An update for gimp is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1892 Final 1.0 1.0 2023-12-08 Initial 2023-12-08 2023-12-08 openEuler SA Tool V1.0 2023-12-08 gimp security update An update for gimp is now available for openEuler-20.03-LTS-SP1. GIMP is a cross-platform image editor available for GNU/Linux, OS X, Windows and more operating systems. It is free software, you can change its source code and distribute your changes. Whether you are a graphic designer, photographer, illustrator, or scientist, GIMP provides you with sophisticated tools to get your job done. You can further enhance your productivity with GIMP thanks to many customization options and 3rd party plugins. Security Fix(es): A parsing vulnerability was found in the GNU Image Manipulation Program (GIMP). This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process.(CVE-2023-44442) A parsing vulnerability was found in the GNU Image Manipulation Program (GIMP). This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process.(CVE-2023-44444) An update for gimp is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High gimp https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1892 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-44442 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-44444 https://nvd.nist.gov/vuln/detail/CVE-2023-44442 https://nvd.nist.gov/vuln/detail/CVE-2023-44444 openEuler-20.03-LTS-SP1 gimp-debuginfo-2.10.6-11.oe1.aarch64.rpm gimp-help-2.10.6-11.oe1.aarch64.rpm gimp-libs-2.10.6-11.oe1.aarch64.rpm gimp-debugsource-2.10.6-11.oe1.aarch64.rpm gimp-2.10.6-11.oe1.aarch64.rpm gimp-devel-2.10.6-11.oe1.aarch64.rpm gimp-2.10.6-11.oe1.src.rpm gimp-help-2.10.6-11.oe1.x86_64.rpm gimp-debugsource-2.10.6-11.oe1.x86_64.rpm gimp-devel-2.10.6-11.oe1.x86_64.rpm gimp-libs-2.10.6-11.oe1.x86_64.rpm gimp-debuginfo-2.10.6-11.oe1.x86_64.rpm gimp-2.10.6-11.oe1.x86_64.rpm A parsing vulnerability was found in the GNU Image Manipulation Program (GIMP). This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process. 2023-12-08 CVE-2023-44442 openEuler-20.03-LTS-SP1 High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H gimp security update 2023-12-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1892 A parsing vulnerability was found in the GNU Image Manipulation Program (GIMP). This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process. 2023-12-08 CVE-2023-44444 openEuler-20.03-LTS-SP1 High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H gimp security update 2023-12-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1892