-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGdQrXIBEACdQtlt0q4nFuG/w6jmXuMpI5n1p/REUpoDI3Fu+2C1Ze46ieTM
zKl5rh0+/rEBvwGn5Ox1lcu/QnujnNznNQ0g4ZarPRl3kCA2SKeyqe2vj77sfMkj
3NCF9nlvJVR/j3LgWdo8eynohrkPH8nXazSyzyZRWnUSrn7OCKMZ8KLlkixM9Av/
58Z2lbzVxto3ehTEXprUSn+WZTuKLBuIIE4681Y0lDZbmhi6W0kQBn/kvAlND/ue
G9OLijCJFT7HbikxMtKhCK82cXCSw4SeGzdhkHFLa+QdKo9W/iWYyB9jT+zresxj
dfA6I/ZBvBINt7VJKxLgE18XGOiqq5TmlI4iadXv2umMBl8QAKuhA8qLBQDUdZx6
XWKO4w3xqPtzJ0fDX8OHopb0+QBtyUuxFAX+uFX0mpWbxkzjcEUxf16zN5EUwDD2
5c8Q7POoWKQWu1pA6JtBpkoPYTpdbg7lm+YIhonZLWdKduaaUXRjtRrbNRTvMZqq
dMNn1WSQzrT8/81CitcETIof1G/XA/ktwWDIqzPBgofyja/ffbOLf3V6GieqcaJK
oCaowBZeT1cSBw+xrpEIFiVywFFWbv0f5qWW0yOvYI2YVeckkcsJnsF19quAEgck
8zWOgaZJV8JTj0AmuvE1lqBIRBy3OVl/t7FiQ+0wduytN2U9EOvqaxoKlQARAQAB
zShKb2huIEJyZXRvbiA8am9obi5icmV0b25AY2Fub25pbmNhbC5jb20+wsGXBBMB
CgBBFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmdQrXICGwMFCQWjmoAFCwkIBwIC
IgIGFQoJCAsCBBYCAwECHgcCF4AACgkQ8pSCVQZYHygLpQ/9E+KzsXCYkHVtcHmq
S/Qyul2l3DID1Skl/4cuL33s8sQC+XQZxXCIYeXkDOhiDsx+cPwCB20c4GhMRkCw
kuefTI4vOg50HhcyuKVfm6WvETWMSEYXjM4lnVuRBNkn+XsfmRG9EPk1bIlwjl0L
SNY4zKvYAG9C8MZCyC2+Qz+9HQBR+0kR4Xc8Ei+PVHyuGJfdQN+b5lFghXG6zjKr
x0tMWpbh9pFpd0zIpWWNMtmiJQgb8nbxrY6KEdqzi3Jqc/1H0zN1+EpmIq3JNcKV
Icol4Y7tnqrkMe4Z2vhcYNdm6KyA7RqBJagYfjDKw2ZFyoZGVasbQb9mlFLHEU2p
joDq7wDrI2K4RLNen4XjxOfMVG+W7XQO4CmTLZUyEUVNRy6JLepYz8EHGeaDTAnq
OsIEDYnqYyHpweK1eZqhlJNNv6QquPqBS/jptGApkcgszH7I3pOhRVlZSRX4JRSm
DhulXJEpPv6dGSCOZsMtsLnKRinIt/LHAsgTYLvSJixQKN2Ji3hoQVufoCKI+Qs7
hWu5L3DHxCa7j5ta3kVyrtzXM1kltvd1vAuCGdO0dhI+nZOJ67D4F+BwiTDyWNOC
zM0mnHR63mC3phV6uQp2a5UzNsZFeb8l0RvhMWighQOj7pBgf8t3YNKxFb5j+p6Q
LaY1OCQl3/uho8dB5ySgLLU1hcnCwYMEMAEKAC0WIQTIwMc5MbRgflSxqMjylIJV
BlgfKAUCZ31mgw8dIHR5cG8gaW4gZW1haWwACgkQ8pSCVQZYHygw8w/9EMfmrGvD
oW0WrRc1+0LPKUjGvD/1iCmQ0b3iKJp5rtBEsKIXUKGLMKEi/KvJ1SUNqfGR4Dj9
rmrAYDX2f6roqx/YkqTfqABeYG1kHFHXfgCnxzDbIR6ZZYWKXmYjXgQgYwloJFeg
cot9/9Bims6k+zgZEtH/bxvULWerEuvkHaZiMsdOHzsiC/VdSXsW2RrH8V5cDH3Q
DRsB4YTP/9gdpWprthCWsk2AJUEj/uZNmkuCmRcfxyG4mRUxnFECU0dt1wd+XRmQ
0H8lKrz1hzKJdRh2qjU/4Debf08NDqBzBktaphlPMjXlqPAvIP5NXWAvRFJm27OS
LbYZtb32d2pGtu0ad0HI/B8Dqsv1x0TtUL5ymlnjaqXkajoaE7DWzL6XKsY5KStS
Eyhy/EC3dskBTLr9lPLBTGzkAFkGAjB/+H2saaleIKctrwjOgD0srr9YvDBduPZJ
