Monday, July 18, 2016

GIMP 2.8.18 released to fix a vulnerability in the XCF loading code (CVE-2016-4994)

   GIMP 2.8.18 was recently released to fix a vulnerability in the XCF loading code (CVE-2016-4994).   With special XCF files, GIMP can be caused to crash, and possibly be made to execute arbitrary code provided by the attacker.
 

  This release includes additional bug fixes since 2.8.16. An important change has happened to the initial startup experience on Microsoft Windows and OS X platforms - any “GIMP is not responding” errors encountered there should be gone.

GIMP 2.8.18 Changelog from GIMP 2.8.16

Core:
  •  Initialize fontconfig cache in separate thread to keep GUI responsive on first startup
  •  Properly recognize layer masks as deactivated, e.g. for moving layers
  •  Create $XDG_DATA_HOME if it doesn't exist
  •  (CVE-2016-4994) Multiple Use-After-Free when parsing XCF channel and layer properties
  •  Fix progress access to prevent crash on rapid sequence of commands
  •  Fix crash in gimp-gradient-segment-range-move
GUI:

  •  Disable color picker buttons on OS X to prevent a GUI lockup
  •  Disable "new-style" full-screen mode on OS X to prevent a crash
  •  Pulsing progress bar in splash screen to indicate unknown durations
  •  Fix gamut warning color for lcms display filter
  •  Fix unbolding of bold font on edit
  •  Prevent accidental renaming of wrong adjacent item
Installer:
  •  Change compression settings to decrease size by 20%
  •  Add Catalan, Danish, French, Dutch
Plug-ins:
  •  Fix crash on sRGB JPEG image drag & drop
  •  Fix ambiguous octal-escaped output of c-source
  •  Fix KISS CEL export
  •  Fix progress bar for file-compressor
  •  Make Script-Fu regex match return proper character indexes for Unicode characters
  •  Fix Script-Fu modulo for large numbers
General:
  •  Documentation updates
  •  Bug fixes
  •  Translation updates
Installation instructions:

Open terminal and insert command line...
 


$ sudo add-apt-repository ppa:otto-kesselgulasch/gimp

$ sudo apt-get update

$ sudo apt-get install gimp

Optional, to remove GIMP 2.8.18 and revert the changes, do:

$ sudo apt-get install ppa-purge

$ sudo ppa-purge ppa:otto-kesselgulasch/gimp

No comments:

Post a Comment