An update for gimp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1488 Final 1.0 1.0 2022-01-14 Initial 2022-01-14 2022-01-14 openEuler SA Tool V1.0 2022-01-14 gimp security update An update for gimp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. GIMP is a cross-platform image editor available for GNU/Linux, OS X, Windows and more operating systems. It is free software, you can change its source code and distribute your changes. Whether you are a graphic designer, photographer, illustrator, or scientist, GIMP provides you with sophisticated tools to get your job done. You can further enhance your productivity with GIMP thanks to many customization options and 3rd party plugins. Security Fix(es): GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load.(CVE-2021-45463) An update for gimp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High gimp https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1488 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-45463 https://nvd.nist.gov/vuln/detail/CVE-2021-45463 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 gimp-libs-2.10.6-10.oe1.aarch64.rpm gimp-devel-2.10.6-10.oe1.aarch64.rpm gimp-2.10.6-10.oe1.aarch64.rpm gimp-debuginfo-2.10.6-10.oe1.aarch64.rpm gimp-debugsource-2.10.6-10.oe1.aarch64.rpm gimp-help-2.10.6-10.oe1.aarch64.rpm gimp-libs-2.10.6-9.oe1.aarch64.rpm gimp-help-2.10.6-9.oe1.aarch64.rpm gimp-devel-2.10.6-9.oe1.aarch64.rpm gimp-debugsource-2.10.6-9.oe1.aarch64.rpm gimp-2.10.6-9.oe1.aarch64.rpm gimp-debuginfo-2.10.6-9.oe1.aarch64.rpm gimp-devel-2.10.6-9.oe1.aarch64.rpm gimp-libs-2.10.6-9.oe1.aarch64.rpm gimp-debuginfo-2.10.6-9.oe1.aarch64.rpm gimp-2.10.6-9.oe1.aarch64.rpm gimp-debugsource-2.10.6-9.oe1.aarch64.rpm gimp-help-2.10.6-9.oe1.aarch64.rpm gimp-2.10.6-10.oe1.src.rpm gimp-2.10.6-9.oe1.src.rpm gimp-2.10.6-9.oe1.src.rpm gimp-2.10.6-10.oe1.x86_64.rpm gimp-debugsource-2.10.6-10.oe1.x86_64.rpm gimp-debuginfo-2.10.6-10.oe1.x86_64.rpm gimp-libs-2.10.6-10.oe1.x86_64.rpm gimp-devel-2.10.6-10.oe1.x86_64.rpm gimp-help-2.10.6-10.oe1.x86_64.rpm gimp-devel-2.10.6-9.oe1.x86_64.rpm gimp-debuginfo-2.10.6-9.oe1.x86_64.rpm gimp-debugsource-2.10.6-9.oe1.x86_64.rpm gimp-libs-2.10.6-9.oe1.x86_64.rpm gimp-help-2.10.6-9.oe1.x86_64.rpm gimp-2.10.6-9.oe1.x86_64.rpm gimp-debuginfo-2.10.6-9.oe1.x86_64.rpm gimp-2.10.6-9.oe1.x86_64.rpm gimp-help-2.10.6-9.oe1.x86_64.rpm gimp-devel-2.10.6-9.oe1.x86_64.rpm gimp-debugsource-2.10.6-9.oe1.x86_64.rpm gimp-libs-2.10.6-9.oe1.x86_64.rpm GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. 2022-01-14 CVE-2021-45463 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H gimp security update 2022-01-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1488