yE03wEf3ensE6KZmc+HxBFxXz2AIQQKW/lVUC+UPmsb/8FWwmqcwJqczDHdIblEF
d4OPU2u2Go1qK0GQf2RddBj2SxN05ZvqJ0iw3cRAl5phXiLzro1aLYoum+lJrtNH
TQJeFJIyWe+dx/3BcQ42shzh7ap2Ipn9VGNf/EH17kJ97gRejbHN9XnfmM2MzRqs
HFAsaBAd8yZJYDsxR+rnN7/KjDGiWOnROHrNN0pvaG4gQnJldG9uIChjb3JyZWN0
IGVtYWlsKSA8am9obi5icmV0b25AY2Fub25pY2FsLmNvbT7CwZcEEwEKAEEWIQTI
wMc5MbRgflSxqMjylIJVBlgfKAUCZ31l3AIbAwUJBaOagAULCQgHAgIiAgYVCgkI
CwIEFgIDAQIeBwIXgAAKCRDylIJVBlgfKKoVD/97VtPeqs8Qg84l3Ca83FZIa3Hd
GcRCdhGR0dZ3P1xwMnfk3phFyvewSIPYD+bJDlX97z1gxNUnt0GPvpTYyjAL4uVe
Yxb0jY68aUtZ6zBccKXDy+jR/8OxWgU9Ulip+LTumVuq8OD6sWIj44hzuSmdH3eC
kzsqj6f5ay8SG5BR1EPJjJnAysrWlJx5j95kep+an/19+rto0t5ZGAfbmHHNPExj
JbkQnTra88nUiIKRWuwyG3X2kvxL392BYm7S6cxoMADtrkS2ZSogLBBrddIL5Jfb
tyS7R5gng7Uy3MTXlwZL6WYNwFX3bAk01DYV2sOn9hFG0Xh/aGx26PFw2I/YA76x
AdHXcxdb+1JwTu+REOSMuvEb0M0N+anEsrWvV4BcY/UgShgtEE5+3OT6dKl62g8v
1G/jrXNz6cwbqiJoWi0U6gwsS4zgi8pXO8iCKSLMbf8/kfH1Yo0mSGGtTqt9gotU
ULM/snjT3Fb4me/VcVkqOW0viwCMyp6NXdgbAnd+3Lxk9JQgn8Z9FqLIojE7Qjzm
aHHK3syhGjcmLmfTFaEpbqOon5iPPjdYgmz1+FAWxekU1M53yoFed0jZEt132aHT
Vz5IsJNu6aDmDbxGKARBk6+PPSDl/D5ExPUEX2TSo648lCSNP03NVlR5mToPVXxJ
1rJ/JjmcDg1VqAaKLM7BTQRnUz5jARAAvhXhR4FxcGnlv0lmEa+WL+5Sf/ygpFm5
tFHnyXJWQA3nXCJNGkibvCM03iyY8cax6MwLG0faQ9xEqu1vphigyj8kdpAcGkIn
ezZWyy2e4XpWg7R3CJXRO/teGpCjxkrJ462NwQD2qFAbxe5MzgyzsmKoeEigUmod
2QGzT4nGRqdAklZ/byMAVs+eyF7X+7hUERCgHATpMELvgcSQdUV/lgrQX0g/UV+9
1CtLlTZ5RYHOlqJEb/2VBkKqXP821UV+wScwmAWOIXHRuGsqzyIb2ZB1/VLhEFEM
xxsr+nrgjuzOWS2/jXrn9fSHMYlmW3TGmX9+53UNXhtsyT2FFYOc7SzwEwUDqadW
johTv3slOj2vsAIW6NFQY2TjjleZFm3lQPiNDtuWZlmL3Qxz5/TDqTrSb5FHJIEN
81R8OYXzy4QDPJKm553ZKOfGKvhj3DV8BlzRJ83nZ3VcduBlnCMv1SMh8wdf39jI
F33JTUqjhIuZHzs+VEYofORH+Q8witwCctH5tiJL9i5feAL04bKxH7wsnnwSl9kE
eh/okSLWIglZ1JYJov/8hAnlx65DhYuBuX7s6YDaN6bcEBjJcHFQSILzFz1ulaI1
Vp17Nufsb2gOTBX8wK5K1RBP717r48P4GCHzXK8dnWuFnWAPsiJ2K74aPQ3Ei0N7
4pNp1IfxB4cAEQEAAcLBdgQYAQoAIBYhBMjAxzkxtGB+VLGoyPKUglUGWB8oBQJn
Uz5jAhsMAAoJEPKUglUGWB8o5dkP/28eg2EoE/+/svXsQ/apsYClkvuvVUsB6klm
HWz1B8S4kRJzwDmF2CUvttNT8PDXARdXaExxYFWU4DrptJNTwCkxMYGJOBCXAnVb
T9CXFSe2Uz4Gopb55cmWE/xGPWzeBlnt7A3ImJjYI04C2cPXOF8hceGd9mg6hV23
Fj9q2FdAgO82D4k+HRixhkH0Rk/bHc9a0FKKUUbv97gGTmHo6K4idPHeBobZYYYO
0AS/H0t/ea5Ty5+sDu3O2fjecou6L1dgW6oFK68Tep3Vz+sxI3JVTLMcxNh/hxxk
pTvtREFc/6Zo+PFLhuPkbAPJeZvZSG1viHkvxCfPuvySDTvi/htf3TiM9yEWgUkS
