Debian DSA-4077-1 : gimp - security update

Medium Nessus Plugin ID 105499

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service (application crash) or potentially the execution of arbitrary code if malformed files are opened.

Solution

Upgrade the gimp packages.

For the oldstable distribution (jessie), these problems have been fixed in version 2.8.14-1+deb8u2.

For the stable distribution (stretch), these problems have been fixed in version 2.8.18-1+deb9u1.

See Also

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884836

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884837

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884862

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884925

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884927

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885347

https://security-tracker.debian.org/tracker/gimp

https://packages.debian.org/source/jessie/gimp

https://packages.debian.org/source/stretch/gimp

http://www.debian.org/security/2017/dsa-4077

Plugin Details

Severity: Medium

ID: 105499

File Name: debian_DSA-4077.nasl

Version: $Revision: 3.3 $

Type: local

Agent: unix

Published: 2018/01/02

Modified: 2018/01/29

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:gimp, cpe:/o:debian:debian_linux:8.0, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 2017/12/30

Reference Information

CVE: CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789

DSA: 4077