Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-9501 http://linux.oracle.com/errata/ELSA-2025-9501.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: gimp-2.8.22-1.0.3.el7.x86_64.rpm gimp-devel-2.8.22-1.0.3.el7.i686.rpm gimp-devel-2.8.22-1.0.3.el7.x86_64.rpm gimp-devel-tools-2.8.22-1.0.3.el7.x86_64.rpm gimp-libs-2.8.22-1.0.3.el7.i686.rpm gimp-libs-2.8.22-1.0.3.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/gimp-2.8.22-1.0.3.el7.src.rpm Related CVEs: CVE-2025-5473 CVE-2025-48797 CVE-2025-48798 Description of changes: [2:2.8.22-1.0.3] - Fixes CVE-2025-5473 (GIMP ICO File Parsing Integer Overflow) [Orabug: 38110877] - Fixes CVE-2025-48797 (Multiple heap buffer overflows in TGA parser) - Fixes CVE-2025-48798 (Multiple use after free in XCF parser) _______________________________________________ El-errata mailing list
An update that solves two vulnerabilities can now be installed.. # Security update for gimp Announcement ID: SUSE-SU-2025:02164-1 Release Date: 2025-06-30T07:13:42Z Rating: important References: * bsc#1243711 * bsc#1243712 Cross-References: * CVE-2025-48797 * CVE-2025-48798 CVSS scores: * CVE-2025-48797 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-48797 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-48798 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-48798 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for gimp fixes the following issues: * CVE-2025-48797: Fixed two buffer over-reads and one heap-based buffer overflow in its TGA parser (bsc#1243711). * CVE-2025-48798: Fixed two use-after-free bugs and one double free bug in its XCF parser (bsc#1243712). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-2164=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2164=1 * SUSE Package Hub 15 15-SP6 zypper in -t patchSUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2164=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2164=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-2164=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-2164=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libgimpui-2_0-0-2.10.30-150400.3.20.1 * gimp-2.10.30-150400.3.20.1 * gimp-debugsource-2.10.30-150400.3.20.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-debuginfo-2.10.30-150400.3.20.1 * gimp-devel-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-2.10.30-150400.3.20.1 * gimp-devel-2.10.30-150400.3.20.1 * gimp-plugin-aa-2.10.30-150400.3.20.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.20.1 * openSUSE Leap 15.4 (noarch) * gimp-lang-2.10.30-150400.3.20.1 * openSUSE Leap 15.4 (x86_64) * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.20.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.20.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.20.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgimp-2_0-0-64bit-2.10.30-150400.3.20.1 * libgimpui-2_0-0-64bit-2.10.30-150400.3.20.1 * libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.20.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libgimpui-2_0-0-2.10.30-150400.3.20.1 * gimp-2.10.30-150400.3.20.1 * gimp-debugsource-2.10.30-150400.3.20.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-debuginfo-2.10.30-150400.3.20.1 * gimp-devel-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-2.10.30-150400.3.20.1 * gimp-devel-2.10.30-150400.3.20.1 * gimp-plugin-aa-2.10.30-150400.3.20.1 *libgimpui-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.20.1 * openSUSE Leap 15.6 (noarch) * gimp-lang-2.10.30-150400.3.20.1 * openSUSE Leap 15.6 (x86_64) * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.20.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.20.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.20.1 * SUSE Package Hub 15 15-SP6 (aarch64) * gimp-2.10.30-150400.3.20.1 * gimp-devel-debuginfo-2.10.30-150400.3.20.1 * gimp-devel-2.10.30-150400.3.20.1 * gimp-plugin-aa-2.10.30-150400.3.20.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.20.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * libgimpui-2_0-0-2.10.30-150400.3.20.1 * gimp-debugsource-2.10.30-150400.3.20.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-2.10.30-150400.3.20.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.20.1 * SUSE Package Hub 15 15-SP6 (noarch) * gimp-lang-2.10.30-150400.3.20.1 * SUSE Package Hub 15 15-SP7 (aarch64) * gimp-2.10.30-150400.3.20.1 * gimp-devel-debuginfo-2.10.30-150400.3.20.1 * gimp-devel-2.10.30-150400.3.20.1 * gimp-plugin-aa-2.10.30-150400.3.20.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.20.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libgimpui-2_0-0-2.10.30-150400.3.20.1 * gimp-debugsource-2.10.30-150400.3.20.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-2.10.30-150400.3.20.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.20.1 * SUSE Package Hub 15 15-SP7 (noarch) * gimp-lang-2.10.30-150400.3.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * libgimpui-2_0-0-2.10.30-150400.3.20.1 * gimp-2.10.30-150400.3.20.1 * gimp-debugsource-2.10.30-150400.3.20.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-debuginfo-2.10.30-150400.3.20.1 *gimp-devel-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-2.10.30-150400.3.20.1 * gimp-devel-2.10.30-150400.3.20.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (noarch) * gimp-lang-2.10.30-150400.3.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libgimpui-2_0-0-2.10.30-150400.3.20.1 * gimp-2.10.30-150400.3.20.1 * gimp-debugsource-2.10.30-150400.3.20.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-debuginfo-2.10.30-150400.3.20.1 * gimp-devel-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-2.10.30-150400.3.20.1 * gimp-devel-2.10.30-150400.3.20.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gimp-lang-2.10.30-150400.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2025-48797.html * https://www.suse.com/security/cve/CVE-2025-48798.html * https://bugzilla.suse.com/show_bug.cgi?id=1243711 * https://bugzilla.suse.com/show_bug.cgi?id=1243712 . Recent updates target critical vulnerabilities in GIMP for openSUSE, focusing on buffer overflow and use-after-free errors to boost security and stability. gimp security, openSUSE updates, software vulnerabilities. . Severity: Important. LinuxSecurity.com Team
* bsc#1243711 * bsc#1243712 Cross-References: * CVE-2025-48797 . # Security update for gimp Announcement ID: SUSE-SU-2025:02164-1 Release Date: 2025-06-30T07:13:42Z Rating: important References: * bsc#1243711 * bsc#1243712 Cross-References: * CVE-2025-48797 * CVE-2025-48798 CVSS scores: * CVE-2025-48797 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-48797 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-48798 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-48798 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for gimp fixes the following issues: * CVE-2025-48797: Fixed two buffer over-reads and one heap-based buffer overflow in its TGA parser (bsc#1243711). * CVE-2025-48798: Fixed two use-after-free bugs and one double free bug in its XCF parser (bsc#1243712). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-2164=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2164=1 * SUSE Package Hub 15 15-SP6 zypper in -t patchSUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2164=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2164=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-2164=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-2164=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libgimpui-2_0-0-2.10.30-150400.3.20.1 * gimp-2.10.30-150400.3.20.1 * gimp-debugsource-2.10.30-150400.3.20.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-debuginfo-2.10.30-150400.3.20.1 * gimp-devel-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-2.10.30-150400.3.20.1 * gimp-devel-2.10.30-150400.3.20.1 * gimp-plugin-aa-2.10.30-150400.3.20.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.20.1 * openSUSE Leap 15.4 (noarch) * gimp-lang-2.10.30-150400.3.20.1 * openSUSE Leap 15.4 (x86_64) * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.20.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.20.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.20.