9.3 - RHSA-2012:1181

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	gimp security update

Informations
Name	RHSA-2012:1181	First vendor Publication	2012-08-20
Vendor	RedHat	Last vendor Modification	2012-08-20
Severity (Vendor)	Moderate	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The GIMP (GNU Image Manipulation Program) is an image composition and editing program.

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-3909, CVE-2012-3402)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481)

A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896)

A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403)

Red Hat would like to thank Secunia Research for reporting CVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for reporting CVE-2012-3481.

Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

537370 - CVE-2009-3909 Gimp: Integer overflow in the PSD image file plugin 727800 - CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow 838941 - CVE-2012-3402 gimp (PSD plug-in): Heap-buffer overflow by decoding certain PSD headers 839020 - CVE-2012-3403 gimp (CEL plug-in): heap buffer overflow when loading external palette files 847303 - CVE-2012-3481 Gimp (GIF plug-in): Heap-based buffer overflow by loading certain GIF images

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2012-1181.html

CWE : Common Weakness Enumeration

%	Id	Name
60 %	CWE-190	Integer Overflow or Wraparound (CWE/SANS Top 25)
40 %	CWE-787	Out-of-bounds Write (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13677

Oval ID:	oval:org.mitre.oval:def:13677
Title:	USN-880-1 -- gimp vulnerabilities
Description:	Stefan Cornelius discovered that GIMP did not correctly handle certain malformed BMP files. If a user were tricked into opening a specially crafted BMP file, an attacker could execute arbitrary code with the user�s privileges. Stefan Cornelius discovered that GIMP did not correctly handle certain malformed PSD files. If a user were tricked into opening a specially crafted PSD file, an attacker could execute arbitrary code with the user�s privileges. This issue only applied to Ubuntu 8.10, 9.04 and 9.10
Family:	unix	Class:	patch
Reference(s):	USN-880-1 CVE-2009-1570 CVE-2009-3909	Version:	5
Platform(s):	Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 9.04	Product(s):	gimp
Definition Synopsis:
Release section Ubuntu 8.04 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section libgimp2.0-doc DPKG is earlier than 2.4.5-1ubuntu2.1 AND gimp-data DPKG is earlier than 2.4.5-1ubuntu2.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libgimp2.0 DPKG is earlier than 2.4.5-1ubuntu2.1 AND gimp-libcurl DPKG is earlier than 2.4.5-1ubuntu2.1 AND gimp-python DPKG is earlier than 2.4.5-1ubuntu2.1 AND gimp-dbg DPKG is earlier than 2.4.5-1ubuntu2.1 AND libgimp2.0-dev DPKG is earlier than 2.4.5-1ubuntu2.1 AND gimp-gnomevfs DPKG is earlier than 2.4.5-1ubuntu2.1 AND gimp DPKG is earlier than 2.4.5-1ubuntu2.1 OR Release section Ubuntu 8.10 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section libgimp2.0-doc DPKG is earlier than 2.6.1-1ubuntu3.1 AND gimp-data DPKG is earlier than 2.6.1-1ubuntu3.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section gimp-dbg DPKG is earlier than 2.6.1-1ubuntu3.1 AND libgimp2.0-dev DPKG is earlier than 2.6.1-1ubuntu3.1 AND libgimp2.0 DPKG is earlier than 2.6.1-1ubuntu3.1 AND gimp DPKG is earlier than 2.6.1-1ubuntu3.1 OR Release section Ubuntu 9.10 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section libgimp2.0-doc DPKG is earlier than 2.6.7-1ubuntu1.1 AND gimp-data DPKG is earlier than 2.6.7-1ubuntu1.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section gimp-dbg DPKG is earlier than 2.6.7-1ubuntu1.1 AND libgimp2.0-dev DPKG is earlier than 2.6.7-1ubuntu1.1 AND libgimp2.0 DPKG is earlier than 2.6.7-1ubuntu1.1 AND gimp DPKG is earlier than 2.6.7-1ubuntu1.1 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section libgimp2.0-doc DPKG is earlier than 2.6.6-0ubuntu1.1 AND gimp-data DPKG is earlier than 2.6.6-0ubuntu1.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section gimp-dbg DPKG is earlier than 2.6.6-0ubuntu1.1 AND libgimp2.0-dev DPKG is earlier than 2.6.6-0ubuntu1.1 AND libgimp2.0 DPKG is earlier than 2.6.6-0ubuntu1.1 AND gimp DPKG is earlier than 2.6.6-0ubuntu1.1

Definition Id: oval:org.mitre.oval:def:15350

Oval ID:	oval:org.mitre.oval:def:15350
Title:	DSA-2426-1 gimp -- several
Description:	Several vulnerabilities have been identified in GIMP, the GNU Image Manipulation Program. CVE-2010-4540 Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Position field in a plugin configuration file. CVE-2010-4541 Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. CVE-2010-4542 Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in in the GFIG plugin allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. CVE-2010-4543 Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro plugin allows remote attackers to cause a denial of service or possibly execute arbitrary code via a PSP_COMP_RLE image file that begins a long run count at the end of the image. CVE-2011-1782 The correction for CVE-2010-4543 was incomplete. CVE-2011-2896 The LZW decompressor in the LZWReadByte function in plug-ins/common/file-gif-load.c does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream.
Family:	unix	Class:	patch
Reference(s):	DSA-2426-1 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-1782 CVE-2011-2896	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	gimp
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND Installed architecture is all AND gimp DPKG is earlier than 2.6.10-1+squeeze3

Definition Id: oval:org.mitre.oval:def:18090

Oval ID:	oval:org.mitre.oval:def:18090
Title:	USN-1559-1 -- gimp vulnerabilities
Description:	GIMP could be made to crash or run programs as your login if it opened a specially crafted file.
Family:	unix	Class:	patch
Reference(s):	USN-1559-1 CVE-2012-3236 CVE-2012-3403 CVE-2012-3481	Version:	7
Platform(s):	Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04	Product(s):	gimp
Definition Synopsis:
Release section Ubuntu 12.04 is installed AND gimp DPKG is earlier than 2.6.12-1ubuntu1.1 AND Release section Ubuntu 11.10 is installed AND gimp DPKG is earlier than 2.6.11-2ubuntu4.1 AND Release section Ubuntu 11.04 is installed AND gimp DPKG is earlier than 2.6.11-1ubuntu6.3 AND Release section Ubuntu 10.04 is installed AND gimp DPKG is earlier than 2.6.8-2ubuntu1.5

Definition Id: oval:org.mitre.oval:def:20952

Oval ID:	oval:org.mitre.oval:def:20952
Title:	RHSA-2012:1181: gimp security update (Moderate)
Description:	Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:1181-00 CESA-2012:1181 CVE-2009-3909 CVE-2011-2896 CVE-2012-3402 CVE-2012-3403 CVE-2012-3481	Version:	68
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	gimp
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section gimp-libs is earlier than 2:2.2.13-2.0.7.el5_8.5 AND gimp-devel is earlier than 2:2.2.13-2.0.7.el5_8.5 AND gimp is earlier than 2:2.2.13-2.0.7.el5_8.5

Definition Id: oval:org.mitre.oval:def:21028

Oval ID:	oval:org.mitre.oval:def:21028
Title:	USN-1214-1 -- gimp vulnerability
Description:	GIMP could be made to run programs as your login if it opened a specially crafted GIF file.
Family:	unix	Class:	patch
Reference(s):	USN-1214-1 CVE-2011-2896	Version:	5
Platform(s):	Ubuntu 11.04 Ubuntu 10.10 Ubuntu 10.04	Product(s):	gimp
Definition Synopsis:
Ubuntu 11.04 release section Ubuntu 11.04 is installed AND gimp DPKG is earlier than 0:2.6.11-1ubuntu6.2 AND Ubuntu 10.10 release section Ubuntu 10.10 is installed AND gimp DPKG is earlier than 0:2.6.10-1ubuntu3.4 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed AND gimp DPKG is earlier than 0:2.6.8-2ubuntu1.4

Definition Id: oval:org.mitre.oval:def:21320

Oval ID:	oval:org.mitre.oval:def:21320
Title:	RHSA-2012:0302: cups security and bug fix update (Low)
Description:	The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:0302-03 CVE-2011-2896	Version:	4
Platform(s):	Red Hat Enterprise Linux 5	Product(s):	cups
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section cups-lpd is earlier than 1:1.3.7-30.el5 AND cups-libs is earlier than 1:1.3.7-30.el5 AND cups-devel is earlier than 1:1.3.7-30.el5 AND cups is earlier than 1:1.3.7-30.el5

Definition Id: oval:org.mitre.oval:def:21603

Oval ID:	oval:org.mitre.oval:def:21603
Title:	RHSA-2012:1180: gimp security update (Moderate)
Description:	Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:1180-01 CESA-2012:1180 CVE-2011-2896 CVE-2012-3403 CVE-2012-3481	Version:	42
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	gimp
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section gimp-libs is earlier than 2:2.6.9-4.el6_3.3 AND gimp-devel is earlier than 2:2.6.9-4.el6_3.3 AND gimp-help-browser is earlier than 2:2.6.9-4.el6_3.3 AND gimp is earlier than 2:2.6.9-4.el6_3.3 AND gimp-devel-tools is earlier than 2:2.6.9-4.el6_3.3

Definition Id: oval:org.mitre.oval:def:23080

Oval ID:	oval:org.mitre.oval:def:23080
Title:	ELSA-2012:0302: cups security and bug fix update (Low)
Description:	The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:0302-03 CVE-2011-2896	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	cups
Definition Synopsis:
Oracle Linux 5.x rpm test cups-lpd is earlier than 1:1.3.7-30.el5 AND cups-libs is earlier than 1:1.3.7-30.el5 AND cups-devel is earlier than 1:1.3.7-30.el5 AND cups is earlier than 1:1.3.7-30.el5

Definition Id: oval:org.mitre.oval:def:23104

Oval ID:	oval:org.mitre.oval:def:23104
Title:	ELSA-2012:1181: gimp security update (Moderate)
Description:	Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1181-00 CVE-2009-3909 CVE-2011-2896 CVE-2012-3402 CVE-2012-3403 CVE-2012-3481	Version:	25
Platform(s):	Oracle Linux 5	Product(s):	gimp
Definition Synopsis:
Oracle Linux 5.x rpm test gimp-libs is earlier than 2:2.2.13-2.0.7.el5_8.5 AND gimp-devel is earlier than 2:2.2.13-2.0.7.el5_8.5 AND gimp is earlier than 2:2.2.13-2.0.7.el5_8.5

Definition Id: oval:org.mitre.oval:def:23466

Oval ID:	oval:org.mitre.oval:def:23466
Title:	ELSA-2012:1180: gimp security update (Moderate)
Description:	Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1180-01 CVE-2011-2896 CVE-2012-3403 CVE-2012-3481	Version:	17
Platform(s):	Oracle Linux 6	Product(s):	gimp
Definition Synopsis:
Oracle Linux 6.x rpm test gimp-libs is earlier than 2:2.6.9-4.el6_3.3 AND gimp-devel is earlier than 2:2.6.9-4.el6_3.3 AND gimp-help-browser is earlier than 2:2.6.9-4.el6_3.3 AND gimp is earlier than 2:2.6.9-4.el6_3.3 AND gimp-devel-tools is earlier than 2:2.6.9-4.el6_3.3

Definition Id: oval:org.mitre.oval:def:27046

Oval ID:	oval:org.mitre.oval:def:27046
Title:	RHSA-2011:1635 -- cups security and bug fix update (Low)
Description:	The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the "lp" user. (CVE-2011-2896) These updated cups packages also provide fixes for the following bugs: * Previously CUPS was not correctly handling the language setting LANG=en_US.ASCII. As a consequence lpadmin, lpstat and lpinfo binaries were not displaying any output when the LANG=en_US.ASCII environment variable was used. As a result of this update the problem is fixed and the expected output is now displayed. (BZ#681836) * Previously the scheduler did not check for empty values of several configuration directives. As a consequence it was possible for the CUPS daemon (cupsd) to crash when a configuration file contained certain empty values. With this update the problem is fixed and cupsd no longer crashes when reading such a configuration file. (BZ#706673) * Previously when printing to a raw print queue, when using certain printer models, CUPS was incorrectly sending SNMP queries. As a consequence there was a noticeable 4-second delay between queueing the job and the start of printing. With this update the problem is fixed and CUPS no longer tries to collect SNMP supply and status information for raw print queues. (BZ#709896) * Previously when using the BrowsePoll directive it could happen that the CUPS printer polling daemon (cups-polld) began polling before the network interfaces were set up after a system boot. CUPS was then caching the failed hostname lookup. As a consequence no printers were found and the error, "Host name lookup failure", was logged. With this update the code that re-initializes the resolver after failure in cups-polld is fixed and as a result CUPS will obtain the correct network settings to use in printer discovery. (BZ#712430) * The MaxJobs directive controls the maximum number of print jobs that are kept in memory. Previously, once the number of jobs reached the limit, the CUPS system failed to automatically purge the data file associated with the oldest completed job from the system in order to make room for a new print job. This bug has been fixed, and the jobs beyond the set limit are now properly purged. (BZ#735505) * The cups init script (/etc/rc.d/init.d/cups) uses the daemon function (from /etc/rc.d/init.d/functions) to start the cups process, but previously it did not source a configuration file from the /etc/sysconfig/ directory. As a consequence, it was difficult to cleanly set the nice level or cgroup for the cups daemon by setting the NICELEVEL or CGROUP_DAEMON variables. With this update, the init script is fixed. (BZ#744791) All users of CUPS are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the cupsd daemon will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:1635 CVE-2011-2896	Version:	3
Platform(s):	Red Hat Enterprise Linux 6	Product(s):	cups
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 6 Packages match section cups is earlier than 0:1.4.2-44.el6 AND cups-debuginfo is earlier than 0:1.4.2-44.el6 AND cups-devel is earlier than 0:1.4.2-44.el6 AND cups-libs is earlier than 0:1.4.2-44.el6 AND cups-lpd is earlier than 0:1.4.2-44.el6 AND cups-php is earlier than 0:1.4.2-44.el6

