Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2012-1180.NASL
HistoryJul 12, 2013 - 12:00 a.m.

Oracle Linux 6 : gimp (ELSA-2012-1180)

2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

From Red Hat Security Advisory 2012:1180 :

Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The GIMP (GNU Image Manipulation Program) is an image composition and editing program.

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP’s GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481)

A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP’s GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896)

A heap-based buffer overflow flaw was found in the GIMP’s KiSS CEL file format plug-in. An attacker could create a specially crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403)

Red Hat would like to thank Matthias Weckbecker of the SUSE Security Team for reporting the CVE-2012-3481 issue.

Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2012:1180 and 
# Oracle Linux Security Advisory ELSA-2012-1180 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(68600);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2011-2896", "CVE-2012-3403", "CVE-2012-3481");
  script_xref(name:"RHSA", value:"2012:1180");

  script_name(english:"Oracle Linux 6 : gimp (ELSA-2012-1180)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2012:1180 :

Updated gimp packages that fix three security issues are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The GIMP (GNU Image Manipulation Program) is an image composition and
editing program.

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the GIMP's GIF image format plug-in. An attacker could create
a specially crafted GIF image file that, when opened, could cause the
GIF plug-in to crash or, potentially, execute arbitrary code with the
privileges of the user running the GIMP. (CVE-2012-3481)

A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch
(LZW) decompression algorithm implementation used by the GIMP's GIF
image format plug-in. An attacker could create a specially crafted GIF
image file that, when opened, could cause the GIF plug-in to crash or,
potentially, execute arbitrary code with the privileges of the user
running the GIMP. (CVE-2011-2896)

A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
file format plug-in. An attacker could create a specially crafted KiSS
palette file that, when opened, could cause the CEL plug-in to crash
or, potentially, execute arbitrary code with the privileges of the
user running the GIMP. (CVE-2012-3403)

Red Hat would like to thank Matthias Weckbecker of the SUSE Security
Team for reporting the CVE-2012-3481 issue.

Users of the GIMP are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. The GIMP
must be restarted for the update to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2012-August/002984.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected gimp packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp-devel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp-help-browser");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp-libs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL6", reference:"gimp-2.6.9-4.el6_3.3")) flag++;
if (rpm_check(release:"EL6", reference:"gimp-devel-2.6.9-4.el6_3.3")) flag++;
if (rpm_check(release:"EL6", reference:"gimp-devel-tools-2.6.9-4.el6_3.3")) flag++;
if (rpm_check(release:"EL6", reference:"gimp-help-browser-2.6.9-4.el6_3.3")) flag++;
if (rpm_check(release:"EL6", reference:"gimp-libs-2.6.9-4.el6_3.3")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-devel / gimp-devel-tools / gimp-help-browser / etc");
}
VendorProductVersionCPE
oraclelinuxgimpp-cpe:/a:oracle:linux:gimp
oraclelinuxgimp-develp-cpe:/a:oracle:linux:gimp-devel
oraclelinuxgimp-devel-toolsp-cpe:/a:oracle:linux:gimp-devel-tools
oraclelinuxgimp-help-browserp-cpe:/a:oracle:linux:gimp-help-browser
oraclelinuxgimp-libsp-cpe:/a:oracle:linux:gimp-libs
oraclelinux6cpe:/o:oracle:linux:6

Related

nessus 55
centos 2
openvas 70
oraclelinux 4
redhat 4
fedora 13
securityvulns 6
kaspersky 1
osv 2
gentoo 2
ubuntu 3
suse 4
ubuntucve 5
debiancve 5
prion 5
debian 3
cve 5
veracode 1
nessus
nessus
RHEL 6 : gimp (RHSA-2012:1180)
2012-08-21 00:00:00
Scientific Linux Security Update : gimp on SL6.x i386/x86_64 (20120820)
2012-08-21 00:00:00
CentOS 6 : gimp (CESA-2012:1180)
2012-08-21 00:00:00
centos
centos
gimp security update
2012-08-20 16:23:59
gimp security update
2012-08-20 15:14:54
openvas
openvas
CentOS Update for gimp CESA-2012:1180 centos6
2012-08-21 00:00:00
RedHat Update for gimp RHSA-2012:1180-01
2012-08-21 00:00:00
CentOS Update for gimp CESA-2012:1180 centos6
2012-08-21 00:00:00
oraclelinux
oraclelinux
gimp security update
2012-08-20 00:00:00
gimp security update
2012-08-20 00:00:00
cups security and bug fix update
2012-03-01 00:00:00
redhat
redhat
(RHSA-2012:1180) Moderate: gimp security update
2012-08-20 00:00:00
(RHSA-2012:1181) Moderate: gimp security update
2012-08-20 00:00:00
(RHSA-2011:1635) Low: cups security and bug fix update
2011-12-06 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: gimp-2.8.2-1.fc17
2012-08-28 23:28:57
[SECURITY] Fedora 16 Update: gimp-2.6.12-2.fc16
2012-09-02 00:25:41
[SECURITY] Fedora 18 Update: gimp-2.8.2-1.fc18
2012-09-17 23:09:59
securityvulns
securityvulns
[ MDVSA-2012:142 ] gimp
2012-08-27 00:00:00
GIMP security vulnerabilities
2012-08-27 00:00:00
[USN-1559-1] GIMP vulnerabilities
2012-09-19 00:00:00
kaspersky
kaspersky
KLA10167 DoS vulnerabilities in GIMP
2012-08-25 00:00:00
osv
osv
gimp - several
2013-12-09 00:00:00
gimp - several
2012-03-06 00:00:00
gentoo
gentoo
GIMP: Multiple vulnerabilities
2013-11-10 00:00:00
GIMP: Multiple vulnerabilities
2012-09-28 00:00:00
ubuntu
ubuntu
GIMP vulnerabilities
2012-09-10 00:00:00
GIMP vulnerability
2011-09-22 00:00:00
CUPS vulnerabilities
2011-09-14 00:00:00
suse
suse
gimp to fix various issues (important)
2012-09-03 11:09:17
Security update for gimp (important)
2012-08-23 16:08:28
Security update for gimp (important)
2012-08-24 23:08:35
ubuntucve
ubuntucve
CVE-2012-3403
2012-08-25 00:00:00
CVE-2012-3481
2012-08-25 00:00:00
CVE-2011-3170
2011-08-19 00:00:00
debiancve
debiancve
CVE-2012-3403
2012-08-25 10:29:00
CVE-2012-3481
2012-08-25 10:29:00
CVE-2011-3170
2011-08-19 17:55:00
prion
prion
Heap overflow
2012-08-25 10:29:00
Integer overflow
2012-08-25 10:29:00
Heap overflow
2011-08-19 17:55:00
debian
debian
[SECURITY] [DSA 2813-1] gimp security update
2013-12-09 17:11:44
[SECURITY] [DSA 2354-1] cups security update
2011-11-30 17:39:49
[SECURITY] [DSA 2426-1] gimp security update
2012-03-06 18:46:58
cve
cve
CVE-2012-3403
2012-08-25 10:29:00
CVE-2012-3481
2012-08-25 10:29:00
CVE-2011-3170
2011-08-19 17:55:00
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 01:07:09
JSON
Related for ORACLELINUX_ELSA-2012-1180.NASL
nessus55centos2openvas70oraclelinux4redhat4fedora13securityvulns6kaspersky1osv2gentoo2ubuntu3suse4ubuntucve5debiancve5prion5debian3cve5veracode1