iDQAy4upf/a0B+t3BSapndFNsT+8j5UinY7ux8HiGrhO5t7Br3EMmpvgStkB4v57
LkNXiwkc899ZYlC1lFOTbVgHI4uH3GTWxVjGxZoq3Bda3JTDxTpC+PM+jK5cWDbO
/bieXm+zeA8/Go7vSE4kbj4tDEWpXhcnj7uc274xMepQIaPSEP32jPkDUzwD1804
GaJXC/ChkMykYmdEORRH4EfLlS9W+pBuFtktNhWGwdIVaOqVHMDi3jncz1sBsveC
Nwtt7tlhxUEPfMUiH8NznH2aeFll7obgX6/yu0Vg6h+d7HBIwY9WdXyMqm/rWATk
X5TWH5FT
=NpqL
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmeJT0kFAwAAAAAACgkQ8pSCVQZYHyi0
nQ//eIlenPc2EbRNFmTvCQ6Gf3FYCxopYsj4+kyQwjHmuMxeR3JWx/b6KZQ4bjz44D/2xViL5QwQ
qXytyO1LE4IMId2OxKApGTWMTLyl8D/+p4WSVQdsMeOcqplSMlNOVomBfJJlE8b2+vhhXQCawPV0
ypJQpDzR6K8qp5PPMWHdlBUheUx0/uqYE7V0vJ6O2nvmMJsGnIa7yhzrsjzhlwAdiZA87rzWBs4O
o57AzqdPSOyluCSn8NHDG1YdBN9fJPJ1ciTchUeL8BS6vNmwDmmyKvuplLwi3IsDqs6APlTNQCdB
Wi9bRuz5cq02Yx6iTBKXA6mFgcMLxSYxvXFavRL+EbULoPoZodEZWBNB660no6RZj8EulmltwMWB
Et/9k4Zy9D8MfaD5bPB2yCNzoFVpmjZR99KyIUePI7MOID37PymfA/UwfpwNM2DfPB3zhbJgwUj3
Klr/2VHmFZEqfRu4E+qBP9Mh++u7jKn45sfgtF5xLT6mv2JVxFsLHAaFYmGeEUxbDnpQRB1tmmTk
BdEKi5SZrmmNBvndO4RM5l/aPRFdHy6SEbDVRQtKZncrd4dU4nf54RPJGeS21vHqptyPR1g/6BNP
s4QpK1DkGm13FbErTVudZlCeOmnNzq5gepUUtnddwGoc3IbhUHa55oYuGo3F4/dUJ2vNImAwJfHi
Bj8=
=9cWi
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7209-1
January 16, 2025
gimp-dds vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
The GIMP DDS Plugin could be made to crash or run programs as
your login if it opened a specially crafted file.
Software Description:
- gimp-dds: DDS (DirectDraw Surface) plugin for GIMP
Details:
Jacob Boerema discovered that the GIMP DDS Plugin incorrectly
processed DDS files due to a memory issue. An attacker could
exploit this through a specifically crafted DDS file to cause
GIMP to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
gimp-dds 3.0.1-1+deb10u1build0.22.04.1
Ubuntu 20.04 LTS
gimp-dds 3.0.1-1+deb10u1build0.20.04.1
Ubuntu 18.04 LTS
gimp-dds 3.0.1-1+deb10u1build0.18.04.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
gimp-dds 3.0.1-1+deb10u1build0.16.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7209-1
CVE-2023-44441
Package Information:
https://launchpad.net/ubuntu/+source/gimp-dds/3.0.1-1+deb10u1build0.22.04.1
https://launchpad.net/ubuntu/+source/gimp-dds/3.0.1-1+deb10u1build0.20.04.1
No comments:
Post a Comment