09-02T18:24:52"}], "centos": [{"id": "CESA-2012:1180", "type": "centos", "title": "gimp security update", "description": "**CentOS Errata and Security Advisory** CESA-2012:1180\n\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's GIF image format plug-in. An attacker could create a\nspecially-crafted GIF image file that, when opened, could cause the GIF\nplug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2012-3481)\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)\ndecompression algorithm implementation used by the GIMP's GIF image format\nplug-in. An attacker could create a specially-crafted GIF image file that,\nwhen opened, could cause the GIF plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2011-2896)\n\nA heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file\nformat plug-in. An attacker could create a specially-crafted KiSS palette\nfile that, when opened, could cause the CEL plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2012-3403)\n\nRed Hat would like to thank Matthias Weckbecker of the SUSE Security Team\nfor reporting the CVE-2012-3481 issue.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The GIMP must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-August/018813.html\n\n**Affected packages:**\ngimp\ngimp-devel\ngimp-devel-tools\ngimp-help-browser\ngimp-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1180.html", "published": "2012-08-20T12:23:59", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2012-August/018813.html", "cvelist": ["CVE-2012-3403", "CVE-2012-3481", "CVE-2011-2896"], "lastseen": "2017-10-03T18:26:14"}, {"id": "CESA-2012:1181", "type": "centos", "title": "gimp security update", "description": "**CentOS Errata and Security Advisory** CESA-2012:1181\n\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An\nattacker could create a specially-crafted PSD image file that, when opened,\ncould cause the PSD plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-3909,\nCVE-2012-3402)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's GIF image format plug-in. An attacker could create a\nspecially-crafted GIF image file that, when opened, could cause the GIF\nplug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2012-3481)\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)\ndecompression algorithm implementation used by the GIMP's GIF image format\nplug-in. An attacker could create a specially-crafted GIF image file that,\nwhen opened, could cause the GIF plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2011-2896)\n\nA heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file\nformat plug-in. An attacker could create a specially-crafted KiSS palette\nfile that, when opened, could cause the CEL plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2012-3403)\n\nRed Hat would like to thank Secunia Research for reporting CVE-2009-3909,\nand Matthias Weckbecker of the SUSE Security Team for reporting\nCVE-2012-3481.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The GIMP must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-August/018809.html\n\n**Affected packages:**\ngimp\ngimp-devel\ngimp-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1181.html", "published": "2012-08-20T11:14:54", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2012-August/018809.html", "cvelist": ["CVE-2012-3403", "CVE-2009-3909", "CVE-2012-3402", "CVE-2012-3481", "CVE-2011-2896"], "lastseen": "2017-10-03T18:25:40"}], "gentoo": [{"id": "GLSA-201209-23", "type": "gentoo", "title": "GIMP: Multiple vulnerabilities", "description": "### Background\n\nGIMP is the GNU Image Manipulation Program.\n\n### Description\n\nMultiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GIMP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/gimp-2.6.12-r2\"", "published": "2012-09-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201209-23", "cvelist": ["CVE-2009-3909", "CVE-2012-3402", "CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2010-4540", "CVE-2010-4543", "CVE-2011-2896", "CVE-2009-1570", "CVE-2012-2763"], "lastseen": "2016-09-06T19:46:58"}]}}