Definition Id: oval:org.mitre.oval:def:27680

Oval ID:	oval:org.mitre.oval:def:27680
Title:	DEPRECATED: ELSA-2012-0302 -- cups security and bug fix update (low)
Description:	[1:1.3.7-30] - Backported patch to fix transcoding for ASCII (bug #759081, STR #3832). [1:1.3.7-29] - The imageto* filters could crash with bad GIF files (CVE-2011-2896, STR #3867, STR #3914, bug #752118). [1:1.3.7-28] - Web interface didn't show completed jobs for printer (STR #3436, bug #625900) - Serial backend didn't allow a raw job to be canceled (STR #3649, bug #625955) - Fixed condition in textonly filter to create temporary file regardless of the number of copies specified. (bug #660518) [1:1.3.7-27] - Call avc_init() only once to not leak file descriptors (bug #668009).
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-0302 CVE-2011-2896	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	cups
Definition Synopsis:
Oracle Linux 5.x Packages match section cups is earlier than 0:1.3.7-30.el5 AND cups-devel is earlier than 0:1.3.7-30.el5 AND cups-libs is earlier than 0:1.3.7-30.el5 AND cups-lpd is earlier than 0:1.3.7-30.el5

Definition Id: oval:org.mitre.oval:def:27752

Oval ID:	oval:org.mitre.oval:def:27752
Title:	DEPRECATED: ELSA-2012-1181 -- gimp security update (moderate)
Description:	[2:2.2.13-2.0.7.el5_8.5] - fix overflow in GIF loader (CVE-2012-3481) [2:2.2.13-2.0.7.el5_8.4] - fix overflows in PSD plugin (CVE-2009-3909, CVE-2012-3402) - fix heap corruption and overflow in GIF plug-in (CVE-2011-2896) - fix overflow in CEL plug-in (CVE-2012-3403)
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-1181 CVE-2009-3909 CVE-2012-3402 CVE-2012-3403 CVE-2012-3481 CVE-2011-2896	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	gimp
Definition Synopsis:
Oracle Linux 5.x Packages match section gimp is earlier than 0:2.2.13-2.0.7.el5_8.5 AND gimp-devel is earlier than 0:2.2.13-2.0.7.el5_8.5 AND gimp-libs is earlier than 0:2.2.13-2.0.7.el5_8.5

Definition Id: oval:org.mitre.oval:def:27838

Oval ID:	oval:org.mitre.oval:def:27838
Title:	DEPRECATED: ELSA-2012-1180 -- gimp security update (moderate)
Description:	[2:2.6.9-4.3] - fix overflow in GIF loader (#847303) [2:2.6.9-4.2] - fix overflows in GIF, CEL loaders (#727800, #839020)
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-1180 CVE-2012-3403 CVE-2012-3481 CVE-2011-2896	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	gimp
Definition Synopsis:
Oracle Linux 6.x Packages match section gimp is earlier than 0:2.6.9-4.el6_3.3 AND gimp-devel is earlier than 0:2.6.9-4.el6_3.3 AND gimp-devel-tools is earlier than 0:2.6.9-4.el6_3.3 AND gimp-help-browser is earlier than 0:2.6.9-4.el6_3.3 AND gimp-libs is earlier than 0:2.6.9-4.el6_3.3

Definition Id: oval:org.mitre.oval:def:28007

Oval ID:	oval:org.mitre.oval:def:28007
Title:	ELSA-2011-1635 -- cups security and bug fix update (low)
Description:	[1.4.2-44] - Init script should source /etc/sysconfig/cups (bug #744791) [1.4.2-43] - The scheduler might leave old job data files in the spool directory (STR #3795, STR #3880, bug #735505). [1.4.2-42] - A further fix for imageto* filters crashing with bad GIF files (STR #3914, bug #714118). [1.4.2-41] - The imageto* filters could crash with bad GIF files (STR #3867, bug #714118). [1.4.2-40] - Map ASCII to ISO-8859-1 in the transcoding code (STR #3832, bug #681836). - Check for empty values for some configuration directives (STR #3861, bug #706673). - The network backends no longer try to collect SNMP supply and status information for raw queues (STR #3809, bug #709896). - Handle EAI_NONAME when resolving hostnames (bug #712430).
Family:	unix	Class:	patch
Reference(s):	ELSA-2011-1635 CVE-2011-2896	Version:	3
Platform(s):	Oracle Linux 6	Product(s):	cups
Definition Synopsis:
Oracle Linux 6.x Packages match section cups is earlier than 0:1.4.2-44.el6 AND cups-devel is earlier than 0:1.4.2-44.el6 AND cups-libs is earlier than 0:1.4.2-44.el6 AND cups-lpd is earlier than 0:1.4.2-44.el6 AND cups-php is earlier than 0:1.4.2-44.el6

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apple Cups cpe:2.3:a:apple:cups:1.4.6:::::::* cpe:2.3:a:apple:cups:1.4.5:::::::* cpe:2.3:a:apple:cups:1.4.4:::::::* cpe:2.3:a:apple:cups:1.4.3:::::::* cpe:2.3:a:apple:cups:1.4.2:::::::* cpe:2.3:a:apple:cups:1.4.1:::::::* cpe:2.3:a:apple:cups:1.4.0:::::::* cpe:2.3:a:apple:cups:1.4:b1:::::: cpe:2.3:a:apple:cups:1.4:b2:::::: cpe:2.3:a:apple:cups:1.4:rc1:::::: cpe:2.3:a:apple:cups:1.4:b3:::::: cpe:2.3:a:apple:cups:1.3.9:::::::* cpe:2.3:a:apple:cups:1.3.8:::::::* cpe:2.3:a:apple:cups:1.3.7:::::::* cpe:2.3:a:apple:cups:1.3.6:::::::* cpe:2.3:a:apple:cups:1.3.5:::::::* cpe:2.3:a:apple:cups:1.3.4:::::::* cpe:2.3:a:apple:cups:1.3.3:::::::* cpe:2.3:a:apple:cups:1.3.2:::::::* cpe:2.3:a:apple:cups:1.3.11:::::::* cpe:2.3:a:apple:cups:1.3.10:::::::* cpe:2.3:a:apple:cups:1.3.1:::::::* cpe:2.3:a:apple:cups:1.3.0:::::::* cpe:2.3:a:apple:cups:1.3:rc1:::::: cpe:2.3:a:apple:cups:1.3:b1:::::: cpe:2.3:a:apple:cups:1.3:rc2:::::: cpe:2.3:a:apple:cups:1.2.9:::::::* cpe:2.3:a:apple:cups:1.2.8:::::::* cpe:2.3:a:apple:cups:1.2.7:::::::* cpe:2.3:a:apple:cups:1.2.6:::::::* cpe:2.3:a:apple:cups:1.2.5:::::::* cpe:2.3:a:apple:cups:1.2.4:::::::* cpe:2.3:a:apple:cups:1.2.3:::::::* cpe:2.3:a:apple:cups:1.2.2:::::::* cpe:2.3:a:apple:cups:1.2.12:::::::* cpe:2.3:a:apple:cups:1.2.11:::::::* cpe:2.3:a:apple:cups:1.2.10:::::::* cpe:2.3:a:apple:cups:1.2.1:::::::* cpe:2.3:a:apple:cups:1.2.0:::::::* cpe:2.3:a:apple:cups:1.2:b1:::::: cpe:2.3:a:apple:cups:1.2:b2:::::: cpe:2.3:a:apple:cups:1.2:rc3:::::: cpe:2.3:a:apple:cups:1.2:rc2:::::: cpe:2.3:a:apple:cups:1.2:rc1:::::: cpe:2.3:a:apple:cups:1.1.9-1:::::::* cpe:2.3:a:apple:cups:1.1.9:::::::* cpe:2.3:a:apple:cups:1.1.8:::::::* cpe:2.3:a:apple:cups:1.1.7:::::::* cpe:2.3:a:apple:cups:1.1.6-3:::::::* cpe:2.3:a:apple:cups:1.1.6-2:::::::* cpe:2.3:a:apple:cups:1.1.6-1:::::::* cpe:2.3:a:apple:cups:1.1.6:::::::* cpe:2.3:a:apple:cups:1.1.5-2:::::::* cpe:2.3:a:apple:cups:1.1.5-1:::::::* cpe:2.3:a:apple:cups:1.1.5:::::::* cpe:2.3:a:apple:cups:1.1.4:::::::* cpe:2.3:a:apple:cups:1.1.3:::::::* cpe:2.3:a:apple:cups:1.1.23:rc1:::::: cpe:2.3:a:apple:cups:1.1.23:::::::* cpe:2.3:a:apple:cups:1.1.22:::::::* cpe:2.3:a:apple:cups:1.1.22:rc1:::::: cpe:2.3:a:apple:cups:1.1.22:rc2:::::: cpe:2.3:a:apple:cups:1.1.21:rc2:::::: cpe:2.3:a:apple:cups:1.1.21:rc1:::::: cpe:2.3:a:apple:cups:1.1.21:::::::* cpe:2.3:a:apple:cups:1.1.21:-:::::: cpe:2.3:a:apple:cups:1.1.20:rc3:::::: cpe:2.3:a:apple:cups:1.1.20:::::::* cpe:2.3:a:apple:cups:1.1.20:rc5:::::: cpe:2.3:a:apple:cups:1.1.20:rc4:::::: cpe:2.3:a:apple:cups:1.1.20:rc2:::::: cpe:2.3:a:apple:cups:1.1.20:rc1:::::: cpe:2.3:a:apple:cups:1.1.20:rc6:::::: cpe:2.3:a:apple:cups:1.1.2:::::::* cpe:2.3:a:apple:cups:1.1.19:rc1:::::: cpe:2.3:a:apple:cups:1.1.19:rc3:::::: cpe:2.3:a:apple:cups:1.1.19:rc2:::::: cpe:2.3:a:apple:cups:1.1.19:rc5:::::: cpe:2.3:a:apple:cups:1.1.19:rc4:::::: cpe:2.3:a:apple:cups:1.1.19:::::::* cpe:2.3:a:apple:cups:1.1.18:::::::* cpe:2.3:a:apple:cups:1.1.17:::::::* cpe:2.3:a:apple:cups:1.1.16:::::::* cpe:2.3:a:apple:cups:1.1.15:::::::* cpe:2.3:a:apple:cups:1.1.14:::::::* cpe:2.3:a:apple:cups:1.1.13:::::::* cpe:2.3:a:apple:cups:1.1.12:::::::* cpe:2.3:a:apple:cups:1.1.11:::::::* cpe:2.3:a:apple:cups:1.1.10-1:::::::* cpe:2.3:a:apple:cups:1.1.10:::::::* cpe:2.3:a:apple:cups:1.1.1:::::::* cpe:2.3:a:apple:cups:1.1:::::::* cpe:2.3:a:apple:cups:::::::: cpe:2.3:a:apple:cups:-:::::::*	94
Application	Gimp cpe:2.3:a:gimp:gimp:2.6.9:::::::* cpe:2.3:a:gimp:gimp:2.6.8:::::::* cpe:2.3:a:gimp:gimp:2.6.7:::::::* cpe:2.3:a:gimp:gimp:2.6.6:::::::* cpe:2.3:a:gimp:gimp:2.6.5:::::::* cpe:2.3:a:gimp:gimp:2.6.4:::::::* cpe:2.3:a:gimp:gimp:2.6.3:::::::* cpe:2.3:a:gimp:gimp:2.6.2:::::::* cpe:2.3:a:gimp:gimp:2.6.13:::::::* cpe:2.3:a:gimp:gimp:2.6.12:::::::* cpe:2.3:a:gimp:gimp:2.6.11:::::::* cpe:2.3:a:gimp:gimp:2.6.10:::::::* cpe:2.3:a:gimp:gimp:2.6.1:::::::* cpe:2.3:a:gimp:gimp:2.6.0:::::::* cpe:2.3:a:gimp:gimp:2.4.7:::::::* cpe:2.3:a:gimp:gimp:2.4.6:::::::* cpe:2.3:a:gimp:gimp:2.4.5:::::::* cpe:2.3:a:gimp:gimp:2.4.4:::::::* cpe:2.3:a:gimp:gimp:2.4.3:::::::* cpe:2.3:a:gimp:gimp:2.4.2:::::::* cpe:2.3:a:gimp:gimp:2.4.1:::::::* cpe:2.3:a:gimp:gimp:2.4.0:::::::* cpe:2.3:a:gimp:gimp:2.2.4:::::::* cpe:2.3:a:gimp:gimp:2.2.3:::::::* cpe:2.3:a:gimp:gimp:2.2.14:::::::* cpe:2.3:a:gimp:gimp:2.2.13:::::::* cpe:2.3:a:gimp:gimp:2.2:::::::* cpe:2.3:a:gimp:gimp:2.0.5:::::::* cpe:2.3:a:gimp:gimp:2.0:::::::* cpe:2.3:a:gimp:gimp::::::::	30
Application	Swi-Prolog cpe:2.3:a:swi-prolog:swi-prolog:5.8.3:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.8.2:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.8.1:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.8.0:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.6.64:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.6.63:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.6.62:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.6.61:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.6.59:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.6.58:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.6.57:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.6.56:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.6.55:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.6.54:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.6.53:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.6.52:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.6.51:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.6.50:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.4.7:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.2.13:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.10.4:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.10.3:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.10.2:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.10.1:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.10.0:::::::* cpe:2.3:a:swi-prolog:swi-prolog:5.0.10:::::::* cpe:2.3:a:swi-prolog:swi-prolog:4.0.11:::::::* cpe:2.3:a:swi-prolog:swi-prolog:3.4.5:::::::* cpe:2.3:a:swi-prolog:swi-prolog:3.3.10:::::::* cpe:2.3:a:swi-prolog:swi-prolog:3.2.8:::::::* cpe:2.3:a:swi-prolog:swi-prolog:3.1.2:::::::* cpe:2.3:a:swi-prolog:swi-prolog:2.9.9:::::::* cpe:2.3:a:swi-prolog:swi-prolog:2.9.7:::::::* cpe:2.3:a:swi-prolog:swi-prolog:2.9.11:::::::* cpe:2.3:a:swi-prolog:swi-prolog:2.8.2:::::::* cpe:2.3:a:swi-prolog:swi-prolog:2.7.19:::::::* cpe:2.3:a:swi-prolog:swi-prolog:2.7.15:::::::* cpe:2.3:a:swi-prolog:swi-prolog:2.7.14:::::::*	38

