Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:17533: Important: gimp:2.8 security update

cve-2026-1234red-hatenterprise-linuxcve-2026-4887cve-2026-4154
This security update addresses multiple critical vulnerabilities in the GIMP image editing software, including remote code execution via specially crafted XPM, PSD, and PSP files, and memory disclosure/denial of service via PCX files. The CVSS scores for the RCE vulnerabilities are 7.8 (High). Based on authoritative NVD data, GIMP versions prior to 3.2.0 are affected by CVE-2026-4887, and version 3.0.8 is affected by CVE-2026-4154 and CVE-2026-4150. The advisory provides updated packages for the `gimp:2.8` module on Red Hat Enterprise Linux 8.
Read Full Article →

Red Hat Product Errata RHSA-2026:17533 - Security Advisory Issued: 2026-05-14 Updated: 2026-05-14 RHSA-2026:17533 - Security Advisory Overview Updated Packages Synopsis Important: gimp:2.8 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fix(es): gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image (CVE-2026-4887) gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow (CVE-2026-4154) GIMP: GIMP: Arbitrary code execution via specially crafted PSD file (CVE-2026-4150) gimp: GIMP: Remote Code Execution via PSP file parsing (CVE-2026-4153) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2451669 - CVE-2026-4887 gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image BZ - 2457530 - CVE-2026-4154 gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow BZ - 2457535 - CVE-2026-4150 GIMP: GIMP: Arbitrary code execution via specially crafted PSD file BZ - 2457536 - CVE-2026-4153 gimp: GIMP: Remote Code Execution via PSP file parsing CVEs CVE-2026-4150 CVE-2026-4153 CVE-2026-4154 CVE-2026-4887 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM gimp-2.8.22-26.module+el8.10.0+24277+6acc3952.6.src.rpm SHA-256: 1f6f1eb928861c14b4281677ced0319dbc2a173b867e872a2ba01edf734be60b pygobject2-2.28.7-5.module+el8.10.0+22676+becd68d6.src.rpm SHA-256: 2b854e61c8b4c5739528bac4ab8825f9477e7e912be99655c6523994a26975d6 pygtk2-2.24.0-25.module+el8.9.0+21228+8e80d31d.src.rpm SHA-256: c3d7a115b429fb925479c8511b8dcea2b4abce3cfacdea74cda7a467215e416c python2-pycairo-1.16.3-7.module+el8.10.0+22676+becd68d6.src.rpm SHA-256: 289c3b2ad41880a1e392de5b0ec360428428ab0ab6b31c6b5989d5beb080a280 x86_64 pygtk2-doc-2.24.0-25.module+el8.9.0+21228+8e80d31d.noarch.rpm SHA-256: 8fb958e12a3207586555fa9da52d611f293cf5a48529913d2652409dce8c5393 pygtk2-doc-2.24.0-25.module+el8.9.0+21228+8e80d31d.noarch.rpm SHA-256: 8fb958e12a3207586555fa9da52d611f293cf5a48529913d2652409dce8c5393 gimp-2.8.22-26.module+el8.10.0+24277+6acc3952.6.x86_64.rpm SHA-256: 958817a528c393cbba188c297a5b5413e03a089c455d2a1d3a8cebb4f4ea320a gimp-debuginfo-2.8.22-26.module+el8.10.0+24277+6acc3952.6.x86_64.rpm SHA-256: 13c5f5b2a1b9dd05d6f4bef4f7a9d2a6864dd271174f03af16a8054fb899811b gimp-debugsource-2.8.22-26.module+el8.10.0+24277+6acc3952.6.x86_64.rpm SHA-256: a589f6f1270009c120f6f3016c62333836f18fa3422da341a9e92c7cf5480a73 gimp-devel-2.8.22-26.module+el8.10.0+24277+6acc3952.6.x86_64.rpm