jiachao2130/csaf2cusa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0b84f3c661
csaf2cusa/cvrfs/2022/cvrf-openEuler-SA-2022-1488.xml
Jia Chao 0b84f3c661 增加测试用的配置和目录 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-02 15:51:55 +08:00

138 lines
11 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for gimp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2022-1488</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2022-01-14</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2022-01-14</InitialReleaseDate>
<CurrentReleaseDate>2022-01-14</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2022-01-14</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">gimp security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for gimp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">GIMP is a cross-platform image editor available for GNU/Linux, OS X, Windows and more operating systems. It is free software, you can change its source code and distribute your changes. Whether you are a graphic designer, photographer, illustrator, or scientist, GIMP provides you with sophisticated tools to get your job done. You can further enhance your productivity with GIMP thanks to many customization options and 3rd party plugins.
Security Fix(es):
GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load.(CVE-2021-45463)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for gimp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">gimp</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1488</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-45463</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-45463</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">openEuler-20.03-LTS-SP2</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="gimp-libs-2.10.6-10" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-libs-2.10.6-10.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-devel-2.10.6-10" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-devel-2.10.6-10.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-2.10.6-10" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-2.10.6-10.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-debuginfo-2.10.6-10" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-debuginfo-2.10.6-10.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-debugsource-2.10.6-10" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-debugsource-2.10.6-10.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-help-2.10.6-10" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-help-2.10.6-10.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-libs-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">gimp-libs-2.10.6-9.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-help-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">gimp-help-2.10.6-9.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-devel-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">gimp-devel-2.10.6-9.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-debugsource-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">gimp-debugsource-2.10.6-9.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">gimp-2.10.6-9.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-debuginfo-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">gimp-debuginfo-2.10.6-9.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-devel-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">gimp-devel-2.10.6-9.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-libs-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">gimp-libs-2.10.6-9.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-debuginfo-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">gimp-debuginfo-2.10.6-9.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">gimp-2.10.6-9.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-debugsource-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">gimp-debugsource-2.10.6-9.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="gimp-help-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">gimp-help-2.10.6-9.oe1.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="gimp-2.10.6-10" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-2.10.6-10.oe1.src.rpm</FullProductName>
<FullProductName ProductID="gimp-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">gimp-2.10.6-9.oe1.src.rpm</FullProductName>
<FullProductName ProductID="gimp-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">gimp-2.10.6-9.oe1.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="gimp-2.10.6-10" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-2.10.6-10.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-debugsource-2.10.6-10" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-debugsource-2.10.6-10.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-debuginfo-2.10.6-10" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-debuginfo-2.10.6-10.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-libs-2.10.6-10" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-libs-2.10.6-10.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-devel-2.10.6-10" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-devel-2.10.6-10.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-help-2.10.6-10" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-help-2.10.6-10.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-devel-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">gimp-devel-2.10.6-9.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-debuginfo-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">gimp-debuginfo-2.10.6-9.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-debugsource-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">gimp-debugsource-2.10.6-9.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-libs-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">gimp-libs-2.10.6-9.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-help-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">gimp-help-2.10.6-9.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">gimp-2.10.6-9.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-debuginfo-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">gimp-debuginfo-2.10.6-9.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">gimp-2.10.6-9.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-help-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">gimp-help-2.10.6-9.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-devel-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">gimp-devel-2.10.6-9.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-debugsource-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">gimp-debugsource-2.10.6-9.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="gimp-libs-2.10.6-9" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">gimp-libs-2.10.6-9.oe1.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load.</Note>
</Notes>
<ReleaseDate>2022-01-14</ReleaseDate>
<CVE>CVE-2021-45463</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP2</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.8</BaseScore>
<Vector>AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>gimp security update</Description>
<DATE>2022-01-14</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1488</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink