Updated gimp packages fix security vulnerabilities
Publication date: 06 Jun 2018Modification date: 06 Jun 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-17784 , CVE-2017-17785 , CVE-2017-17786 , CVE-2017-17787 , CVE-2017-17788 , CVE-2017-17789
Description
Updated gimp packages fix security vulnerabilities:
Several vulnerabilities were discovered in GIMP which could result in denial of
service (application crash) or potentially the execution of arbitrary code if
malformed files are opened (CVE-2017-17784, CVE-2017-17785, CVE-2017-17786,
CVE-2017-17787, CVE-2017-17788, CVE-2017-17789).
Also, the webkit1-based help browser plugin has been disabled in favor of using
an external browser for the help pages. This is due to security issues in
webkit.
References
- https://bugs.mageia.org/show_bug.cgi?id=22252
- https://www.debian.org/security/2017/dsa-4077
- https://lists.opensuse.org/opensuse-updates/2018-01/msg00014.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17788
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789
SRPMS
6/core
- gimp-2.8.22-1.2.mga6