漏洞类别:RedHat
漏洞等级: 
漏洞信息
The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.
The following packages have been upgraded to a newer upstream version: gimp (2.8.16), gimp-help (2.8.2). (BZ#1298226, BZ#1370595)
Security Fix(es):
* Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
漏洞危害
An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994)
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2016:2589 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论