142 lines
8.2 KiB
XML
142 lines
8.2 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
|
|
<DocumentTitle xml:lang="en">An update for gimp is now available for openEuler-20.03-LTS-SP1</DocumentTitle>
|
|
<DocumentType>Security Advisory</DocumentType>
|
|
<DocumentPublisher Type="Vendor">
|
|
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
|
|
<IssuingAuthority>openEuler security committee</IssuingAuthority>
|
|
</DocumentPublisher>
|
|
<DocumentTracking>
|
|
<Identification>
|
|
<ID>openEuler-SA-2023-1892</ID>
|
|
</Identification>
|
|
<Status>Final</Status>
|
|
<Version>1.0</Version>
|
|
<RevisionHistory>
|
|
<Revision>
|
|
<Number>1.0</Number>
|
|
<Date>2023-12-08</Date>
|
|
<Description>Initial</Description>
|
|
</Revision>
|
|
</RevisionHistory>
|
|
<InitialReleaseDate>2023-12-08</InitialReleaseDate>
|
|
<CurrentReleaseDate>2023-12-08</CurrentReleaseDate>
|
|
<Generator>
|
|
<Engine>openEuler SA Tool V1.0</Engine>
|
|
<Date>2023-12-08</Date>
|
|
</Generator>
|
|
</DocumentTracking>
|
|
<DocumentNotes>
|
|
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">gimp security update</Note>
|
|
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for gimp is now available for openEuler-20.03-LTS-SP1.</Note>
|
|
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">GIMP is a cross-platform image editor available for GNU/Linux, OS X, Windows and more operating systems. It is free software, you can change its source code and distribute your changes. Whether you are a graphic designer, photographer, illustrator, or scientist, GIMP provides you with sophisticated tools to get your job done. You can further enhance your productivity with GIMP thanks to many customization options and 3rd party plugins.
|
|
|
|
Security Fix(es):
|
|
|
|
A parsing vulnerability was found in the GNU Image Manipulation Program (GIMP). This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process.(CVE-2023-44442)
|
|
|
|
A parsing vulnerability was found in the GNU Image Manipulation Program (GIMP). This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process.(CVE-2023-44444)</Note>
|
|
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for gimp is now available for openEuler-20.03-LTS-SP1.
|
|
|
|
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
|
|
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
|
|
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">gimp</Note>
|
|
</DocumentNotes>
|
|
<DocumentReferences>
|
|
<Reference Type="Self">
|
|
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1892</URL>
|
|
</Reference>
|
|
<Reference Type="openEuler CVE">
|
|
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-44442</URL>
|
|
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-44444</URL>
|
|
</Reference>
|
|
<Reference Type="Other">
|
|
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-44442</URL>
|
|
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-44444</URL>
|
|
</Reference>
|
|
</DocumentReferences>
|
|
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
|
|
<Branch Type="Product Name" Name="openEuler">
|
|
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="aarch64">
|
|
<FullProductName ProductID="gimp-debuginfo-2.10.6-11" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-debuginfo-2.10.6-11.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="gimp-help-2.10.6-11" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-help-2.10.6-11.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="gimp-libs-2.10.6-11" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-libs-2.10.6-11.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="gimp-debugsource-2.10.6-11" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-debugsource-2.10.6-11.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="gimp-2.10.6-11" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-2.10.6-11.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="gimp-devel-2.10.6-11" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-devel-2.10.6-11.oe1.aarch64.rpm</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="src">
|
|
<FullProductName ProductID="gimp-2.10.6-11" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-2.10.6-11.oe1.src.rpm</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="x86_64">
|
|
<FullProductName ProductID="gimp-help-2.10.6-11" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-help-2.10.6-11.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="gimp-debugsource-2.10.6-11" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-debugsource-2.10.6-11.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="gimp-devel-2.10.6-11" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-devel-2.10.6-11.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="gimp-libs-2.10.6-11" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-libs-2.10.6-11.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="gimp-debuginfo-2.10.6-11" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-debuginfo-2.10.6-11.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="gimp-2.10.6-11" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">gimp-2.10.6-11.oe1.x86_64.rpm</FullProductName>
|
|
</Branch>
|
|
</ProductTree>
|
|
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
|
<Notes>
|
|
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A parsing vulnerability was found in the GNU Image Manipulation Program (GIMP). This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process.</Note>
|
|
</Notes>
|
|
<ReleaseDate>2023-12-08</ReleaseDate>
|
|
<CVE>CVE-2023-44442</CVE>
|
|
<ProductStatuses>
|
|
<Status Type="Fixed">
|
|
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
|
</Status>
|
|
</ProductStatuses>
|
|
<Threats>
|
|
<Threat Type="Impact">
|
|
<Description>High</Description>
|
|
</Threat>
|
|
</Threats>
|
|
<CVSSScoreSets>
|
|
<ScoreSet>
|
|
<BaseScore>7.8</BaseScore>
|
|
<Vector>AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</Vector>
|
|
</ScoreSet>
|
|
</CVSSScoreSets>
|
|
<Remediations>
|
|
<Remediation Type="Vendor Fix">
|
|
<Description>gimp security update</Description>
|
|
<DATE>2023-12-08</DATE>
|
|
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1892</URL>
|
|
</Remediation>
|
|
</Remediations>
|
|
</Vulnerability>
|
|
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
|
<Notes>
|
|
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">A parsing vulnerability was found in the GNU Image Manipulation Program (GIMP). This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process.</Note>
|
|
</Notes>
|
|
<ReleaseDate>2023-12-08</ReleaseDate>
|
|
<CVE>CVE-2023-44444</CVE>
|
|
<ProductStatuses>
|
|
<Status Type="Fixed">
|
|
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
|
</Status>
|
|
</ProductStatuses>
|
|
<Threats>
|
|
<Threat Type="Impact">
|
|
<Description>High</Description>
|
|
</Threat>
|
|
</Threats>
|
|
<CVSSScoreSets>
|
|
<ScoreSet>
|
|
<BaseScore>7.8</BaseScore>
|
|
<Vector>AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</Vector>
|
|
</ScoreSet>
|
|
</CVSSScoreSets>
|
|
<Remediations>
|
|
<Remediation Type="Vendor Fix">
|
|
<Description>gimp security update</Description>
|
|
<DATE>2023-12-08</DATE>
|
|
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1892</URL>
|
|
</Remediation>
|
|
</Remediations>
|
|
</Vulnerability>
|
|
</cvrfdoc> |