Описание
ELSA-2025-22417: gimp:2.8 security update (IMPORTANT)
gimp [2:2.8.22-26.3]
- fix CVE-2025-10920
- fix CVE-2025-10921
- fix CVE-2025-10922
- fix CVE-2025-10923
- fix CVE-2025-10924
- fix CVE-2025-10925
- fix CVE-2025-10934
[2:2.8.22-26.2]
- fix CVE-2025-5473 (RHEL-95696)
[2:2.8.22-26.1]
- fix CVE-2025-48797 (RHEL-93503)
- fix CVE-2025-48798 (RHEL-93506)
[2:2.28.22-26]
- bump spec
[2:2.8.22-25]
- fix CVE-2023-44442
- fix CVE-2023-44444
- disable gimp-2.8.22-python-path.patch required for flatpak
- partially cherry-pick from upstream commit 2987f012 to fix fclose leak Resolves: RHEL-17048 RHEL-17060
[2:2.8.22-24]
- fallback to RPM gegl
[2:2.8.22-23]
- enforce gegl04
[2:2.8.22-22]
- change gegl requirement to gegl04
[2:2.8.22-21]
- set manual shebang in python files
[2:2.8.22-20]
- fix python path in source code
pygobject2 [2.28.7-5]
- bump spec to fix NVR
[2.28.7-4]
- update python macro to python2
[2.28.7-3]
- Add MIT license
[2.28.7-2.1]
- Fix python shebangs (#1580854)
[2.28.7-2]
[2.28.7-1]
- Update to 2.28.7
[2.28.6-19]
[2.28.6-18]
[2.28.6-17]
[2.28.6-16]
pygtk2 [2.24.0-25]
- Fix shebang mangling for _prefix=app (#1907579)
- disable numpy for flatpak (#1907579)
[2.24.0-24]
- remove libglade dependency and sub-package (#1622134)
[2.24.0-23.1]
- fix python2 regex in sed command
[2.24.0-23]
- resotre doc sub package
[2.24.0-22]
- fix python2 macros
[2.24.0-21.1]
- Fix python shebangs (#1580855)
[2.24.0-21]
[2.24.0-20]
- Try again to fix shebangs
[2.24.0-19]
- Fix shebangs
[2.24.0-18]
python2-pycairo [1.16.3-7]
- bump spec for NVR fix
[1.16.3-6]
- Rename pycairo to python2-pycairo (RCM-39388)
[1.16.3-5]
- Add python3 packages (RCM-39388)
- remove python3-test due its missing in build root
[1.16.3-4]
- Setup python2 stream branch for python2 binding of cairo library
[1.16.3-3]
- Remove the python2 subpackages https://bugzilla.redhat.com/show_bug.cgi?id=1590820
[1.16.3-2]
-
Allow Python 2 for build See: https://hurl.corp.redhat.com/rhel8-py2
-
Skip tests on Python 2 (python2-pytest is being removed)
[1.16.3-1]
- Update to 1.16.3
[1.16.1-1]
- Update to 1.16.1
[1.16.0-1]
- Update to 1.16.0
[1.15.6-1]
- Update to 1.15.6
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module gimp:2.8 is enabled
gimp
2.8.22-26.module+el8.10.0+90712+2a2d9b57.3
gimp-devel
2.8.22-26.module+el8.10.0+90712+2a2d9b57.3
gimp-devel-tools
2.8.22-26.module+el8.10.0+90712+2a2d9b57.3
gimp-libs
2.8.22-26.module+el8.10.0+90712+2a2d9b57.3
pygobject2
2.28.7-5.module+el8.10.0+90497+ae78887f
pygobject2-codegen
2.28.7-5.module+el8.10.0+90497+ae78887f
pygobject2-devel
2.28.7-5.module+el8.10.0+90497+ae78887f
pygobject2-doc
2.28.7-5.module+el8.10.0+90497+ae78887f
pygtk2
2.24.0-25.module+el8.9.0+90151+46a7e4b5
pygtk2-codegen
2.24.0-25.module+el8.9.0+90151+46a7e4b5
pygtk2-devel
2.24.0-25.module+el8.9.0+90151+46a7e4b5
pygtk2-doc
2.24.0-25.module+el8.9.0+90151+46a7e4b5
python2-cairo
1.16.3-7.module+el8.10.0+90497+ae78887f
python2-cairo-devel
1.16.3-7.module+el8.10.0+90497+ae78887f
Oracle Linux x86_64
Module gimp:2.8 is enabled
gimp
2.8.22-26.module+el8.10.0+90712+2a2d9b57.3
gimp-devel
2.8.22-26.module+el8.10.0+90712+2a2d9b57.3
gimp-devel-tools
2.8.22-26.module+el8.10.0+90712+2a2d9b57.3
gimp-libs
2.8.22-26.module+el8.10.0+90712+2a2d9b57.3
pygobject2
2.28.7-5.module+el8.10.0+90497+ae78887f
pygobject2-codegen
2.28.7-5.module+el8.10.0+90497+ae78887f
pygobject2-devel
2.28.7-5.module+el8.10.0+90497+ae78887f
pygobject2-doc
2.28.7-5.module+el8.10.0+90497+ae78887f
pygtk2
2.24.0-25.module+el8.9.0+90151+46a7e4b5
pygtk2-codegen
2.24.0-25.module+el8.9.0+90151+46a7e4b5
pygtk2-devel
2.24.0-25.module+el8.9.0+90151+46a7e4b5
pygtk2-doc
2.24.0-25.module+el8.9.0+90151+46a7e4b5
python2-cairo
1.16.3-7.module+el8.10.0+90497+ae78887f
python2-cairo-devel
1.16.3-7.module+el8.10.0+90497+ae78887f
Ссылки на источники
Связанные уязвимости
GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27684.
GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27684.