About Ubuntu

=========================================================== Ubuntu Security Notice USN-312-1 July 10, 2006 gimp vulnerability CVE-2006-3404 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: gimp 2.2.2-1ubuntu5.1 libgimp2.0 2.2.2-1ubuntu5.1 Ubuntu 5.10: gimp 2.2.8-2ubuntu6.1 libgimp2.0 2.2.8-2ubuntu6.1 Ubuntu 6.06 LTS: gimp 2.2.11-1ubuntu3.1 libgimp2.0 2.2.11-1ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Henning Makholm discovered that gimp did not sufficiently validate the 'num_axes' parameter in XCF files. By tricking a user into opening a specially crafted XCF file with Gimp, an attacker could exploit this to execute arbitrary code with the user's privileges.