OpenVAS Exploits

Date	Description
2012-12-13	Name : SuSE Update for gimp openSUSE-SU-2012:1080-1 (gimp) File : nvt/gb_suse_2012_1080_1.nasl
2012-10-03	Name : Gentoo Security Advisory GLSA 201209-23 (gimp) File : nvt/glsa_201209_23.nasl
2012-09-11	Name : Ubuntu Update for gimp USN-1559-1 File : nvt/gb_ubuntu_USN_1559_1.nasl
2012-09-04	Name : Fedora Update for gimp FEDORA-2012-12364 File : nvt/gb_fedora_2012_12364_gimp_fc16.nasl
2012-08-30	Name : Fedora Update for gimp FEDORA-2012-12383 File : nvt/gb_fedora_2012_12383_gimp_fc17.nasl
2012-08-24	Name : Mandriva Update for gimp MDVSA-2012:142 (gimp) File : nvt/gb_mandriva_MDVSA_2012_142.nasl
2012-08-21	Name : CentOS Update for gimp CESA-2012:1180 centos6 File : nvt/gb_CESA-2012_1180_gimp_centos6.nasl
2012-08-21	Name : CentOS Update for gimp CESA-2012:1181 centos5 File : nvt/gb_CESA-2012_1181_gimp_centos5.nasl
2012-08-21	Name : RedHat Update for gimp RHSA-2012:1180-01 File : nvt/gb_RHSA-2012_1180-01_gimp.nasl
2012-08-21	Name : RedHat Update for gimp RHSA-2012:1181-01 File : nvt/gb_RHSA-2012_1181-01_gimp.nasl
2012-07-09	Name : RedHat Update for cups RHSA-2011:1635-03 File : nvt/gb_RHSA-2011_1635-03_cups.nasl
2012-04-02	Name : Fedora Update for pl FEDORA-2011-11229 File : nvt/gb_fedora_2011_11229_pl_fc16.nasl
2012-04-02	Name : Fedora Update for cups FEDORA-2011-11173 File : nvt/gb_fedora_2011_11173_cups_fc16.nasl
2012-04-02	Name : Fedora Update for gimp FEDORA-2011-10761 File : nvt/gb_fedora_2011_10761_gimp_fc16.nasl
2012-03-12	Name : Debian Security Advisory DSA 2426-1 (gimp) File : nvt/deb_2426_1.nasl
2012-02-21	Name : RedHat Update for cups RHSA-2012:0302-03 File : nvt/gb_RHSA-2012_0302-03_cups.nasl
2012-02-12	Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD14.nasl
2012-02-11	Name : Debian Security Advisory DSA 2354-1 (cups) File : nvt/deb_2354_1.nasl
2011-11-08	Name : Mandriva Update for gimp MDVSA-2011:167 (gimp) File : nvt/gb_mandriva_MDVSA_2011_167.nasl
2011-10-21	Name : Mandriva Update for libxfont MDVSA-2011:153 (libxfont) File : nvt/gb_mandriva_MDVSA_2011_153.nasl
2011-10-14	Name : Mandriva Update for cups MDVSA-2011:146 (cups) File : nvt/gb_mandriva_MDVSA_2011_146.nasl
2011-09-23	Name : Ubuntu Update for gimp USN-1214-1 File : nvt/gb_ubuntu_USN_1214_1.nasl
2011-09-21	Name : FreeBSD Ports: libXfont File : nvt/freebsd_libXfont.nasl
2011-09-16	Name : Ubuntu Update for cups USN-1207-1 File : nvt/gb_ubuntu_USN_1207_1.nasl
2011-09-12	Name : Fedora Update for cups FEDORA-2011-11221 File : nvt/gb_fedora_2011_11221_cups_fc14.nasl
2011-09-12	Name : Fedora Update for pl FEDORA-2011-11305 File : nvt/gb_fedora_2011_11305_pl_fc15.nasl
2011-09-12	Name : Fedora Update for pl FEDORA-2011-11318 File : nvt/gb_fedora_2011_11318_pl_fc14.nasl
2011-08-31	Name : Fedora Update for cups FEDORA-2011-11197 File : nvt/gb_fedora_2011_11197_cups_fc15.nasl
2011-08-27	Name : Fedora Update for gimp FEDORA-2011-10782 File : nvt/gb_fedora_2011_10782_gimp_fc14.nasl
2011-08-24	Name : Fedora Update for gimp FEDORA-2011-10788 File : nvt/gb_fedora_2011_10788_gimp_fc15.nasl
2010-04-30	Name : Mandriva Update for gimp MDVSA-2009:332-1 (gimp) File : nvt/gb_mandriva_MDVSA_2009_332_1.nasl
2010-01-15	Name : Ubuntu Update for gimp vulnerabilities USN-880-1 File : nvt/gb_ubuntu_USN_880_1.nasl
2009-12-03	Name : Debian Security Advisory DSA 1941-1 (poppler) File : nvt/deb_1941_1.nasl
0000-00-00	Name : Slackware Advisory SSA:2009-345-01 gimp File : nvt/esoft_slk_ssa_2009_345_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
74539	GIMP plug-ins/common/file-gif-load.c LZWReadByte() Function GIF File Handling...
60178	GIMP plug-ins/file-psd/psd-load.c read_channel_data() Function PSD Image Hand...

