CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.2%
Among other things this update fixes a vulnerability with corrupt XWD files and a crash with newer versions of fontconfig when gimp is quit.
Overview of Changes from GIMP 2.8.2 to GIMP 2.8.4 =================================================
GUI :
Better names for the default filters in save and export
Make tool drawing (esp. the brush outline) much more responsive
Remember the ‘maximized’ state across sessions
Simplify the splash image code a lot, makes it appear immediately again
Allow the text tool to start on an image without layers
Various fixes for text style attribute handling
Set unconfigured input devices to eraser if GTK+ says they are erasers
Libgimp :
Make libgimp drawable combo boxes aware of layer groups
Plug-ins :
Better default values in the Drop Shadow script
General :
Lots of bug fixes
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2013-2000.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(64733);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2012-5576");
script_bugtraq_id(56647);
script_xref(name:"FEDORA", value:"2013-2000");
script_name(english:"Fedora 17 : gimp-2.8.4-1.fc17 (2013-2000)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Among other things this update fixes a vulnerability with corrupt XWD
files and a crash with newer versions of fontconfig when gimp is quit.
Overview of Changes from GIMP 2.8.2 to GIMP 2.8.4
=================================================
GUI :
- Better names for the default filters in save and export
- Make tool drawing (esp. the brush outline) much more
responsive
- Remember the 'maximized' state across sessions
- Simplify the splash image code a lot, makes it appear
immediately again
- Allow the text tool to start on an image without
layers
- Various fixes for text style attribute handling
- Set unconfigured input devices to eraser if GTK+ says
they are erasers
Libgimp :
- Make libgimp drawable combo boxes aware of layer groups
- Fix item width in GimpPageSelector (used e.g. in PDF
import)
Plug-ins :
- Better default values in the Drop Shadow script
- Fix a whole bunch of bugs in the BMP plug-in
General :
- Lots of bug fixes
- Lots of translation updates
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=879302"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2013-February/099034.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?911d2433"
);
script_set_attribute(attribute:"solution", value:"Update the affected gimp package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gimp");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");
script_set_attribute(attribute:"patch_publication_date", value:"2013/02/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/21");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC17", reference:"gimp-2.8.4-1.fc17")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp");
}