ID de Prueba:	1.3.6.1.4.1.25623.1.0.72187
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu USN-1559-1 (gimp)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to gimp announced via advisory USN-1559-1. Details: Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. (CVE-2012-3236) Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. (CVE-2012-3403) Matthias Weckbecker discovered that GIMP incorrectly handled malformed GIF image files. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. (CVE-2012-3481) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: gimp 2.6.12-1ubuntu1.1 Ubuntu 11.10: gimp 2.6.11-2ubuntu4.1 Ubuntu 11.04: gimp 2.6.11-1ubuntu6.3 Ubuntu 10.04 LTS: gimp 2.6.8-2ubuntu1.5 http://www.securityspace.com/smysecure/catid.html?in=USN-1559-1 CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3236 BugTraq ID: 54246 http://www.securityfocus.com/bid/54246 Bugtraq: 20120629 GIMP FIT File Format DoS (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-06/0192.html http://www.exploit-db.com/exploits/19482 http://www.mandriva.com/security/advisories?name=MDVSA-2013:082 http://www.reactionpenetrationtesting.co.uk/FIT-file-handling-dos.html SuSE Security Announcement: openSUSE-SU-2012:1080 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html http://www.ubuntu.com/usn/USN-1559-1 XForce ISS Database: gimp-fit-dos(76658) https://exchange.xforce.ibmcloud.com/vulnerabilities/76658 Common Vulnerability Exposure (CVE) ID: CVE-2012-3403 BugTraq ID: 55101 http://www.securityfocus.com/bid/55101 http://www.mandriva.com/security/advisories?name=MDVSA-2012:142 https://bugzilla.redhat.com/show_bug.cgi?id=839020 http://www.openwall.com/lists/oss-security/2012/08/20/7 RedHat Security Advisories: RHSA-2012:1180 http://rhn.redhat.com/errata/RHSA-2012-1180.html RedHat Security Advisories: RHSA-2012:1181 http://rhn.redhat.com/errata/RHSA-2012-1181.html http://www.securitytracker.com/id?1027411 http://secunia.com/advisories/50296 SuSE Security Announcement: SUSE-SU-2012:1029 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00020.html Common Vulnerability Exposure (CVE) ID: CVE-2012-3481 https://bugzilla.novell.com/show_bug.cgi?id=776572 https://bugzilla.redhat.com/show_bug.cgi?id=847303 http://www.openwall.com/lists/oss-security/2012/08/20/8 SuSE Security Announcement: SUSE-SU-2012:1038 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00023.html SuSE Security Announcement: openSUSE-SU-2012:1131 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.