SHA-256: 0e1223abe3e42803a14afd851624c05d474b5b87d96019531fac7876c279913f gimp-devel-tools-2.8.22-26.module+el8.10.0+24277+6acc3952.6.x86_64.rpm SHA-256: c477fd16cb35009677ac65c19a5d5cd7980c7e5d11c66fe908a03241d71399de gimp-devel-tools-debuginfo-2.8.22-26.module+el8.10.0+24277+6acc3952.6.x86_64.rpm SHA-256: 29ebc320436115d63cdeb94701d59e7f28ae7772fe1c524b24b80090642e14f3 gimp-libs-2.8.22-26.module+el8.10.0+24277+6acc3952.6.x86_64.rpm SHA-256: ab0e9ef39893188854695ea52404af7041c24ee8e29b1692e7760555061487d6 gimp-libs-debuginfo-2.8.22-26.module+el8.10.0+24277+6acc3952.6.x86_64.rpm SHA-256: f6c1d68ca3161182fed93f4447da230d1ad2c147acaa2e52ea7f7c01cc941065 pygobject2-2.28.7-5.module+el8.10.0+22676+becd68d6.x86_64.rpm SHA-256: 6bae84704a86380954018f124157c151ea2285e45d0c058251c4ff13c09ff8fa pygobject2-codegen-2.28.7-5.module+el8.10.0+22676+becd68d6.x86_64.rpm SHA-256: aac8468de0f145618ac7b43b184ffd61b7824ba31c7821dfb586ed2c02b079d2 pygobject2-debuginfo-2.28.7-5.module+el8.10.0+22676+becd68d6.x86_64.rpm SHA-256: e8082076c92ab2aea74f43c6b84f53472af6adb3ddad4c1460560a63a8c4caa7 pygobject2-debugsource-2.28.7-5.module+el8.10.0+22676+becd68d6.x86_64.rpm SHA-256: 8ef2c8632fe55796f119e090ae27cbd01f48fedeaf3895b2aac8b950fecde9c2 pygobject2-devel-2.28.7-5.module+el8.10.0+22676+becd68d6.x86_64.rpm SHA-256: debc46c01e6a32b5dc184cb550be8c248ae96b96bd9a5b07c3e5515b24d1aafb pygobject2-doc-2.28.7-5.module+el8.10.0+22676+becd68d6.x86_64.rpm SHA-256: bdf1462703aea85fb341e10bfd7c22b94663d870d88a1d042a8578abbf870818 pygtk2-2.24.0-25.module+el8.9.0+21228+8e80d31d.x86_64.rpm SHA-256: dc82fa58eb8489b0e3277a5c808be4294b3cb74d29442f40e0f5061581fb3ee0 pygtk2-codegen-2.24.0-25.module+el8.9.0+21228+8e80d31d.x86_64.rpm SHA-256: 2f683670a18cd37f4b0b75e72081365c2ddb28d45d3b742bdb0fd20854c7ad17 pygtk2-debuginfo-2.24.0-25.module+el8.9.0+21228+8e80d31d.x86_64.rpm SHA-256: 729245ad80ed1ab53d5337f70eaeb1228995db44d1f6429d9708fc4c8042dae0 pygtk2-debugsource-2.24.0-25.module+el8.9.0+21228+8e80d31d.x86_64.rpm SHA-256: a456fc37cac08325ae115b55ab29c7b7f701aa9a71ccbb77afe7f4a27bc83a10 pygtk2-devel-2.24.0-25.module+el8.9.0+21228+8e80d31d.x86_64.rpm SHA-256: 62546eaabba067a862553a2be0304c783030599cf68e7a5a7cee8008b722bbcb pygtk2-doc-2.24.0-25.module+el8.9.0+21228+8e80d31d.noarch.rpm SHA-256: 8fb958e12a3207586555fa9da52d611f293cf5a48529913d2652409dce8c5393 python2-cairo-1.16.3-7.module+el8.10.0+22676+becd68d6.x86_64.rpm SHA-256: 7198aaee40e1efb65fd7d769f615f1b71c8855a8de66311bf252d1173903bfc9 python2-cairo-debuginfo-1.16.3-7.module+el8.10.0+22676+becd68d6.x86_64.rpm SHA-256: 92a7d00809692bf71040921dd7d022ed0d8d410d13bc7a539a5e6981ecc1db59 python2-cairo-devel-1.16.3-7.module+el8.10.0+22676+becd68d6.x86_64.rpm SHA-256: d6577fd523b5239431ded1651453ca5146158252ec5813d66f06d688a92a89fe python2-pycairo-debugsource-1.16.3-7.module+el8.10.0+22676+becd68d6.x86_64.rpm SHA-256: dd8df82df62dc21624c6f862c0bcb48e0d4ca71cca43121adcd85df992cecd7d pygtk2-doc-2.24.0-25.module+el8.9.0+21228+8e80d31d.noarch.rpm SHA-256: 8fb958e12a3207586555fa9da52d611f293cf5a48529913d2652409dce8c5393 