Skip to content

Security Advisory 中(Moderate):gimpのセキュリティアップデート

アップデートID:

RHSA-2007:0513-8

タイプ:Security Advisory
重大性:中/Moderate
発行日:2007年9月26日
最終更新日:2007年9月26日
影響のある製品: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: https://rhn.redhat.com/errata/RHSA-2007-0513.html
CVEs (cve.mitre.org): CVE-2006-4519
CVE-2007-2949
CVE-2007-3741


詳細

複数のセキュリティ問題を修正したgimpのアップデートパッケージがRed Hat Enterprise Linuxで利用可能になりました。

このアップデートは、レッドハットセキュリティ対策チームによって、深刻度「中(Moderate)」のセキュリティ問題と評価されています。

GIMP(GNU Image Manipulation Program)は、画像合成および編集プログラムです。

GIMPのイメージローダで、整数オーバーフローおよび入力検証の欠陥が複数見つかりました。攻撃者が巧妙に作成された画像ファイルを利用して、そのファイルが開かれた場合にGIMPをクラッシュさせたり、任意のコードを実行したりする可能性があります。(CVE-2006-4519、CVE-2007-2949、CVE-2007-3741)

GIMPのユーザは、これらの問題を修正するバックポート修正を含む上記エラータパッケージにアップグレードしてください。


解決法


このアップデートを適用する前に、ご使用のシステムに関係するリリース済みのエラータ/Errataがすべて適用されていることを確認してください。

このアップデートは、Red Hat Networkを通じて入手できます。


アップデートパッケージ

RHEL Desktop Workstation (v. 5 client)
IA-32:
gimp-devel-2.2.13-2.0.7.el5.i386.rpm     0571ba1905c43282dc605376c0caceb9
 
x86_64:
gimp-devel-2.2.13-2.0.7.el5.i386.rpm     0571ba1905c43282dc605376c0caceb9
gimp-devel-2.2.13-2.0.7.el5.x86_64.rpm     c5437efb940328d63aae7f9c8f3a9a18
 
Red Hat Desktop (v. 3)
SRPMS:
gimp-1.2.3-20.9.el3.src.rpm     ff0a4b1adc7398dbd32cff449a007f6e
 
IA-32:
gimp-1.2.3-20.9.el3.i386.rpm     1e11a248e1a93e2c4c5482d440baeab4
gimp-devel-1.2.3-20.9.el3.i386.rpm     0f6cb17d01f3a070c4fd492783199b22
gimp-perl-1.2.3-20.9.el3.i386.rpm     e2db5cc9c3920d816a993672ea7d4cc0
 
x86_64:
gimp-1.2.3-20.9.el3.x86_64.rpm     5c3d6d43390a2fca87e6f2bc18dee2cf
gimp-devel-1.2.3-20.9.el3.x86_64.rpm     e50ba94d499fa70ab83d7e5b35feb1c5
gimp-perl-1.2.3-20.9.el3.x86_64.rpm     82faaf7e8b6d287bf72d015ca913e345
 
Red Hat Desktop (v. 4)
SRPMS:
gimp-2.0.5-7.0.7.el4.src.rpm     29b119dac567ff6957e93c6af5f1393e
 
IA-32:
gimp-2.0.5-7.0.7.el4.i386.rpm     ff65a609cb31bc2dbcd5fe18e4fdaa29
gimp-devel-2.0.5-7.0.7.el4.i386.rpm     83be2b5ef0b4a416dd47918413f8c88e
 
x86_64:
gimp-2.0.5-7.0.7.el4.x86_64.rpm     c2cc217468539acabe0c1f021e8f95ed
gimp-devel-2.0.5-7.0.7.el4.x86_64.rpm     2466301e8fd7d671c9d08816f88e5b8c
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
gimp-2.2.13-2.0.7.el5.src.rpm     e9762d2684370941f8da59ef55c1325d
 
IA-32:
gimp-2.2.13-2.0.7.el5.i386.rpm     13f4de8f00c982d75cfcef265a295c6c
gimp-devel-2.2.13-2.0.7.el5.i386.rpm     0571ba1905c43282dc605376c0caceb9
gimp-libs-2.2.13-2.0.7.el5.i386.rpm     86193e8ca23c04ce03a99456a3aa97f6
 
IA-64:
gimp-2.2.13-2.0.7.el5.ia64.rpm     94dba1613843d19c9e3d5f0d504b3dc1
gimp-devel-2.2.13-2.0.7.el5.ia64.rpm     0df8010af56c53753a3e99809bd87f23
gimp-libs-2.2.13-2.0.7.el5.ia64.rpm     05807cb6139af39e2295145dd8b55eb7
 
PPC:
gimp-2.2.13-2.0.7.el5.ppc.rpm     32eda5a38a1faa00d7e2f1e14d08e1d0
gimp-devel-2.2.13-2.0.7.el5.ppc.rpm     05e418d3b9e787a6b87e05911fca3782
gimp-devel-2.2.13-2.0.7.el5.ppc64.rpm     8afc7a20cfdc440d96f9e74871de9b33
gimp-libs-2.2.13-2.0.7.el5.ppc.rpm     821deff7dd5b88521c78c92ada034e38
gimp-libs-2.2.13-2.0.7.el5.ppc64.rpm     74b4251c84c75b7d0c128440b859ad3f
 
s390x:
gimp-2.2.13-2.0.7.el5.s390x.rpm     c3585102b9367f33ed9d401ae475b49b
gimp-devel-2.2.13-2.0.7.el5.s390.rpm     347c0aa77abf4cf22bbebec7c88913da
gimp-devel-2.2.13-2.0.7.el5.s390x.rpm     75924fd3f7981035b9e536e7663dab38
gimp-libs-2.2.13-2.0.7.el5.s390.rpm     3ef7f1114669ded1b30d315719119879
gimp-libs-2.2.13-2.0.7.el5.s390x.rpm     398b07a8a4032709b07f3b144bbb504e
 
x86_64:
gimp-2.2.13-2.0.7.el5.x86_64.rpm     f2396f459c6cbdc33f9c2085a75a3684
gimp-devel-2.2.13-2.0.7.el5.i386.rpm     0571ba1905c43282dc605376c0caceb9
gimp-devel-2.2.13-2.0.7.el5.x86_64.rpm     c5437efb940328d63aae7f9c8f3a9a18
gimp-libs-2.2.13-2.0.7.el5.i386.rpm     86193e8ca23c04ce03a99456a3aa97f6
gimp-libs-2.2.13-2.0.7.el5.x86_64.rpm     24656d0a4b760ceec3a19242a3e8c105
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
gimp-1.2.1-7.8.el2_1.src.rpm     59eef4bdc5c0784f6b125c81deeabf2d
 
IA-32:
gimp-1.2.1-7.8.el2_1.i386.rpm     1f09d9a19e0423c1042bc828efaae701
gimp-devel-1.2.1-7.8.el2_1.i386.rpm     63b21eb4ef58cbef28b9fdcc30145a6a
gimp-perl-1.2.1-7.8.el2_1.i386.rpm     6a09b4872231e81b9bbfed7f28425258
 
IA-64:
gimp-1.2.1-7.8.el2_1.ia64.rpm     2ad9e3eadb1b011a4b770151275c59da
gimp-devel-1.2.1-7.8.el2_1.ia64.rpm     d2ec83106b855a498328bd384e905207
gimp-perl-1.2.1-7.8.el2_1.ia64.rpm     25bce223f500b351b281bbe0f1e45bc3
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
gimp-1.2.3-20.9.el3.src.rpm     ff0a4b1adc7398dbd32cff449a007f6e
 
IA-32:
gimp-1.2.3-20.9.el3.i386.rpm     1e11a248e1a93e2c4c5482d440baeab4
gimp-devel-1.2.3-20.9.el3.i386.rpm     0f6cb17d01f3a070c4fd492783199b22
gimp-perl-1.2.3-20.9.el3.i386.rpm     e2db5cc9c3920d816a993672ea7d4cc0
 
IA-64:
gimp-1.2.3-20.9.el3.ia64.rpm     78fc605c197072bdf9339bcca36cc894
gimp-devel-1.2.3-20.9.el3.ia64.rpm     7549bcea8cc5036a69b279734723224a
gimp-perl-1.2.3-20.9.el3.ia64.rpm     379a687860591ad2848c272c776acbcf
 
PPC:
gimp-1.2.3-20.9.el3.ppc.rpm     858543555b5272befbcebd2013b7e9fa
gimp-devel-1.2.3-20.9.el3.ppc.rpm     0b976bd945acaf32560b4208fc7d7fe6
gimp-perl-1.2.3-20.9.el3.ppc.rpm     9e1070a9f09f3a14f454cf87350131d6
 
s390:
gimp-1.2.3-20.9.el3.s390.rpm     8ae617b4c381bfca71296f70de45b938
gimp-devel-1.2.3-20.9.el3.s390.rpm     b081299ca2638905e860dd2ddcaeac13
gimp-perl-1.2.3-20.9.el3.s390.rpm     eb94a75d290ef67a7a3d14ae035d54cc
 
s390x:
gimp-1.2.3-20.9.el3.s390x.rpm     cb1ee414ff1f321dde875dbed33e69ab
gimp-devel-1.2.3-20.9.el3.s390x.rpm     cb68dfff782810cf89e575e829c8b672
gimp-perl-1.2.3-20.9.el3.s390x.rpm     02e5792892a5dcf805a615531a08f68a
 
x86_64:
gimp-1.2.3-20.9.el3.x86_64.rpm     5c3d6d43390a2fca87e6f2bc18dee2cf
gimp-devel-1.2.3-20.9.el3.x86_64.rpm     e50ba94d499fa70ab83d7e5b35feb1c5
gimp-perl-1.2.3-20.9.el3.x86_64.rpm     82faaf7e8b6d287bf72d015ca913e345
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
gimp-2.0.5-7.0.7.el4.src.rpm     29b119dac567ff6957e93c6af5f1393e
 
