Red Hat Product Errata RHSA-2026:20552 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20552 - Security Advisory Overview Updated Packages Synopsis Important: gimp:2.8 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fix(es): gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image (CVE-2026-4887) gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow (CVE-2026-4154) GIMP: GIMP: Arbitrary code execution via specially crafted PSD file (CVE-2026-4150) gimp: GIMP: Remote Code Execution via PSP file parsing (CVE-2026-4153) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64 Red Hat Enterprise Linux Server - AUS 8.4 x86_64 Fixes BZ - 2451669 - CVE-2026-4887 gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image BZ - 2457530 - CVE-2026-4154 gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow BZ - 2457535 - CVE-2026-4150 GIMP: GIMP: Arbitrary code execution via specially crafted PSD file BZ - 2457536 - CVE-2026-4153 gimp: GIMP: Remote Code Execution via PSP file parsing CVEs CVE-2026-4150 CVE-2026-4153 CVE-2026-4154 CVE-2026-4887 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 SRPM gimp-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.src.rpm SHA-256: 6cfb9851d705001693bc93b758ef1376872264d1e6f04a1bf39b1fe3d48fccab pygobject2-2.28.7-4.module+el8+2760+3d7d61b2.src.rpm SHA-256: 89161d4acfb1217dcc5b4ea4e232eeb8b40d9744cf9c8785ff0183eb4ce1ccb1 pygtk2-2.24.0-25.module+el8.4.0+9382+ff08b506.src.rpm SHA-256: 8ba19510593bf06bd26ab7c9c82b3f457a4facfb0bd901aba696578dce0ae1fb python2-pycairo-1.16.3-6.module+el8+2760+3d7d61b2.src.rpm SHA-256: a56385f162203977deddcf0988d03e5c98855fa3b6bae176eab07ccbf04c8855 x86_64 gimp-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: 1b492a7cb8063043ba3304db9b7a7a181271722c71d34b7805f02d7903a68c9c gimp-debuginfo-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: f7144661876699c17d6e59d17a8091bd9c2e61afddb26197ddb190fd7f8d66ba gimp-debugsource-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: a610d65b1a4c21e47425144312935b15f510c3a0b45ae75eef6f0d69bf6862b7 gimp-devel-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: 97019b6c9a092a74923a83bfdb8f5f07ed2a6cef537c60a61dc29df1b099ff6d gimp-devel-tools-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: 1289397f1419363bfe1f57b9c12039e4abda7b5227684ac5deeb9a76bd920b2a gimp-devel-tools-debuginfo-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: aec5bb0f0216aa38e44614aa3e50feabd80565cb23b1ce4360a43a41ef83be78 gimp-libs-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: 3c85468ac715ded24b1935b8f32d9657c0601a8fae521db631296ca598504a0d gimp-libs-debuginfo-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: fd3490bde280a8003c9c5778c5e314b7cb72157db0364cf300c61ec2bde8588d pygobject2-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 0722e0e1eace67230b3b2285cc4d12e0b801510a61a73227d9afafe3c44e4fd4 pygobject2-codegen-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 7b174815b7d3d9d63c6f06a9b9fe9a459b18b1a8fc9d80a2be41d405d9fee116 pygobject2-debuginfo-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 88ebab5bfedabdfdbe90c7bf85189475d98d2b2baf99ced111d0be75c0afa79b pygobject2-debugsource-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 377c821e30723f72e4181bd3e1d7ec7ea6462a269ec155a9b550017910cdeb12 pygobject2-devel-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 612cbce7dfde755d5979b06e47bc9833d9031abb5eec8dbecb510b71222d623d pygobject2-doc-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 238b8c2d865f299dcaae6eb3efa70107f95f4df96fbaaecb27a07afcb584618a pygtk2-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: f78ac06ae306ed1a55700f11a92f2ac2795e452b3d5a7f557f9a40f4342cd3ce pygtk2-codegen-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 1338dba65d7e7eeeb256ebfeeb0a6dc12924fbca39974e28675226004967aa38 pygtk2-debuginfo-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 6e6d246189a688647f8f7124135dfc20ffc1ab719531a77334867f180ebdeb9e pygtk2-debugsource-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 75a540f3d39e9abc528af4d5b8a235ba61cc23168811be7159b218ce43a4f306 pygtk2-devel-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 3adac6418d9e6904666b227251a49508c51dae6c32e8c258856a76f670b959ba pygtk2-doc-2.24.0-25.module+el8.4.0+9382+ff08b506.noarch.rpm SHA-256: 81c28b5b1e14be01cac7c7c93541fcd56b27555d02b2a2c1f58e41745237c6e3 python2-cairo-1.16.3-6.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: ce2b513387d5224348d45ac7cf927a8bbdb18b7999bf43a177c6d10838c95ee8 python2-cairo-debuginfo-1.16.3-6.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: f9a92ae5992e1a3af804aaa8f6bc259a982aa419c099f7d0e1913f2ec12b5642 python2-cairo-devel-1.16.3-6.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 429a1a2f6d367c4eed3ed8411427f2ab99c00f90f2d5a4de0e78d10cd48baa09 python2-pycairo-debugsource-1.16.3-6.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 61abdc30c8d7b66346678ea20f88dd31ef426da5a3e7314aafa0cbaa892b35ba Red Hat Enterprise Linux Server - AUS 8.4 SRPM gimp-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.src.rpm SHA-256: 6cfb9851d705001693bc93b758ef1376872264d1e6f04a1bf39b1fe3d48fccab pygobject2-2.28.7-4.module+el8+2760+3d7d61b2.src.rpm SHA-256: 89161d4acfb1217dcc5b4ea4e232eeb8b40d9744cf9c8785ff0183eb4ce1ccb1 pygtk2-2.24.0-25.module+el8.4.0+9382+ff08b506.src.rpm SHA-256: 8ba19510593bf06bd26ab7c9c82b3f457a4facfb0bd901aba696578dce0ae1fb python2-pycairo-1.16.3-6.module+el8+2760+3d7d61b2.src.rpm SHA-256: a56385f162203977deddcf0988d03e5c98855fa3b6bae176eab07ccbf04c8855 x86_64 gimp-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: 1b492a7cb8063043ba3304db9b7a7a181271722c71d34b7805f02d7903a68c9c gimp-debuginfo-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: f7144661876699c17d6e59d17a8091bd9c2e61afddb26197ddb190fd7f8d66ba gimp-debugsource-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: a610d65b1a4c21e47425144312935b15f510c3a0b45ae75eef6f0d69bf6862b7 gimp-devel-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: 97019b6c9a092a74923a83bfdb8f5f07ed2a6cef537c60a61dc29df1b099ff6d gimp-devel-tools-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: 1289397f1419363bfe1f57b9c12039e4abda7b5227684ac5deeb9a76bd920b2a gimp-devel-tools-debuginfo-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: aec5bb0f0216aa38e44614aa3e50feabd80565cb23b1ce4360a43a41ef83be78 gimp-libs-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: 3c85468ac715ded24b1935b8f32d9657c0601a8fae521db631296ca598504a0d gimp-libs-debuginfo-2.8.22-16.module+el8.4.0+24320+2aeffe15.6.x86_64.rpm SHA-256: fd3490bde280a8003c9c5778c5e314b7cb72157db0364cf300c61ec2bde8588d pygobject2-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 0722e0e1eace67230b3b2285cc4d12e0b801510a61a73227d9afafe3c44e4fd4 pygobject2-codegen-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 7b174815b7d3d9d63c6f06a9b9fe9a459b18b1a8fc9d80a2be41d405d9fee116 pygobject2-debuginfo-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 88ebab5bfedabdfdbe90c7bf85189475d98d2b2baf99ced111d0be75c0afa79b pygobject2-debugsource-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 377c821e30723f72e4181bd3e1d7ec7ea6462a269ec155a9b550017910cdeb12 pygobject2-devel-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 612cbce7dfde755d5979b06e47bc9833d9031abb5eec8dbecb510b71222d623d pygobject2-doc-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 238b8c2d865f299dcaae6eb3efa70107f95f4df96fbaaecb27a07afcb584618a pygtk2-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: f78ac06ae306ed1a55700f11a92f2ac2795e452b3d5a7f557f9a40f4342cd3ce pygtk2-codegen-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 1338dba65d7e7eeeb256ebfeeb0a6dc12924fbca39974e28675226004967aa38 pygtk2-debuginfo-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 6e6d246189a688647f8f7124135dfc20ffc1ab719531a77334867f180ebdeb9e pygtk2-debugsource-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 75a540f3d39e9abc528af4d5b8a235ba61cc23168811be7159b218ce43a4f306 pygtk2-devel-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 3adac6418d9e6904666b227251a49508c51dae6c32e8c258856a76f670b959ba pygtk2-doc-2.24.0-25.module+el8.4.0+9382+ff08b506.noarch.rpm SHA-256: 81c28b5b1e14be01cac7c7c93541fcd56b27555d02b2a2c1f58e41745237c6e3 python2-cairo-1.16.3-6.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: ce2b513387d5