Security update for gimp

Announcement ID:	SUSE-SU-2016:1827-1
Rating:	moderate
References:	bsc#986021
Cross-References:	CVE-2016-4994
CVSS scores:	CVE-2016-4994 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-4994 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Software Development Kit 11 SP4

An update that solves one vulnerability can now be installed.

Description:

gimp was updated to fix one security issue.

This security issue was fixed: - CVE-2016-4994: Use-after-free vulnerabilities in the channel and layer properties parsing process (bsc#986021).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Development Kit 11 SP4
  zypper in -t patch sdksp4-gimp-12657=1

Package List:

• SUSE Linux Enterprise Software Development Kit 11 SP4 (s390x x86_64 i586 ppc64 ia64)
  • gimp-2.6.2-3.34.47.1
  • gimp-plugins-python-2.6.2-3.34.47.1
  • gimp-devel-2.6.2-3.34.47.1
  • gimp-lang-2.6.2-3.34.47.1

References:

• https://www.suse.com/security/cve/CVE-2016-4994.html
• https://bugzilla.suse.com/show_bug.cgi?id=986021