IA-32:
gimp-2.0.5-7.0.7.el4.i386.rpm     ff65a609cb31bc2dbcd5fe18e4fdaa29
gimp-devel-2.0.5-7.0.7.el4.i386.rpm     83be2b5ef0b4a416dd47918413f8c88e
 
IA-64:
gimp-2.0.5-7.0.7.el4.ia64.rpm     deff28a79ab88b50a49fbf986277bc6b
gimp-devel-2.0.5-7.0.7.el4.ia64.rpm     ce3a97092d6ac55083924a0ce2da931e
 
PPC:
gimp-2.0.5-7.0.7.el4.ppc.rpm     4ac04b1427f73033115de526b54744fd
gimp-devel-2.0.5-7.0.7.el4.ppc.rpm     87570cf7e7e396dbb4643ce34b5e0873
 
s390:
gimp-2.0.5-7.0.7.el4.s390.rpm     d23302820e658526adb3f367acdb0cf3
gimp-devel-2.0.5-7.0.7.el4.s390.rpm     f3c9c4edb60abb7fd3f95ac874284e84
 
s390x:
gimp-2.0.5-7.0.7.el4.s390x.rpm     ee2a5523901e29160136367a1a513459
gimp-devel-2.0.5-7.0.7.el4.s390x.rpm     c7948bac98dd63514e520161d79446e5
 
x86_64:
gimp-2.0.5-7.0.7.el4.x86_64.rpm     c2cc217468539acabe0c1f021e8f95ed
gimp-devel-2.0.5-7.0.7.el4.x86_64.rpm     2466301e8fd7d671c9d08816f88e5b8c
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
gimp-2.2.13-2.0.7.el5.src.rpm     e9762d2684370941f8da59ef55c1325d
 
IA-32:
gimp-2.2.13-2.0.7.el5.i386.rpm     13f4de8f00c982d75cfcef265a295c6c
gimp-libs-2.2.13-2.0.7.el5.i386.rpm     86193e8ca23c04ce03a99456a3aa97f6
 
x86_64:
gimp-2.2.13-2.0.7.el5.x86_64.rpm     f2396f459c6cbdc33f9c2085a75a3684
gimp-libs-2.2.13-2.0.7.el5.i386.rpm     86193e8ca23c04ce03a99456a3aa97f6
gimp-libs-2.2.13-2.0.7.el5.x86_64.rpm     24656d0a4b760ceec3a19242a3e8c105
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
gimp-1.2.1-7.8.el2_1.src.rpm     59eef4bdc5c0784f6b125c81deeabf2d
 
IA-32:
gimp-1.2.1-7.8.el2_1.i386.rpm     1f09d9a19e0423c1042bc828efaae701
gimp-devel-1.2.1-7.8.el2_1.i386.rpm     63b21eb4ef58cbef28b9fdcc30145a6a
gimp-perl-1.2.1-7.8.el2_1.i386.rpm     6a09b4872231e81b9bbfed7f28425258
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
gimp-1.2.3-20.9.el3.src.rpm     ff0a4b1adc7398dbd32cff449a007f6e
 
IA-32:
gimp-1.2.3-20.9.el3.i386.rpm     1e11a248e1a93e2c4c5482d440baeab4
gimp-devel-1.2.3-20.9.el3.i386.rpm     0f6cb17d01f3a070c4fd492783199b22
gimp-perl-1.2.3-20.9.el3.i386.rpm     e2db5cc9c3920d816a993672ea7d4cc0
 
IA-64:
gimp-1.2.3-20.9.el3.ia64.rpm     78fc605c197072bdf9339bcca36cc894
gimp-devel-1.2.3-20.9.el3.ia64.rpm     7549bcea8cc5036a69b279734723224a
gimp-perl-1.2.3-20.9.el3.ia64.rpm     379a687860591ad2848c272c776acbcf
 
x86_64:
gimp-1.2.3-20.9.el3.x86_64.rpm     5c3d6d43390a2fca87e6f2bc18dee2cf
gimp-devel-1.2.3-20.9.el3.x86_64.rpm     e50ba94d499fa70ab83d7e5b35feb1c5
gimp-perl-1.2.3-20.9.el3.x86_64.rpm     82faaf7e8b6d287bf72d015ca913e345
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
gimp-2.0.5-7.0.7.el4.src.rpm     29b119dac567ff6957e93c6af5f1393e
 