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgimp-2_0-0-64bit-2.10.30-150400.3.20.1 * libgimpui-2_0-0-64bit-2.10.30-150400.3.20.1 * libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.20.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libgimpui-2_0-0-2.10.30-150400.3.20.1 * gimp-2.10.30-150400.3.20.1 * gimp-debugsource-2.10.30-150400.3.20.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-debuginfo-2.10.30-150400.3.20.1 * gimp-devel-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-2.10.30-150400.3.20.1 * gimp-devel-2.10.30-150400.3.20.1 * gimp-plugin-aa-2.10.30-150400.3.20.1 *libgimpui-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.20.1 * openSUSE Leap 15.6 (noarch) * gimp-lang-2.10.30-150400.3.20.1 * openSUSE Leap 15.6 (x86_64) * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.20.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.20.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.20.1 * SUSE Package Hub 15 15-SP6 (aarch64) * gimp-2.10.30-150400.3.20.1 * gimp-devel-debuginfo-2.10.30-150400.3.20.1 * gimp-devel-2.10.30-150400.3.20.1 * gimp-plugin-aa-2.10.30-150400.3.20.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.20.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * libgimpui-2_0-0-2.10.30-150400.3.20.1 * gimp-debugsource-2.10.30-150400.3.20.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-2.10.30-150400.3.20.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.20.1 * SUSE Package Hub 15 15-SP6 (noarch) * gimp-lang-2.10.30-150400.3.20.1 * SUSE Package Hub 15 15-SP7 (aarch64) * gimp-2.10.30-150400.3.20.1 * gimp-devel-debuginfo-2.10.30-150400.3.20.1 * gimp-devel-2.10.30-150400.3.20.1 * gimp-plugin-aa-2.10.30-150400.3.20.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.20.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libgimpui-2_0-0-2.10.30-150400.3.20.1 * gimp-debugsource-2.10.30-150400.3.20.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-2.10.30-150400.3.20.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.20.1 * SUSE Package Hub 15 15-SP7 (noarch) * gimp-lang-2.10.30-150400.3.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * libgimpui-2_0-0-2.10.30-150400.3.20.1 * gimp-2.10.30-150400.3.20.1 * gimp-debugsource-2.10.30-150400.3.20.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-debuginfo-2.10.30-150400.3.20.1 *gimp-devel-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-2.10.30-150400.3.20.1 * gimp-devel-2.10.30-150400.3.20.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (noarch) * gimp-lang-2.10.30-150400.3.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libgimpui-2_0-0-2.10.30-150400.3.20.1 * gimp-2.10.30-150400.3.20.1 * gimp-debugsource-2.10.30-150400.3.20.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.20.1 * gimp-debuginfo-2.10.30-150400.3.20.1 * gimp-devel-debuginfo-2.10.30-150400.3.20.1 * libgimp-2_0-0-2.10.30-150400.3.20.1 * gimp-devel-2.10.30-150400.3.20.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gimp-lang-2.10.30-150400.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2025-48797.html * https://www.suse.com/security/cve/CVE-2025-48798.html * https://bugzilla.suse.com/show_bug.cgi?id=1243711 * https://bugzilla.suse.com/show_bug.cgi?id=1243712 . The latest update from SUSE for GIMP addresses several critical bugs, correcting problems such as heap overflow vulnerabilities and buffer over-read security flaws.. gimp security update, SUSE Linux patch, buffer overflow fix. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for gimp Announcement ID: SUSE-SU-2025:02100-1 Release Date: 2025-06-25T06:03:19Z Rating: important References: * bsc#1244058 Cross-References: * CVE-2025-5473 CVSS scores: * CVE-2025-5473 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-5473 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-5473 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gimp fixes the following issues: * CVE-2025-5473: Fix exceed the maximum allowed size (bsc#1244058). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-2100=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2100=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2100=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2100=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patchSUSE-SLE-Product-WE-15-SP6-2025-2100=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-2100=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gimp-debuginfo-2.10.30-150400.3.17.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.17.1 * gimp-devel-debuginfo-2.10.30-150400.3.17.1 * gimp-plugin-aa-2.10.30-150400.3.17.1 * libgimpui-2_0-0-2.10.30-150400.3.17.1 * gimp-2.10.30-150400.3.17.1 * libgimp-2_0-0-2.10.30-150400.3.17.1 * gimp-debugsource-2.10.30-150400.3.17.1 * gimp-devel-2.10.30-150400.3.17.1 * openSUSE Leap 15.4 (noarch) * gimp-lang-2.10.30-150400.3.17.1 * openSUSE Leap 15.4 (x86_64) * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.17.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.17.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-64bit-2.10.30-150400.3.17.1 * libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-64bit-2.10.30-150400.3.17.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * gimp-debuginfo-2.10.30-150400.3.17.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.17.1 * gimp-devel-debuginfo-2.10.30-150400.3.17.1 * gimp-plugin-aa-2.10.30-150400.3.17.1 * libgimpui-2_0-0-2.10.30-150400.3.17.1 * gimp-2.10.30-150400.3.17.1 * libgimp-2_0-0-2.10.30-150400.3.17.1 * gimp-debugsource-2.10.30-150400.3.17.1 * gimp-devel-2.10.30-150400.3.17.1 * openSUSE Leap 15.6 (noarch) * gimp-lang-2.10.30-150400.3.17.1 * openSUSE Leap 15.6 (x86_64) * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.17.1 *libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.17.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.17.1 * SUSE Package Hub 15 15-SP6 (aarch64) * gimp-plugin-aa-debuginfo-2.10.30-150400.3.17.1 * gimp-devel-debuginfo-2.10.30-150400.3.17.1 * gimp-plugin-aa-2.10.30-150400.3.17.1 * gimp-2.10.30-150400.3.17.1 * gimp-devel-2.10.30-150400.3.17.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * gimp-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-2.10.30-150400.3.17.1 * libgimp-2_0-0-2.10.30-150400.3.17.1 * gimp-debugsource-2.10.30-150400.3.17.1 * SUSE Package Hub 15 15-SP6 (noarch) * gimp-lang-2.10.30-150400.3.17.1 * SUSE Package Hub 15 15-SP7 (aarch64) * gimp-plugin-aa-debuginfo-2.10.30-150400.3.17.1 * gimp-devel-debuginfo-2.10.30-150400.3.17.1 * gimp-plugin-aa-2.10.30-150400.3.17.1 * gimp-2.10.30-150400.3.17.1 * gimp-devel-2.10.30-150400.3.17.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * gimp-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-2.10.30-150400.3.17.1 * libgimp-2_0-0-2.10.30-150400.3.17.1 * gimp-debugsource-2.10.30-150400.3.17.1 * SUSE Package Hub 15 15-SP7 (noarch) * gimp-lang-2.10.30-150400.3.17.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * gimp-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.17.1 * gimp-devel-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-2.10.30-150400.3.17.1 * gimp-2.10.30-150400.3.17.1 * libgimp-2_0-0-2.10.30-150400.3.17.1 * gimp-debugsource-2.10.30-150400.3.17.1 * gimp-devel-2.10.30-150400.3.17.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (noarch) *gimp-lang-2.10.30-150400.3.17.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * gimp-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.17.1 * gimp-devel-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-2.10.30-150400.3.17.1 * gimp-2.10.30-150400.3.17.1 * libgimp-2_0-0-2.10.30-150400.3.17.1 * gimp-debugsource-2.10.30-150400.3.17.1 * gimp-devel-2.10.30-150400.3.17.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gimp-lang-2.10.30-150400.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2025-5473.html * https://bugzilla.suse.com/show_bug.cgi?id=1244058 . This advisory provides a crucial security update for GIMP regarding CVE-2025-5473 and includes essential patch instructions.. GIMP security, openSUSE update, important patches, GIMP advisory. . Severity: Important. LinuxSecurity.com Team
* bsc#1244058 Cross-References: * CVE-2025-5473 . # Security update for gimp Announcement ID: SUSE-SU-2025:02100-1 Release Date: 2025-06-25T06:03:19Z Rating: important References: * bsc#1244058 Cross-References: * CVE-2025-5473 CVSS scores: * CVE-2025-5473 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-5473 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-5473 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gimp fixes the following issues: * CVE-2025-5473: Fix exceed the maximum allowed size (bsc#1244058). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-2100=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2100=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2100=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2100=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-2100=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-2100=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gimp-debuginfo-2.10.30-150400.3.17.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.17.1 * gimp-devel-debuginfo-2.10.30-150400.3.17.1 * gimp-plugin-aa-2.10.30-150400.3.17.1 * libgimpui-2_0-0-2.10.30-150400.3.17.1 * gimp-2.10.30-150400.3.17.1 * libgimp-2_0-0-2.10.30-150400.3.17.1 * gimp-debugsource-2.10.30-150400.3.17.1 * gimp-devel-2.10.30-150400.3.17.1 * openSUSE Leap 15.4 (noarch) * gimp-lang-2.10.30-150400.3.17.1 * openSUSE Leap 15.4 (x86_64) * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.17.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.17.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-64bit-2.10.30-150400.3.17.1 * libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-64bit-2.10.30-150400.3.17.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * gimp-debuginfo-2.10.30-150400.3.17.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.17.1 * gimp-devel-debuginfo-2.10.30-150400.3.17.1 * gimp-plugin-aa-2.10.30-150400.3.17.1 * libgimpui-2_0-0-2.10.30-150400.3.17.1 * gimp-2.10.30-150400.3.17.1 * libgimp-2_0-0-2.10.30-150400.3.17.1 * gimp-debugsource-2.10.30-150400.3.17.1 * gimp-devel-2.10.30-150400.3.17.1 * openSUSE Leap 15.6 (noarch) * gimp-lang-2.10.30-150400.3.17.1 * openSUSE Leap 15.6 (x86_64) * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.17.1 *libgimp-2_0-0-32bit-2.10.30-150400.3.17.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.17.1 * SUSE Package Hub 15 15-SP6 (aarch64) * gimp-plugin-aa-debuginfo-2.10.30-150400.3.17.1 * gimp-devel-debuginfo-2.10.30-150400.3.17.1 * gimp-plugin-aa-2.10.30-150400.3.17.1 * gimp-2.10.30-150400.3.17.1 * gimp-devel-2.10.30-150400.3.17.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * gimp-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-2.10.30-150400.3.17.1 * libgimp-2_0-0-2.10.30-150400.3.17.1 * gimp-debugsource-2.10.30-150400.3.17.1 * SUSE Package Hub 15 15-SP6 (noarch) * gimp-lang-2.10.30-150400.3.17.1 * SUSE Package Hub 15 15-SP7 (aarch64) * gimp-plugin-aa-debuginfo-2.10.30-150400.3.17.1 * gimp-devel-debuginfo-2.10.30-150400.3.17.1 * gimp-plugin-aa-2.10.30-150400.3.17.1 * gimp-2.10.30-150400.3.17.1 * gimp-devel-2.10.30-150400.3.17.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * gimp-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-2.10.30-150400.3.17.1 * libgimp-2_0-0-2.10.30-150400.3.17.1 * gimp-debugsource-2.10.30-150400.3.17.1 * SUSE Package Hub 15 15-SP7 (noarch) * gimp-lang-2.10.30-150400.3.17.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * gimp-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.17.1 * gimp-devel-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-2.10.30-150400.3.17.1 * gimp-2.10.30-150400.3.17.1 * libgimp-2_0-0-2.10.30-150400.3.17.1 * gimp-debugsource-2.10.30-150400.3.17.1 * gimp-devel-2.10.30-150400.3.17.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (noarch) * gimp-lang-2.10.30-150400.3.17.1 * SUSE Linux Enterprise WorkstationExtension 15 SP7 (x86_64) * gimp-debuginfo-2.10.30-150400.3.17.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.17.1 * gimp-devel-debuginfo-2.10.30-150400.3.17.1 * libgimpui-2_0-0-2.10.30-150400.3.17.1 * gimp-2.10.30-150400.3.17.1 * libgimp-2_0-0-2.10.30-150400.3.17.1 * gimp-debugsource-2.10.30-150400.3.17.1 * gimp-devel-2.10.30-150400.3.17.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gimp-lang-2.10.30-150400.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2025-5473.html * https://bugzilla.suse.com/show_bug.cgi?id=1244058 . Critical security advisory impacting GIMP on SUSE, important vulnerability fix for max file size issue. Install updates now!. SUSE security advisory,gimp update,vulnerability fix,openSUSE patch. . Severity: Critical. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-9165 http://linux.oracle.com/errata/ELSA-2025-9165.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: gimp-2.8.22-26.module+el8.10.0+90619+7a8fb7fd.2.x86_64.rpm gimp-devel-2.8.22-26.module+el8.10.0+90619+7a8fb7fd.2.x86_64.rpm gimp-devel-tools-2.8.22-26.module+el8.10.0+90619+7a8fb7fd.2.x86_64.rpm gimp-libs-2.8.22-26.module+el8.10.0+90619+7a8fb7fd.2.x86_64.rpm pygobject2-2.28.7-5.module+el8.10.0+90497+ae78887f.x86_64.rpm pygobject2-codegen-2.28.7-5.module+el8.10.0+90497+ae78887f.x86_64.rpm pygobject2-devel-2.28.7-5.module+el8.10.0+90497+ae78887f.x86_64.rpm pygobject2-doc-2.28.7-5.module+el8.10.0+90497+ae78887f.x86_64.rpm pygtk2-2.24.0-25.module+el8.9.0+90151+46a7e4b5.x86_64.rpm pygtk2-codegen-2.24.0-25.module+el8.9.0+90151+46a7e4b5.x86_64.rpm pygtk2-devel-2.24.0-25.module+el8.9.0+90151+46a7e4b5.x86_64.rpm pygtk2-doc-2.24.0-25.module+el8.9.0+90151+46a7e4b5.noarch.rpm python2-cairo-1.16.3-7.module+el8.10.0+90497+ae78887f.x86_64.rpm python2-cairo-devel-1.16.3-7.module+el8.10.0+90497+ae78887f.x86_64.rpm aarch64: gimp-2.8.22-26.module+el8.10.0+90619+7a8fb7fd.2.aarch64.rpm gimp-devel-2.8.22-26.module+el8.10.0+90619+7a8fb7fd.2.aarch64.rpm gimp-devel-tools-2.8.22-26.module+el8.10.0+90619+7a8fb7fd.2.aarch64.rpm gimp-libs-2.8.22-26.module+el8.10.0+90619+7a8fb7fd.2.aarch64.rpm pygobject2-2.28.7-5.module+el8.10.0+90497+ae78887f.aarch64.rpm pygobject2-codegen-2.28.7-5.module+el8.10.0+90497+ae78887f.aarch64.rpm pygobject2-devel-2.28.7-5.module+el8.10.0+90497+ae78887f.aarch64.rpm pygobject2-doc-2.28.7-5.module+el8.10.0+90497+ae78887f.aarch64.rpm pygtk2-2.24.0-25.module+el8.9.0+90151+46a7e4b5.aarch64.rpm pygtk2-codegen-2.24.0-25.module+el8.9.0+90151+46a7e4b5.aarch64.rpm pygtk2-devel-2.24.0-25.module+el8.9.0+90151+46a7e4b5.aarch64.rpm pygtk2-doc-2.24.0-25.module+el8.9.0+90151+46a7e4b5.noarch.rpm python2-cairo-1.16.3-7.module+el8.10.0+90497+ae78887f.aarch64.rpm python2-cairo-devel-1.16.3-7.module+el8.10.0+90497+ae78887f.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//gimp-2.8.22-26.module+el8.10.0+90619+7a8fb7fd.2.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//pygobject2-2.28.7-5.module+el8.10.0+90497+ae78887f.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//pygtk2-2.24.0-25.module+el8.9.0+90151+46a7e4b5.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python2-pycairo-1.16.3-7.module+el8.10.0+90497+ae78887f.src.rpm Related CVEs: CVE-2025-5473 CVE-2025-48797 CVE-2025-48798 Description of changes: gimp [2:2.8.22-26.2] - fix CVE-2025-5473 (RHEL-95696) [2:2.8.22-26.1] - fix CVE-2025-48797 (RHEL-93503) - fix CVE-2025-48798 (RHEL-93506) pygobject2 [2.28.7-5] - bump spec to fix NVR pygtk2 [2.24.0-25] - Fix shebang mangling for _prefix=app (#1907579) - disable numpy for flatpak (#1907579) python2-pycairo [1.16.3-7] - bump spec for NVR fix _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-9162 http://linux.oracle.com/errata/ELSA-2025-9162.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: gimp-2.99.8-4.el9_6.2.x86_64.rpm gimp-libs-2.99.8-4.el9_6.2.i686.rpm gimp-libs-2.99.8-4.el9_6.2.x86_64.rpm aarch64: gimp-2.99.8-4.el9_6.2.aarch64.rpm gimp-libs-2.99.8-4.el9_6.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//gimp-2.99.8-4.el9_6.2.src.rpm Related CVEs: CVE-2025-5473 CVE-2025-48797 CVE-2025-48798 Description of changes: [2:2.99.8-4.2] - fix CVE-2025-5473 (RHEL-95700) [2:2.99.8-4.1] - fix CVE-2025-48797 (RHEL-93521) - fix CVE-2025-48798 (RHEL-93522) _______________________________________________ El-errata mailing list
Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed XCF, TGA, DDS, FLI or ICO files are opened. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5939-1
Get the latest Linux and open source security news straight to your inbox.