Vulnerabilities > CVE-2011-2896 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1180.NASL description Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61599 published 2012-08-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61599 title CentOS 6 : gimp (CESA-2012:1180) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1180 and # CentOS Errata and Security Advisory 2012:1180 respectively. # include("compat.inc"); if (description) { script_id(61599); script_version("1.9"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2011-2896", "CVE-2012-3403", "CVE-2012-3481"); script_xref(name:"RHSA", value:"2012:1180"); script_name(english:"CentOS 6 : gimp (CESA-2012:1180)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481) A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896) A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403) Red Hat would like to thank Matthias Weckbecker of the SUSE Security Team for reporting the CVE-2012-3481 issue. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2012-August/018813.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7e02ea4c" ); script_set_attribute(attribute:"solution", value:"Update the affected gimp packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3403"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-devel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-help-browser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"gimp-2.6.9-4.el6_3.3")) flag++; if (rpm_check(release:"CentOS-6", reference:"gimp-devel-2.6.9-4.el6_3.3")) flag++; if (rpm_check(release:"CentOS-6", reference:"gimp-devel-tools-2.6.9-4.el6_3.3")) flag++; if (rpm_check(release:"CentOS-6", reference:"gimp-help-browser-2.6.9-4.el6_3.3")) flag++; if (rpm_check(release:"CentOS-6", reference:"gimp-libs-2.6.9-4.el6_3.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-devel / gimp-devel-tools / gimp-help-browser / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_11_GIMP-110923.NASL description Specially crafted gif files could have caused an infinite loop or a heap-based buffer overflow in the gif decoder (CVE-2011-2896). This has been fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 57104 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57104 title SuSE 11.1 Security Update : Gimp (SAT Patch Number 5193) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(57104); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-2896"); script_name(english:"SuSE 11.1 Security Update : Gimp (SAT Patch Number 5193)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Specially crafted gif files could have caused an infinite loop or a heap-based buffer overflow in the gif decoder (CVE-2011-2896). This has been fixed." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=711491" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2896.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5193."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gimp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gimp-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gimp-plugins-python"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2011/09/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"gimp-2.6.2-3.34.33.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"gimp-lang-2.6.2-3.34.33.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"gimp-plugins-python-2.6.2-3.34.33.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"gimp-2.6.2-3.34.33.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"gimp-lang-2.6.2-3.34.33.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"gimp-plugins-python-2.6.2-3.34.33.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2011-10761.NASL description This update adds checks to avoid heap corruption and buffer overflows when loading GIF image files (CVE-2011-2896). Additionally, it fixes a bug which caused GIMP to print an unnecessary warning to the command line on startup. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55949 published 2011-08-23 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55949 title Fedora 16 : gimp-2.6.11-21.fc16 (2011-10761) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-10761. # include("compat.inc"); if (description) { script_id(55949); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:33"); script_cve_id("CVE-2011-2896"); script_bugtraq_id(49148); script_xref(name:"FEDORA", value:"2011-10761"); script_name(english:"Fedora 16 : gimp-2.6.11-21.fc16 (2011-10761)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update adds checks to avoid heap corruption and buffer overflows when loading GIF image files (CVE-2011-2896). Additionally, it fixes a bug which caused GIMP to print an unnecessary warning to the command line on startup. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=727800" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064232.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9d3ff5d7" ); script_set_attribute(attribute:"solution", value:"Update the affected gimp package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gimp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"gimp-2.6.11-21.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201209-23.NASL description The remote host is affected by the vulnerability described in GLSA-201209-23 (GIMP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 62379 published 2012-09-29 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62379 title GLSA-201209-23 : GIMP: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2011-11221.NASL description This update avoids a GIF reader loop (CVE-2011-2896). The new upstream release fixes a number of scheduler, driver, and backend issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56148 published 2011-09-12 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56148 title Fedora 14 : cups-1.4.8-2.fc14 (2011-11221) NASL family Scientific Linux Local Security Checks NASL id SL_20120820_GIMP_ON_SL6_X.NASL description The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-03-18 modified 2012-08-21 plugin id 61606 published 2012-08-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61606 title Scientific Linux Security Update : gimp on SL6.x i386/x86_64 (20120820) NASL family SuSE Local Security Checks NASL id SUSE_11_3_GIMP-110916.NASL description specially crafted gif files could cause an infinite loop or a heap-based buffer overflow in the gif decoder (CVE-2011-2896). last seen 2020-06-01 modified 2020-06-02 plugin id 75515 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75515 title openSUSE Security Update : gimp (openSUSE-SU-2011:1152-1) NASL family Fedora Local Security Checks NASL id FEDORA_2011-10788.NASL description This update adds checks to avoid heap corruption and buffer overflows when loading GIF image files (CVE-2011-2896). Additionally, it fixes a bug which caused GIMP to print an unnecessary warning to the command line on startup. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55911 published 2011-08-20 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55911 title Fedora 15 : gimp-2.6.11-21.fc15 (2011-10788) NASL family SuSE Local Security Checks NASL id SUSE_CUPS-7775.NASL description This update fixes the following security issues : - 601830: CSRF via admin web interface. (CVE-2010-0540) - 680210: users in group last seen 2020-06-01 modified 2020-06-02 plugin id 57172 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57172 title SuSE 10 Security Update : CUPS (ZYPP Patch Number 7775) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1181.NASL description From Red Hat Security Advisory 2012:1181 : Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 68601 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68601 title Oracle Linux 5 : gimp (ELSA-2012-1181) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2357.NASL description According to the versions of the libXfont package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.(CVE-2011-2895) - In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.(CVE-2017-13722) - In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because last seen 2020-05-08 modified 2019-12-10 plugin id 131849 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131849 title EulerOS 2.0 SP2 : libXfont (EulerOS-SA-2019-2357) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1207-1.NASL description Tomas Hoger discovered that the CUPS image library incorrectly handled LZW streams. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56206 published 2011-09-15 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56206 title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : cups, cupsys vulnerabilities (USN-1207-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-146.NASL description Multiple vulnerabilities has been discovered and corrected in cups : The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses (CVE-2010-2432). The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895 (CVE-2011-2896). The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896 (CVE-2011-3170). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56447 published 2011-10-11 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56447 title Mandriva Linux Security Advisory : cups (MDVSA-2011:146) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1214-1.NASL description Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 56280 published 2011-09-23 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56280 title Ubuntu 10.04 LTS / 10.10 / 11.04 : gimp vulnerability (USN-1214-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1181.NASL description Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61604 published 2012-08-21 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61604 title RHEL 5 : gimp (RHSA-2012:1181) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-153.NASL description A vulnerability has been discovered and corrected in libxfont : The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896 (CVE-2011-2895). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 56531 published 2011-10-18 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56531 title Mandriva Linux Security Advisory : libxfont (MDVSA-2011:153) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2354.NASL description Petr Sklenar and Tomas Hoger discovered that missing input sanitising in the GIF decoder inside the CUPS printing system could lead to denial of service or potentially arbitrary code execution through crafted GIF files. last seen 2020-03-17 modified 2011-12-01 plugin id 56982 published 2011-12-01 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56982 title Debian DSA-2354-1 : cups - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_GIMP-7776.NASL description Specially crafted gif files could have caused an infinite loop or a heap-based buffer overflow in the gif decoder (CVE-2011-2896). This has been fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 57200 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57200 title SuSE 10 Security Update : Gimp (ZYPP Patch Number 7776) NASL family Fedora Local Security Checks NASL id FEDORA_2011-11173.NASL description This update avoids a GIF reader loop (CVE-2011-2896). This update enables CUPS by default. This update re-introduces support for Avahi. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56014 published 2011-08-31 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56014 title Fedora 16 : cups-1.5.0-6.fc16 (2011-11173) NASL family SuSE Local Security Checks NASL id SUSE_11_4_GIMP-110916.NASL description specially crafted gif files could cause an infinite loop or a heap-based buffer overflow in the gif decoder (CVE-2011-2896). last seen 2020-06-01 modified 2020-06-02 plugin id 75850 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75850 title openSUSE Security Update : gimp (openSUSE-SU-2011:1152-1) NASL family Fedora Local Security Checks NASL id FEDORA_2011-11197.NASL description This update avoids a GIF reader loop (CVE-2011-2896). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55990 published 2011-08-29 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55990 title Fedora 15 : cups-1.4.8-2.fc15 (2011-11197) NASL family SuSE Local Security Checks NASL id SUSE_11_CUPS-110921.NASL description This update fixes the following security issues : - 601830: CSRF via admin web interface. (CVE-2010-0540) - 680210: users in group last seen 2020-06-01 modified 2020-06-02 plugin id 57094 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57094 title SuSE 11.1 Security Update : CUPS (SAT Patch Number 5180) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1635.NASL description Updated cups packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the last seen 2020-06-01 modified 2020-06-02 plugin id 57018 published 2011-12-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57018 title RHEL 6 : cups (RHSA-2011:1635) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1180.NASL description From Red Hat Security Advisory 2012:1180 : Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 68600 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68600 title Oracle Linux 6 : gimp (ELSA-2012-1180) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0302.NASL description Updated cups packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the last seen 2020-04-16 modified 2012-02-21 plugin id 58056 published 2012-02-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58056 title RHEL 5 : cups (RHSA-2012:0302) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1180.NASL description Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61603 published 2012-08-21 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61603 title RHEL 6 : gimp (RHSA-2012:1180) NASL family Misc. NASL id CUPS_1_4_7.NASL description According to its banner, the version of CUPS installed on the remote host is earlier than 1.4.7. There is a boundary error in the function last seen 2020-06-01 modified 2020-06-02 plugin id 56007 published 2011-08-29 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56007 title CUPS < 1.4.7 'gif_read_lzw' Buffer Overflow NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1181.NASL description Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61600 published 2012-08-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61600 title CentOS 5 : gimp (CESA-2012:1181) NASL family Fedora Local Security Checks NASL id FEDORA_2011-11229.NASL description Fix bugs in GIF image decoder Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56149 published 2011-09-12 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56149 title Fedora 16 : pl-5.10.2-5.fc16 (2011-11229) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0302.NASL description From Red Hat Security Advisory 2012:0302 : Updated cups packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the last seen 2020-06-01 modified 2020-06-02 plugin id 68473 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68473 title Oracle Linux 5 : cups (ELSA-2012-0302) NASL family Fedora Local Security Checks NASL id FEDORA_2011-11305.NASL description Fix bugs in GIF image decoder Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56131 published 2011-09-09 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56131 title Fedora 15 : pl-5.10.2-5.fc15 (2011-11305) NASL family Scientific Linux Local Security Checks NASL id SL_20120221_CUPS_ON_SL5_X.NASL description The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the last seen 2020-03-18 modified 2012-08-01 plugin id 61259 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61259 title Scientific Linux Security Update : cups on SL5.x i386/x86_64 (20120221) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-167.NASL description A vulnerability has been discovered and corrected in gimp : The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895 (CVE-2011-2896). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56726 published 2011-11-07 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56726 title Mandriva Linux Security Advisory : gimp (MDVSA-2011:167) NASL family Scientific Linux Local Security Checks NASL id SL_20111206_CUPS_ON_SL6_X.NASL description The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the last seen 2020-06-01 modified 2020-06-02 plugin id 61186 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61186 title Scientific Linux Security Update : cups on SL6.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2011-11318.NASL description Fix bugs in GIF image decoder Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56132 published 2011-09-09 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56132 title Fedora 14 : pl-5.7.11-7.fc14 (2011-11318) NASL family Scientific Linux Local Security Checks NASL id SL_20120820_GIMP_ON_SL5_X.NASL description The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP last seen 2020-03-18 modified 2012-08-21 plugin id 61605 published 2012-08-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61605 title Scientific Linux Security Update : gimp on SL5.x i386/x86_64 (20120820) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2426.NASL description Several vulnerabilities have been identified in GIMP, the GNU Image Manipulation Program. - CVE-2010-4540 Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the last seen 2020-03-17 modified 2012-03-07 plugin id 58250 published 2012-03-07 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58250 title Debian DSA-2426-1 : gimp - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_CUPS-7774.NASL description This update fixes the following security issues : - 601830: CSRF via admin web interface. (CVE-2010-0540) - 680210: users in group last seen 2020-06-01 modified 2020-06-02 plugin id 56603 published 2011-10-24 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56603 title SuSE 10 Security Update : CUPS (ZYPP Patch Number 7774) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-147.NASL description A vulnerability has been discovered and corrected in cups : The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896 (CVE-2011-3170). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 61931 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61931 title Mandriva Linux Security Advisory : cups (MDVSA-2011:147) NASL family Fedora Local Security Checks NASL id FEDORA_2011-10782.NASL description This update adds checks to avoid heap corruption and buffer overflows when loading GIF image files (CVE-2011-2896). Additionally, it fixes a bug which caused GIMP to print an unnecessary warning to the command line on startup. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55951 published 2011-08-23 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55951 title Fedora 14 : gimp-2.6.11-21.fc14 (2011-10782)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=727800
- http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc
- https://bugzilla.redhat.com/show_bug.cgi?id=730338
- http://cups.org/str.php?L3867
- http://secunia.com/advisories/45621
- http://www.openwall.com/lists/oss-security/2011/08/10/10
- http://www.ubuntu.com/usn/USN-1207-1
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html
- http://secunia.com/advisories/46024
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html
- http://www.securitytracker.com/id?1025929
- http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html
- http://secunia.com/advisories/45945
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html
- http://secunia.com/advisories/45948
- http://www.securityfocus.com/bid/49148
- http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4
- http://secunia.com/advisories/45900
- http://www.ubuntu.com/usn/USN-1214-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:146
- http://www.redhat.com/support/errata/RHSA-2011-1635.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:167
- http://rhn.redhat.com/errata/RHSA-2012-1180.html
- http://rhn.redhat.com/errata/RHSA-2012-1181.html
- http://secunia.com/advisories/50737
- http://security.gentoo.org/glsa/glsa-201209-23.xml
- http://www.debian.org/security/2011/dsa-2354
- http://secunia.com/advisories/48236
- http://secunia.com/advisories/48308
- http://www.debian.org/security/2012/dsa-2426