Snort® IPS/IDS

Date	Description
2014-04-17	GIMP heap buffer overflow vulnerability attempt RuleID : 30213 - Revision : 2 - Type : FILE-IMAGE
2014-04-17	GIMP heap buffer overflow vulnerability attempt RuleID : 30212 - Revision : 2 - Type : FILE-IMAGE

Nessus® Vulnerability Scanner

Date	Description
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_gimp_20130219.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_gimp-110916.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_gimp-110916.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-583.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-543.nasl - Type : ACT_GATHER_INFO
2013-12-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2813.nasl - Type : ACT_GATHER_INFO
2013-11-11	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-05.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1181.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0302.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1180.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-082.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gimp-120823.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gimp-120816.nasl - Type : ACT_GATHER_INFO
2012-09-29	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-23.nasl - Type : ACT_GATHER_INFO
2012-09-18	Name : The remote Fedora host is missing a security update. File : fedora_2012-12293.nasl - Type : ACT_GATHER_INFO
2012-09-11	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1559-1.nasl - Type : ACT_GATHER_INFO
2012-09-06	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-147.nasl - Type : ACT_GATHER_INFO
2012-09-06	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-142.nasl - Type : ACT_GATHER_INFO
2012-09-04	Name : The remote Fedora host is missing a security update. File : fedora_2012-12364.nasl - Type : ACT_GATHER_INFO
2012-08-29	Name : The remote Fedora host is missing a security update. File : fedora_2012-12383.nasl - Type : ACT_GATHER_INFO
2012-08-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gimp-8253.nasl - Type : ACT_GATHER_INFO
2012-08-23	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gimp-8251.nasl - Type : ACT_GATHER_INFO
2012-08-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1180.nasl - Type : ACT_GATHER_INFO
2012-08-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1181.nasl - Type : ACT_GATHER_INFO
2012-08-21	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120820_gimp_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-21	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120820_gimp_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1180.nasl - Type : ACT_GATHER_INFO
2012-08-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1181.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111206_cups_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120221_cups_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-03-07	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2426.nasl - Type : ACT_GATHER_INFO
2012-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0302.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gimp-7776.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-7775.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gimp-110923.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cups-110921.nasl - Type : ACT_GATHER_INFO
2011-12-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1635.nasl - Type : ACT_GATHER_INFO
2011-12-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2354.nasl - Type : ACT_GATHER_INFO
2011-11-07	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-167.nasl - Type : ACT_GATHER_INFO
2011-10-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-7774.nasl - Type : ACT_GATHER_INFO
2011-10-18	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-153.nasl - Type : ACT_GATHER_INFO
2011-10-11	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-146.nasl - Type : ACT_GATHER_INFO
2011-09-23	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1214-1.nasl - Type : ACT_GATHER_INFO
2011-09-15	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1207-1.nasl - Type : ACT_GATHER_INFO
2011-09-12	Name : The remote Fedora host is missing a security update. File : fedora_2011-11221.nasl - Type : ACT_GATHER_INFO
2011-09-12	Name : The remote Fedora host is missing a security update. File : fedora_2011-11229.nasl - Type : ACT_GATHER_INFO
2011-09-09	Name : The remote Fedora host is missing a security update. File : fedora_2011-11318.nasl - Type : ACT_GATHER_INFO
2011-09-09	Name : The remote Fedora host is missing a security update. File : fedora_2011-11305.nasl - Type : ACT_GATHER_INFO
2011-08-31	Name : The remote Fedora host is missing a security update. File : fedora_2011-11173.nasl - Type : ACT_GATHER_INFO
2011-08-29	Name : The remote print service is affected by a buffer overflow vulnerability. File : cups_1_4_7.nasl - Type : ACT_GATHER_INFO
2011-08-29	Name : The remote Fedora host is missing a security update. File : fedora_2011-11197.nasl - Type : ACT_GATHER_INFO
2011-08-23	Name : The remote Fedora host is missing a security update. File : fedora_2011-10782.nasl - Type : ACT_GATHER_INFO
2011-08-23	Name : The remote Fedora host is missing a security update. File : fedora_2011-10761.nasl - Type : ACT_GATHER_INFO
2011-08-20	Name : The remote Fedora host is missing a security update. File : fedora_2011-10788.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gimp-6880.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gimp-6882.nasl - Type : ACT_GATHER_INFO
2010-12-02	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gimp-100318.nasl - Type : ACT_GATHER_INFO
2010-04-29	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-332.nasl - Type : ACT_GATHER_INFO
2010-04-15	Name : The remote openSUSE host is missing a security update. File : suse_11_2_gimp-100318.nasl - Type : ACT_GATHER_INFO
2010-04-15	Name : The remote openSUSE host is missing a security update. File : suse_11_0_gimp-100318.nasl - Type : ACT_GATHER_INFO
2010-04-15	Name : The remote openSUSE host is missing a security update. File : suse_11_1_gimp-100318.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1941.nasl - Type : ACT_GATHER_INFO
2010-01-08	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-880-1.nasl - Type : ACT_GATHER_INFO
2009-12-14	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-345-01.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:56:15	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	5
Oval ID(s)	15
CPE ID(s)	162
osvdb(s)	2
Openvas Exploit(s)	34
Snort® Rule(s)	2
Nessus® Exploit(s)	64

	Related
9.3	CVE-2009-3909
6.8	CVE-2012-3481
6.8	CVE-2012-3403
6.8	CVE-2012-3402
5.1	CVE-2011-2896
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 5 more Alert(s)