CentOS Update for gimp CESA-2012:1181 centos5

###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for gimp CESA-2012:1181 centos5 
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "The GIMP (GNU Image Manipulation Program) is an image composition and
  editing program.

  Multiple integer overflow flaws, leading to heap-based buffer overflows,
  were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An
  attacker could create a specially-crafted PSD image file that, when opened,
  could cause the PSD plug-in to crash or, potentially, execute arbitrary
  code with the privileges of the user running the GIMP. (CVE-2009-3909,
  CVE-2012-3402)
  
  An integer overflow flaw, leading to a heap-based buffer overflow, was
  found in the GIMP's GIF image format plug-in. An attacker could create a
  specially-crafted GIF image file that, when opened, could cause the GIF
  plug-in to crash or, potentially, execute arbitrary code with the
  privileges of the user running the GIMP. (CVE-2012-3481)
  
  A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)
  decompression algorithm implementation used by the GIMP's GIF image format
  plug-in. An attacker could create a specially-crafted GIF image file that,
  when opened, could cause the GIF plug-in to crash or, potentially, execute
  arbitrary code with the privileges of the user running the GIMP.
  (CVE-2011-2896)
  
  A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file
  format plug-in. An attacker could create a specially-crafted KiSS palette
  file that, when opened, could cause the CEL plug-in to crash or,
  potentially, execute arbitrary code with the privileges of the user running
  the GIMP. (CVE-2012-3403)
  
  Red Hat would like to thank Secunia Research for reporting CVE-2009-3909,
  and Matthias Weckbecker of the SUSE Security Team for reporting
  CVE-2012-3481.
  
  Users of the GIMP are advised to upgrade to these updated packages, which
  contain backported patches to correct these issues. The GIMP must be
  restarted for the update to take effect.";

tag_affected = "gimp on CentOS 5";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2012-August/018809.html");
  script_id(881470);
  script_version("$Revision: 8249 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $");
  script_tag(name:"creation_date", value:"2012-08-21 11:44:31 +0530 (Tue, 21 Aug 2012)");
  script_cve_id("CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403",
                "CVE-2012-3481");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_xref(name: "CESA", value: "2012:1181");
  script_name("CentOS Update for gimp CESA-2012:1181 centos5 ");

  script_tag(name: "summary" , value: "Check for the Version of gimp");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "CentOS5")
{

  if ((res = isrpmvuln(pkg:"gimp", rpm:"gimp~2.2.13~2.0.7.el5_8.5", rls:"CentOS5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"gimp-devel", rpm:"gimp-devel~2.2.13~2.0.7.el5_8.5", rls:"CentOS5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"gimp-libs", rpm:"gimp-libs~2.2.13~2.0.7.el5_8.5", rls:"CentOS5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}