IA-32:
gimp-2.0.5-7.0.7.el4.i386.rpm     ff65a609cb31bc2dbcd5fe18e4fdaa29
gimp-devel-2.0.5-7.0.7.el4.i386.rpm     83be2b5ef0b4a416dd47918413f8c88e
 
IA-64:
gimp-2.0.5-7.0.7.el4.ia64.rpm     deff28a79ab88b50a49fbf986277bc6b
gimp-devel-2.0.5-7.0.7.el4.ia64.rpm     ce3a97092d6ac55083924a0ce2da931e
 
x86_64:
gimp-2.0.5-7.0.7.el4.x86_64.rpm     c2cc217468539acabe0c1f021e8f95ed
gimp-devel-2.0.5-7.0.7.el4.x86_64.rpm     2466301e8fd7d671c9d08816f88e5b8c
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
gimp-1.2.1-7.8.el2_1.src.rpm     59eef4bdc5c0784f6b125c81deeabf2d
 
IA-32:
gimp-1.2.1-7.8.el2_1.i386.rpm     1f09d9a19e0423c1042bc828efaae701
gimp-devel-1.2.1-7.8.el2_1.i386.rpm     63b21eb4ef58cbef28b9fdcc30145a6a
gimp-perl-1.2.1-7.8.el2_1.i386.rpm     6a09b4872231e81b9bbfed7f28425258
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
gimp-1.2.3-20.9.el3.src.rpm     ff0a4b1adc7398dbd32cff449a007f6e
 
IA-32:
gimp-1.2.3-20.9.el3.i386.rpm     1e11a248e1a93e2c4c5482d440baeab4
gimp-devel-1.2.3-20.9.el3.i386.rpm     0f6cb17d01f3a070c4fd492783199b22
gimp-perl-1.2.3-20.9.el3.i386.rpm     e2db5cc9c3920d816a993672ea7d4cc0
 
IA-64:
gimp-1.2.3-20.9.el3.ia64.rpm     78fc605c197072bdf9339bcca36cc894
gimp-devel-1.2.3-20.9.el3.ia64.rpm     7549bcea8cc5036a69b279734723224a
gimp-perl-1.2.3-20.9.el3.ia64.rpm     379a687860591ad2848c272c776acbcf
 
x86_64:
gimp-1.2.3-20.9.el3.x86_64.rpm     5c3d6d43390a2fca87e6f2bc18dee2cf
gimp-devel-1.2.3-20.9.el3.x86_64.rpm     e50ba94d499fa70ab83d7e5b35feb1c5
gimp-perl-1.2.3-20.9.el3.x86_64.rpm     82faaf7e8b6d287bf72d015ca913e345
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
gimp-2.0.5-7.0.7.el4.src.rpm     29b119dac567ff6957e93c6af5f1393e
 
IA-32:
gimp-2.0.5-7.0.7.el4.i386.rpm     ff65a609cb31bc2dbcd5fe18e4fdaa29
gimp-devel-2.0.5-7.0.7.el4.i386.rpm     83be2b5ef0b4a416dd47918413f8c88e
 
IA-64:
gimp-2.0.5-7.0.7.el4.ia64.rpm     deff28a79ab88b50a49fbf986277bc6b
gimp-devel-2.0.5-7.0.7.el4.ia64.rpm     ce3a97092d6ac55083924a0ce2da931e
 
x86_64:
gimp-2.0.5-7.0.7.el4.x86_64.rpm     c2cc217468539acabe0c1f021e8f95ed
gimp-devel-2.0.5-7.0.7.el4.x86_64.rpm     2466301e8fd7d671c9d08816f88e5b8c
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
gimp-1.2.1-7.8.el2_1.src.rpm     59eef4bdc5c0784f6b125c81deeabf2d
 
IA-64:
gimp-1.2.1-7.8.el2_1.ia64.rpm     2ad9e3eadb1b011a4b770151275c59da
gimp-devel-1.2.1-7.8.el2_1.ia64.rpm     d2ec83106b855a498328bd384e905207
gimp-perl-1.2.1-7.8.el2_1.ia64.rpm     25bce223f500b351b281bbe0f1e45bc3
 
(The unlinked packages above are only available from the Red Hat Network)


バグフィックス (詳細は、bugzilla/バグジラ[英語]を御覧ください。)

244400 - CVE-2007-2949 Gimp PSD integer overflow
247565 - CVE-2006-4519 GIMP multiple image loader integer overflows
248053 - CVE-2007-3741 Gimp image loader multiple input validation flaws


参照


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3741
http://www.redhat.com/security/updates/classification/#moderate


ここに在るパッケージはセキュリティの為、Red Hat, Inc. によって、GPG認証されています。
認証キー及び詳細は以下を御覧下さい。
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/