Red Hat Enterprise Linux for IBM z Systems 8 SRPM gimp-2.8.22-26.module+el8.10.0+24277+6acc3952.6.src.rpm SHA-256: 1f6f1eb928861c14b4281677ced0319dbc2a173b867e872a2ba01edf734be60b pygobject2-2.28.7-5.module+el8.10.0+22676+becd68d6.src.rpm SHA-256: 2b854e61c8b4c5739528bac4ab8825f9477e7e912be99655c6523994a26975d6 pygtk2-2.24.0-25.module+el8.9.0+21228+8e80d31d.src.rpm SHA-256: c3d7a115b429fb925479c8511b8dcea2b4abce3cfacdea74cda7a467215e416c python2-pycairo-1.16.3-7.module+el8.10.0+22676+becd68d6.src.rpm SHA-256: 289c3b2ad41880a1e392de5b0ec360428428ab0ab6b31c6b5989d5beb080a280 s390x gimp-2.8.22-26.module+el8.10.0+24277+6acc3952.6.s390x.rpm SHA-256: a57af281c5187aae245b27e3dcdcb8155c266eca1d68f6f6504cbd0904fb178f gimp-debuginfo-2.8.22-26.module+el8.10.0+24277+6acc3952.6.s390x.rpm SHA-256: 2c7dff59356dbac969e1c7b9675ce1ab9a5337cee40e050261fb5cb68f81288a gimp-debugsource-2.8.22-26.module+el8.10.0+24277+6acc3952.6.s390x.rpm SHA-256: 95c41d5b544f1f63f1034f9304de1ac2ba0f6973965b8e277af838755d9a4a4f gimp-devel-2.8.22-26.module+el8.10.0+24277+6acc3952.6.s390x.rpm SHA-256: 48c438831594957c5edb33723e3d9a567f57aff72f813e6bdfde2635f5b47124 gimp-devel-tools-2.8.22-26.module+el8.10.0+24277+6acc3952.6.s390x.rpm SHA-256: d9d8e69b4994b532646ccfb7c96f11dcaed0641a8889ce9ab2723d3b2574b3b3 gimp-devel-tools-debuginfo-2.8.22-26.module+el8.10.0+24277+6acc3952.6.s390x.rpm SHA-256: 09da4f4b40b5dd28137d42e1c499e8bae2aff7b554af6922353996921b7a4851 gimp-libs-2.8.22-26.module+el8.10.0+24277+6acc3952.6.s390x.rpm SHA-256: 6d94583baf7e94658e09a9e3fee6dd0899334adfed204bae099f49a4f792e1b8 gimp-libs-debuginfo-2.8.22-26.module+el8.10.0+24277+6acc3952.6.s390x.rpm SHA-256: 0e1470db6ae657d206e2c974813808ce28d68cb4f313184afe52269da591c02f pygobject2-2.28.7-5.module+el8.10.0+22676+becd68d6.s390x.rpm SHA-256: 4105df8c0b38c4c3ae951d1b83b923c311a6b592de9a4078efc0b0f2ec4983f5 pygobject2-codegen-2.28.7-5.module+el8.10.0+22676+becd68d6.s390x.rpm SHA-256: 57aaa9b70faba9400ec08f81d0f298678c564a138f00825cb9deae37b611e5ed pygobject2-debuginfo-2.28.7-5.module+el8.10.0+22676+becd68d6.s390x.rpm SHA-256: 29a57929a56f08892beafa0e7c12541f97dbc22fd6b0833f3036bdc0500e4c05 pygobject2-debugsource-2.28.7-5.module+el8.10.0+22676+becd68d6.s390x.rpm SHA-256: 7dad185294da2167664e4278dc12e7eed5e0d3ffe4d421d8ae191f6232528998 pygobject2-devel-2.28.7-5.module+el8.10.0+22676+becd68d6.s390x.rpm SHA-256: 8745fe23a35f05135b007909d51fd633dd96e46ba0d5d71380b29f1a798e7450 pygobject2-doc-2.28.7-5.module+el8.10.0+22676+becd68d6.s390x.rpm SHA-256: e6286765c975b4c3b44e36e044a6f9c1595b68bd51812af88e9609aa24ba0dab pygtk2-2.24.0-25.module+el8.9.0+21228+8e80d31d.s390x.rpm SHA-256: 84faa1ecb8d7894edac1bdd2acd7e61a6e5c62c5eb8944489d3abac30e48ebf1 pygtk2-codegen-2

Related Articles

HIGH RHSA-2026:19362: Important: gimp security update Red Hat Errata HIGH RHSA-2026:16484: Important: gimp security update Red Hat Errata INFO RHSA-2026:20552: Important: gimp:2.8 security update Red Hat Errata INFO RHSA-2026:20554: Important: gimp:2.8 security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn