Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
219
security advisoryremote code executionimportantUbuntu 20.04 Krita Vulnerability Remote Command Execution ACE-2023-1122
Important: gimp:2.8 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:5113", "synopsis": "Important: gimp:2.8 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.pygtk2, module.python2-pycairo, python2-pycairo, pygobject2, module.pygobject2, module.gimp, gimp, pygtk2.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.\n\nSecurity Fix(es):\n\n* gimp: GIMP: Remote Code Execution via uninitialized memory in PGM file parsing (CVE-2026-2044)\n\n* gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing (CVE-2026-2045)\n\n* gimp: GIMP: Remote Code Execution via ICO File Parsing Vulnerability (CVE-2026-0797)\n\n* gimp: GIMP: Remote Code Execution via XWD file parsing vulnerability (CVE-2026-2048)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2441521", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2441521", "description": ""}, {"ticket": "2441522", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2441522", "description": ""}, {"ticket": "2441524", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2441524", "description": ""}, {"ticket": "2441527", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2441527", "description": ""}], "cves": [{"name":"CVE-2026-0797", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0797", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-2044", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-2044", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-908"}, {"name": "CVE-2026-2045", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-2045", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.3", "cwe": "CWE-787"}, {"name": "CVE-2026-2048", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-2048", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-787"}], "references": [], "publishedAt": "2026-03-19T18:01:30.215085Z", "rpms": {"Rocky Linux 8": {"nvras": ["gimp-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.aarch64.rpm", "gimp-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.aarch64.rpm", "gimp-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "gimp-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.aarch64.rpm", "gimp-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.x86_64.rpm", "gimp-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.x86_64.rpm", "gimp-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.x86_64.rpm", "gimp-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "gimp-debuginfo-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "gimp-debuginfo-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.x86_64.rpm", "gimp-debuginfo-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.x86_64.rpm", "gimp-debuginfo-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.x86_64.rpm", "gimp-debugsource-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.x86_64.rpm", "gimp-debugsource-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "gimp-debugsource-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.x86_64.rpm","gimp-debugsource-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.x86_64.rpm", "gimp-devel-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "gimp-devel-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.aarch64.rpm", "gimp-devel-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.aarch64.rpm", "gimp-devel-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.aarch64.rpm", "gimp-devel-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.x86_64.rpm", "gimp-devel-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.x86_64.rpm", "gimp-devel-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "gimp-devel-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.x86_64.rpm", "gimp-devel-tools-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.aarch64.rpm", "gimp-devel-tools-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "gimp-devel-tools-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.aarch64.rpm", "gimp-devel-tools-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.aarch64.rpm", "gimp-devel-tools-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "gimp-devel-tools-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.x86_64.rpm", "gimp-devel-tools-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.x86_64.rpm", "gimp-devel-tools-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.x86_64.rpm", "gimp-devel-tools-debuginfo-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.x86_64.rpm", "gimp-devel-tools-debuginfo-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "gimp-devel-tools-debuginfo-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.x86_64.rpm", "gimp-devel-tools-debuginfo-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.x86_64.rpm", "gimp-libs-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.aarch64.rpm", "gimp-libs-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.aarch64.rpm", "gimp-libs-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.aarch64.rpm", "gimp-libs-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "gimp-libs-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "gimp-libs-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.x86_64.rpm","gimp-libs-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.x86_64.rpm", "gimp-libs-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.x86_64.rpm", "gimp-libs-debuginfo-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "gimp-libs-debuginfo-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.x86_64.rpm", "gimp-libs-debuginfo-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.x86_64.rpm", "gimp-libs-debuginfo-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.x86_64.rpm", "gimp-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.aarch64.rpm", "gimp-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.src.rpm", "gimp-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.x86_64.rpm", "gimp-debuginfo-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.aarch64.rpm", "gimp-debuginfo-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.x86_64.rpm", "gimp-debugsource-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.aarch64.rpm", "gimp-debugsource-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.x86_64.rpm", "gimp-devel-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.aarch64.rpm", "gimp-devel-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.x86_64.rpm", "gimp-devel-tools-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.aarch64.rpm", "gimp-devel-tools-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.x86_64.rpm", "gimp-devel-tools-debuginfo-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.aarch64.rpm", "gimp-devel-tools-debuginfo-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.x86_64.rpm", "gimp-libs-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.aarch64.rpm", "gimp-libs-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.x86_64.rpm", "gimp-libs-debuginfo-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.aarch64.rpm", "gimp-libs-debuginfo-2:2.8.22-26.module+el8.10.0+40134+eab491b1.5.x86_64.rpm", "pygobject2-0:2.28.7-5.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "pygobject2-0:2.28.7-5.module+el8.10.0+1927+52edb5a0.src.rpm", "pygobject2-0:2.28.7-5.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "pygobject2-codegen-0:2.28.7-5.module+el8.10.0+1927+52edb5a0.aarch64.rpm","pygobject2-codegen-0:2.28.7-5.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "pygobject2-debuginfo-0:2.28.7-5.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "pygobject2-debuginfo-0:2.28.7-5.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "pygobject2-debugsource-0:2.28.7-5.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "pygobject2-debugsource-0:2.28.7-5.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "pygobject2-devel-0:2.28.7-5.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "pygobject2-devel-0:2.28.7-5.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "pygobject2-doc-0:2.28.7-5.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "pygobject2-doc-0:2.28.7-5.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "pygtk2-0:2.24.0-25.module+el8.9.0+1723+9bc93544.aarch64.rpm", "pygtk2-0:2.24.0-25.module+el8.9.0+1723+9bc93544.src.rpm", "pygtk2-0:2.24.0-25.module+el8.9.0+1723+9bc93544.x86_64.rpm", "pygtk2-codegen-0:2.24.0-25.module+el8.9.0+1723+9bc93544.aarch64.rpm", "pygtk2-codegen-0:2.24.0-25.module+el8.9.0+1723+9bc93544.x86_64.rpm", "pygtk2-debuginfo-0:2.24.0-25.module+el8.9.0+1723+9bc93544.aarch64.rpm", "pygtk2-debuginfo-0:2.24.0-25.module+el8.9.0+1723+9bc93544.x86_64.rpm", "pygtk2-debugsource-0:2.24.0-25.module+el8.9.0+1723+9bc93544.aarch64.rpm", "pygtk2-debugsource-0:2.24.0-25.module+el8.9.0+1723+9bc93544.x86_64.rpm", "pygtk2-devel-0:2.24.0-25.module+el8.9.0+1723+9bc93544.aarch64.rpm", "pygtk2-devel-0:2.24.0-25.module+el8.9.0+1723+9bc93544.x86_64.rpm", "pygtk2-doc-0:2.24.0-25.module+el8.9.0+1723+9bc93544.noarch.rpm", "python2-cairo-0:1.16.3-7.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "python2-cairo-0:1.16.3-7.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "python2-cairo-debuginfo-0:1.16.3-7.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "python2-cairo-debuginfo-0:1.16.3-7.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "python2-cairo-devel-0:1.16.3-7.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "python2-cairo-devel-0:1.16.3-7.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "python2-pycairo-0:1.16.3-7.module+el8.10.0+1927+52edb5a0.src.rpm","python2-pycairo-debugsource-0:1.16.3-7.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "python2-pycairo-debugsource-0:1.16.3-7.module+el8.10.0+1927+52edb5a0.x86_64.rpm", "gimp-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.src.rpm", "gimp-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.src.rpm", "gimp-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.src.rpm", "gimp-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.src.rpm", "gimp-debuginfo-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.aarch64.rpm", "gimp-debuginfo-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.aarch64.rpm", "gimp-debuginfo-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "gimp-debuginfo-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.aarch64.rpm", "gimp-debugsource-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.aarch64.rpm", "gimp-debugsource-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "gimp-debugsource-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.aarch64.rpm", "gimp-debugsource-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.aarch64.rpm", "gimp-devel-tools-debuginfo-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.aarch64.rpm", "gimp-devel-tools-debuginfo-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.aarch64.rpm", "gimp-devel-tools-debuginfo-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "gimp-devel-tools-debuginfo-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.aarch64.rpm", "gimp-libs-debuginfo-2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2.aarch64.rpm", "gimp-libs-debuginfo-2:2.8.22-26.module+el8.10.0+40033+6fd27379.3.aarch64.rpm", "gimp-libs-debuginfo-2:2.8.22-26.module+el8.10.0+1927+52edb5a0.aarch64.rpm", "gimp-libs-debuginfo-2:2.8.22-26.module+el8.10.0+40075+a21479b4.4.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important GIMP security update for Rocky Linux 8 addressing multiple remote code execution issues. Apply the patch promptly.. GIMP security update, Rocky Linux 8, remote code execution, security fix, image editing software. . Severity: Important. LinuxSecurity.com Team
Mar 19, 2026
•Important
Rocky Linux
89
security advisoryfedoraupdateFedora 40: gimp 2024-ccdbd92d7b critical: TGA and XCF file loading issues
This update fixes issues with loading TGA and XCF files.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-ccdbd92d7b 2025-01-09 02:31:17.828471+00:00 -------------------------------------------------------------------------------- Name : gimp Product : Fedora 40 Version : 2.10.38 Release : 12.fc40 URL : https://www.gimp.org/ Summary : GNU Image Manipulation Program Description : GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for web pages. GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. -------------------------------------------------------------------------------- Update Information: This update fixes issues with loading TGA and XCF files. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 31 2024 Nils Philippsen - 2:2.10.38-12 - Fix issues with TGA and XCF loaders (rhbz#2003465, patch by Andrzej Hunt) * Thu Jul 18 2024 Fedora Release Engineering - 2:2.10.38-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Wed Jun 12 2024 Nils Philippsen - 2:2.10.38-2 - Use SPDX license identifiers consistently -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-ccdbd92d7b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. Moredetails on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 09, 2025
•Critical
Fedora
89
security advisoryfedoraupdateFedora: Critical GIMP Security Update for Buffer Overflows
Security fix for CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787 CVE-2017-17788 CVE-2017-17789. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-ccef1ced42 2018-02-27 16:51:55.486389 --------------------------------------------------------------------------------Name : gimp Product : Fedora 26 Version : 2.8.22 Release : 3.fc26 URL : https://www.gimp.org/ Summary : GNU Image Manipulation Program Description : GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787 CVE-2017-17788 CVE-2017-17789 --------------------------------------------------------------------------------References: [ 1 ] Bug #1529147 - CVE-2017-17785 gimp: Heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c https://bugzilla.redhat.com/show_bug.cgi?id=1529147 [ 2 ] Bug #1529146 - CVE-2017-17789 gimp: Heap-based buffer overflow in read_channel_data function in plug-ins/common/file-psp.c https://bugzilla.redhat.com/show_bug.cgi?id=1529146 [ 3 ] Bug #1529145 - CVE-2017-17786 gimp: Heap-based buffer over-read in ReadImage function in plug-ins/common/file-tga.c https://bugzilla.redhat.com/show_bug.cgi?id=1529145 [ 4 ] Bug #1529144 - CVE-2017-17784 gimp: Heap-based buffer over-read in load_image function in plug-ins/common/file-gbr.c https://bugzilla.redhat.com/show_bug.cgi?id=1529144 [ 5 ] Bug #1529143 - CVE-2017-17787 gimp: Heap-based buffer over-read in read_creator_block function in plug-ins/common/file-psp.c https://bugzilla.redhat.com/show_bug.cgi?id=1529143 [ 6 ] Bug #1529141 - CVE-2017-17788 gimp: Stack-based buffer over-read in xcf_load_stream function in app/xcf/xcf.c https://bugzilla.redhat.com/show_bug.cgi?id=1529141 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade gimp' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Feb 27, 2018
•Critical
Fedora
200
security advisorymoderatesecurity updateScientific Linux: CVE-2011-2896 Moderate: Gimp Security Fix and Threats
Moderate: gimp security update. Date: Mon, 20 Aug 2012 10:45:45 -0500 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Moderate: gimp on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: gimp security update Issue Date: 2012-08-20 CVE Numbers: CVE-2011-2896 CVE-2012-3403 CVE-2012-3481 The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481) A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896) A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403) Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. SL6 x86_64 gimp-2.6.9-4.el6_3.3.x86_64.rpm gimp-help-browser-2.6.9-4.el6_3.3.x86_64.rpm gimp-libs-2.6.9-4.el6_3.3.x86_64.rpm gimp-devel-2.6.9-4.el6_3.3.i686.rpm gimp-devel-2.6.9-4.el6_3.3.x86_64.rpm gimp-devel-tools-2.6.9-4.el6_3.3.x86_64.rpm gimp-libs-2.6.9-4.el6_3.3.i686.rpm i386 gimp-2.6.9-4.el6_3.3.i686.rpm gimp-help-browser-2.6.9-4.el6_3.3.i686.rpm gimp-libs-2.6.9-4.el6_3.3.i686.rpm gimp-devel-2.6.9-4.el6_3.3.i686.rpm gimp-devel-tools-2.6.9-4.el6_3.3.i686.rpm - Scientific Linux Development Team . The recent GIMP security patch for Scientific Linux tackles various buffer overflow vulnerabilities. It's advisable to upgrade for enhanced protection.. Scientific Linux,GIMP,buffer overflow,security update,image manipulation. . LinuxSecurity.com Team
Aug 20, 2012
Scientific Linux
98
security advisorysecurity issueRed HatRed Hat Enterprise Linux: RHSA-2011-0838-01 Moderate: GIMP Buffer Overflow
Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gimp security update Advisory ID: RHSA-2011:0838-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0838.html Issue date: 2011-05-31 CVE Names: CVE-2009-1570 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-1178 ==================================================================== 1. Summary: Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178) A heap-based buffer overflow flaw was found in theGIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543) A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542) Red Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting the CVE-2009-1570 flaw. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 537356 - CVE-2009-1570 Gimp: Integer overflow in the BMP image file plugin 666793 - CVE-2010-4540 Gimp: Stack-based buffer overflow in Lighting plug-in 689831 - CVE-2011-1178 Gimp: Integer overflow in the PCX image file plug-in 703403 - CVE-2010-4541 Gimp: Stack-based buffer overflow in SphereDesigner plug-in 703405 - CVE-2010-4542 Gimp: Stack-based buffer overflow in Gfig plug-in 703407 - CVE-2010-4543 Gimp: Heap-based buffer overflow in Paint Shop Pro (PSP) plug-in 6. Package List: Red Hat Enterprise Linux Desktop (v. 5client): Source: i386: gimp-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm x86_64: gimp-2.2.13-2.0.7.el5_6.2.x86_64.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.x86_64.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm x86_64: gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.x86_64.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: gimp-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm ia64: gimp-2.2.13-2.0.7.el5_6.2.ia64.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.ia64.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.ia64.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.ia64.rpm ppc: gimp-2.2.13-2.0.7.el5_6.2.ppc.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.ppc.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.ppc64.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.ppc.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.ppc64.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.ppc.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.ppc64.rpm s390x: gimp-2.2.13-2.0.7.el5_6.2.s390x.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.s390.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.s390x.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.s390.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.s390x.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.s390.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.s390x.rpm x86_64: gimp-2.2.13-2.0.7.el5_6.2.x86_64.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.x86_64.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.x86_64.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2009-1570 https://access.redhat.com/security/cve/CVE-2010-4540 https://access.redhat.com/security/cve/CVE-2010-4541 https://access.redhat.com/security/cve/CVE-2010-4542 https://access.redhat.com/security/cve/CVE-2010-4543 https://access.redhat.com/security/cve/CVE-2011-1178 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN5QOSXlSAg2UNWIIRAnUBAJwNkWQUNNqRGrhzVzl3EmPXtFWeEgCgqTYL HbbrB7YVDo9kH+o2CbMMcOE=DH9S -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
May 31, 2011
Red Hat
89
security advisorycritical updateimage editingFedora Core 3 Advisory: GIMP-2.2.6-0.fc3.2 Critical Update
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-349 2005-04-30 ---------------------------------------------------------------------Product : Fedora Core 3 Name : gimp Version : 2.2.6 Release : 0.fc3.2 Summary : The GNU Image Manipulation Program Description : The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. The GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. The GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. ---------------------------------------------------------------------* Wed Apr 27 2005 Jeremy Katz - 2:2.2.6-0.fc3.2 - silence %post * Mon Apr 11 2005 Nils Philippsen - version 2.2.6 * Tue Mar 29 2005 Nils Philippsen - revert gtk requirement change * Mon Mar 28 2005 Matthias Clasen - Rebuild against newer libexif * Mon Mar 28 2005 Christopher Aillon - rebuilt * Fri Mar 25 2005 Christopher Aillon - Update the GTK+ theme icon cache on (un)install * Tue Mar 22 2005 Nils Philippsen - install convenience symlinks for man pages * Fri Mar 11 2005 Nils Philippsen - don't refer to freefonts and sharefonts in %description ---------------------------------------------------------------------This update can be downloaded from: c2731e858ac2a14e6ac326ac7710178c SRPMS/gimp-2.2.6-0.fc3.2.src.rpm 42f2ac543515f4cd765b767c92c02808 x86_64/gimp-2.2.6-0.fc3.2.x86_64.rpm 269d4b543f0228cad99ef0ab7226c514 x86_64/gimp-devel-2.2.6-0.fc3.2.x86_64.rpm 35ef6c591b5b33e96896f3879234ffb9 x86_64/debug/gimp-debuginfo-2.2.6-0.fc3.2.x86_64.rpm 2c79c1e294c4b6ad76e37b06cc4a48e5 i386/gimp-2.2.6-0.fc3.2.i386.rpm 6518cbb6a638145c43e952a4c841d7c1 i386/gimp-devel-2.2.6-0.fc3.2.i386.rpm 41e53c71830b2c6db46b43af99e237e5 i386/debug/gimp-debuginfo-2.2.6-0.fc3.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Apr 30, 2005
•Critical
Fedora
89
security advisoryGIMP updateFedora Core 3Fedora Core 3: GIMP 2.2.3 Update Moderate: Image Editing Tools Enhancement
The GIMP includes a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. The GIMP FTP site has a package of fonts that you can install by yourself, which includes all the fonts needed to run the included scripts. Some of the fonts have unusual licensing requirements; all the licenses are documented in the package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-097 2005-02-01 ---------------------------------------------------------------------Product : Fedora Core 3 Name : gimp Version : 2.2.3 Release : 0.fc3.2 Summary : The GNU Image Manipulation Program Description : The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. The GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. The GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The GIMP includes a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. The GIMP FTP site has a package of fonts that you can install by yourself, which includes all the fonts needed to run the included scripts. Some of the fonts have unusual licensing requirements; all the licenses are documented in the package. Get and if you are so inclined. Alternatively, choose fonts which exist on your system before running the scripts. ---------------------------------------------------------------------* Sat Jan 29 2005 Nils Philippsen - make desktop icon themeable (#146486) * Mon Jan 24 2005 Nils Philippsen - version 2.2.3 - remove exifmarkerlength patch (improved version appliedupstream) ---------------------------------------------------------------------This update can be downloaded from: e78619b2307e027d56c29e13780f86fb SRPMS/gimp-2.2.3-0.fc3.2.src.rpm b5f9a7adedfa8eb5dc5a1de6be5153cc x86_64/gimp-2.2.3-0.fc3.2.x86_64.rpm a601f560dd838635a3128efd3bb12151 x86_64/gimp-devel-2.2.3-0.fc3.2.x86_64.rpm 4729c84de4ab8bfb1d3c91b14cc44370 x86_64/debug/gimp-debuginfo-2.2.3-0.fc3.2.x86_64.rpm 5a811a7301dd8121c6c21e152a4d635c i386/gimp-2.2.3-0.fc3.2.i386.rpm 1428e08e4baadd2081df1956be73cc24 i386/gimp-devel-2.2.3-0.fc3.2.i386.rpm c1f9f3edfa4bed075509db859c978f4e i386/debug/gimp-debuginfo-2.2.3-0.fc3.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- --=20 Nils Philippsen / Red Hat /
Feb 01, 2005
Fedora
89
security advisorysoftware patchFedora Core 3Fedora Core 3 gimp-2.2.2-0.fc3.3 Moderate: Thumbnail Quality Fix
clip thumbnail quality at 75 and don't barf on saving images at quality 0. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-036 2005-01-18 ---------------------------------------------------------------------Product : Fedora Core 3 Name : gimp Version : 2.2.2 Release : 0.fc3.3 Summary : The GNU Image Manipulation Program Description : The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. The GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. The GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The GIMP includes a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. The GIMP FTP site has a package of fonts that you can install by yourself, which includes all the fonts needed to run the included scripts. Some of the fonts have unusual licensing requirements; all the licenses are documented in the package. Get and if you are so inclined. Alternatively, choose fonts which exist on your system before running the scripts. ---------------------------------------------------------------------* Mon Jan 17 2005 Nils Philippsen - clip thumbnail quality at 75 and don't barf on saving images at quality 0 (fix patch for #145100) ---------------------------------------------------------------------This update can be downloaded from: 3e1bcfae5685d5478415de5d0b801396 SRPMS/gimp-2.2.2-0.fc3.3.src.rpm c6ed2dafe080b1a9d9323c3ea9d7839f x86_64/gimp-2.2.2-0.fc3.3.x86_64.rpm cd6ab8668a256a87d2117c484c16c43e x86_64/gimp-devel-2.2.2-0.fc3.3.x86_64.rpm 42cd485f50175bb932b87dccaa723b1e x86_64/debug/gimp-debuginfo-2.2.2-0.fc3.3.x86_64.rpm 136e884ea4a22033f5467bd43b269ccc i386/gimp-2.2.2-0.fc3.3.i386.rpm 2896f30596fb47e68d641c6159ea673d i386/gimp-devel-2.2.2-0.fc3.3.i386.rpm e7796e64806735e8d8eb7ba9829fc997 i386/debug/gimp-debuginfo-2.2.2-0.fc3.3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------=20 Nils Philippsen / Red Hat /
Jan 18, 2005
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!