Red Hat Security Advisory 2022-7978-01 - The GIMP is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Issues addressed include buffer overflow and denial of service vulnerabilities.
0cad81a9b47443baa13c3b5e3f9bfec69f48f60f6c5914d4c05fd446d550e73b
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: gimp security and enhancement update
Advisory ID: RHSA-2022:7978-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7978
Issue date: 2022-11-15
CVE Names: CVE-2022-30067 CVE-2022-32990
====================================================================
1. Summary:
An update for gimp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64
3. Description:
The GIMP (GNU Image Manipulation Program) is an image composition and
editing program. GIMP provides a large image manipulation toolbox,
including channel operations and layers, effects, sub-pixel imaging and
anti-aliasing, and conversions, all with multi-level undo.
Security Fix(es):
* gimp: buffer overflow through a crafted XCF file (CVE-2022-30067)
* gimp: unhandled exception via a crafted XCF file may lead to DoS
(CVE-2022-32990)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 9.1 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2087591 - CVE-2022-30067 gimp: buffer overflow through a crafted XCF file
2103202 - CVE-2022-32990 gimp: unhandled exception via a crafted XCF file may lead to DoS
6. Package List:
Red Hat Enterprise Linux AppStream (v. 9):
Source:
gimp-2.99.8-3.el9.src.rpm
aarch64:
gimp-2.99.8-3.el9.aarch64.rpm
gimp-debuginfo-2.99.8-3.el9.aarch64.rpm
gimp-debugsource-2.99.8-3.el9.aarch64.rpm
gimp-devel-tools-debuginfo-2.99.8-3.el9.aarch64.rpm
gimp-libs-2.99.8-3.el9.aarch64.rpm
gimp-libs-debuginfo-2.99.8-3.el9.aarch64.rpm
ppc64le:
gimp-2.99.8-3.el9.ppc64le.rpm
gimp-debuginfo-2.99.8-3.el9.ppc64le.rpm
gimp-debugsource-2.99.8-3.el9.ppc64le.rpm
gimp-devel-tools-debuginfo-2.99.8-3.el9.ppc64le.rpm
gimp-libs-2.99.8-3.el9.ppc64le.rpm
gimp-libs-debuginfo-2.99.8-3.el9.ppc64le.rpm
s390x:
gimp-2.99.8-3.el9.s390x.rpm
gimp-debuginfo-2.99.8-3.el9.s390x.rpm
gimp-debugsource-2.99.8-3.el9.s390x.rpm
gimp-devel-tools-debuginfo-2.99.8-3.el9.s390x.rpm
gimp-libs-2.99.8-3.el9.s390x.rpm
gimp-libs-debuginfo-2.99.8-3.el9.s390x.rpm
x86_64:
gimp-2.99.8-3.el9.x86_64.rpm
gimp-debuginfo-2.99.8-3.el9.i686.rpm
gimp-debuginfo-2.99.8-3.el9.x86_64.rpm
gimp-debugsource-2.99.8-3.el9.i686.rpm
gimp-debugsource-2.99.8-3.el9.x86_64.rpm
gimp-devel-tools-debuginfo-2.99.8-3.el9.i686.rpm
gimp-devel-tools-debuginfo-2.99.8-3.el9.x86_64.rpm
gimp-libs-2.99.8-3.el9.i686.rpm
gimp-libs-2.99.8-3.el9.x86_64.rpm
gimp-libs-debuginfo-2.99.8-3.el9.i686.rpm
gimp-libs-debuginfo-2.99.8-3.el9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-30067
https://access.redhat.com/security/cve/CVE-2022-32990
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBY3OMfNzjgjWX9erEAQj5TA//bPsUi7sLSgUYBRJ4F1TTjT0sBrKPN5ZG
FAYwxZEsez6Bxco5qckXUvJcPD8rcl6BYrA46M1dHlN9hK0jfdKxHsMg7ZSNB8BF
A862I5hRMFXb8sBy8szLTvzHvRE5hmedH3QElCQN2EqNinVeHYSApJYLeamIkuYx
8wf70QHGrlGJb38ddRg2hKADDJCV10k4NUepgb+UNVPDPwQCmyk2gaPD4BBplPok
tmP908mU50IKwgwnjnw1Li7fxtrJmmZE7teogW7oAkqeFjNNtf3DUXUeqMtK0I8a
pZlpYG2FlepWtn2SGHiAfkkwWNtQlv2suwRGBsaroyGc2zI+BLwr3/kyjTRBrYEa
+rayYOQ7BiqGMvycIPW114adiEuYeLGa2z4u4W+lpJIDq1x3oZte2CgbxquYxjGR
huIhgJg1ZjkJMTtOf0yhCgkgDAs9C9Uv6/GqPnokMn90bH/45REvnlAAmNU/iRfX
TTbHugkSsdYskOMEAwtCRxMZ1JAf0FXTXJUfHcoQKsGAcde71Rf5+gukxHUm/5yU
K5vuh4RGVQi81ewHiNRiPdL3EDS85hy11/s86UPFa87mFdDEdK73p3pB1IyO6a0X
Wi9rvXUd/MdPTiS/HB+3T1bHMUxA4EJxYIIjF5qE3BPJoofgjfErHHugXa8jZnNq
EqA1kj/GHYo=X7Ae
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce