Bug 986021 - (CVE-2016-4994) VUL-0: CVE-2016-4994: gimp: Use-after-free vulnerabilities in the channel and layer properties parsing process
(CVE-2016-4994)
VUL-0: CVE-2016-4994: gimp: Use-after-free vulnerabilities in the channel and...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/170387/
CVSSv2:SUSE:CVE-2016-4994:5.1:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-06-22 09:26 UTC by Marcus Meissner
Modified: 2018-05-08 00:51 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-06-22 09:26:03 UTC
Multiple use-after-free vulnerabilities were found in the channel and layer properties parsing process when loading XCF file. Attacker may craft XCF file in order to gain control over objects that got previously freed and contains pointers to virtual functions that get executed.

Upstream bug:

https://bugzilla.gnome.org/show_bug.cgi?id=767873
Comment 1 Swamp Workflow Management 2016-06-22 22:00:25 UTC
bugbot adjusting priority
Comment 2 Bernhard Wiedemann 2016-06-23 10:00:29 UTC
This is an autogenerated message for OBS integration:
This bug (986021) was mentioned in
https://build.opensuse.org/request/show/404204 13.2+42.1 / gimp
Comment 3 Bjørn Lie 2016-06-23 10:05:04 UTC
(In reply to Bernhard Wiedemann from comment #2)
> This is an autogenerated message for OBS integration:
> This bug (986021) was mentioned in
> https://build.opensuse.org/request/show/404204 13.2+42.1 / gimp

https://build.opensuse.org/request/show/404202

Factory sub
Comment 4 Scott Reeves 2016-06-23 21:42:16 UTC
Looking through the code it appears only the xcf_load_channel_props piece of this fix logically applies on SLE11 and SLE10. I redid the patch for those distros and will submit for SLE12, SLE11 and SLE10...
Comment 5 Scott Reeves 2016-06-25 00:18:21 UTC
(In reply to Scott Reeves from comment #4)
> Looking through the code it appears only the xcf_load_channel_props piece of
> this fix logically applies on SLE11 and SLE10. I redid the patch for those
> distros and will submit for SLE12, SLE11 and SLE10...

SLE12 - SR#117078
SLE11 - SR#117079

For SLE10 I get an error submitting but I actually don't know why mbranch returned an entry anyway, as it's out of maintenance as far as I know.
Comment 6 Marcus Meissner 2016-06-27 13:04:53 UTC
sle10 gimp submission is not required, no desktop product based on the sle10 line anymore. (sle11 has gimp on the SDK, which is still present)
Comment 7 Swamp Workflow Management 2016-07-01 15:14:29 UTC
openSUSE-SU-2016:1727-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 986021
CVE References: CVE-2016-4994
Sources used:
openSUSE Leap 42.1 (src):    gimp-2.8.16-4.1
openSUSE 13.2 (src):    gimp-2.8.16-3.1
Comment 8 Swamp Workflow Management 2016-07-19 15:10:40 UTC
SUSE-SU-2016:1827-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 986021
CVE References: CVE-2016-4994
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    gimp-2.6.2-3.34.47.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    gimp-2.6.2-3.34.47.1
Comment 9 Swamp Workflow Management 2016-08-04 18:11:08 UTC
SUSE-SU-2016:1962-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 986021
CVE References: CVE-2016-4994
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    gimp-2.8.10-7.8
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    gimp-2.8.10-7.8
SUSE Linux Enterprise Desktop 12-SP1 (src):    gimp-2.8.10-7.8
Comment 10 Marcus Meissner 2017-10-25 19:59:32 UTC
released
Comment 11 Swamp Workflow Management 2018-05-02 10:41:31 UTC
This is an autogenerated message for OBS integration:
This bug (986021) was mentioned in
https://build.opensuse.org/request/show/603017 Factory / gimp
Comment 12 Swamp Workflow Management 2018-05-08 00:51:30 UTC
This is an autogenerated message for OBS integration:
This bug (986021) was mentioned in
https://build.opensuse.org/request/show/605190 15.0 / gimp