Red Hat Product Errata RHSA-2026:20554 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20554 - Security Advisory Overview Updated Packages Synopsis Important: gimp:2.8 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fix(es): gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image (CVE-2026-4887) gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow (CVE-2026-4154) GIMP: GIMP: Arbitrary code execution via specially crafted PSD file (CVE-2026-4150) gimp: GIMP: Remote Code Execution via PSP file parsing (CVE-2026-4153) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64 Red Hat Enterprise Linux Server - TUS 8.8 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64 Fixes BZ - 2451669 - CVE-2026-4887 gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image BZ - 2457530 - CVE-2026-4154 gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow BZ - 2457535 - CVE-2026-4150 GIMP: GIMP: Arbitrary code execution via specially crafted PSD file BZ - 2457536 - CVE-2026-4153 gimp: GIMP: Remote Code Execution via PSP file parsing CVEs CVE-2026-4150 CVE-2026-4153 CVE-2026-4154 CVE-2026-4887 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 SRPM gimp-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.src.rpm SHA-256: 1c705d63300d6ea6193f21e64d529b348642e503c95dbb7d755ef8ad57258fff pygobject2-2.28.7-4.module+el8+2760+3d7d61b2.src.rpm SHA-256: 89161d4acfb1217dcc5b4ea4e232eeb8b40d9744cf9c8785ff0183eb4ce1ccb1 pygtk2-2.24.0-25.module+el8.4.0+9382+ff08b506.src.rpm SHA-256: 8ba19510593bf06bd26ab7c9c82b3f457a4facfb0bd901aba696578dce0ae1fb python2-pycairo-1.16.3-6.module+el8+2760+3d7d61b2.src.rpm SHA-256: a56385f162203977deddcf0988d03e5c98855fa3b6bae176eab07ccbf04c8855 x86_64 gimp-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: 4405db3bc7341ba137d3776bcae33c37e6d070d711a4b65f09d39a3c7bc78053 gimp-debuginfo-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: a6948cf33d5473bb88c43797b2ad6cd85064e322089b96935cb67874795f48b0 gimp-debugsource-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: d8d55519e0fd8ec961be88a0066b14056ba3cbeaf8b388f96c07fd99895d9516 gimp-devel-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: 02ee88636cfbf66f6ae7d4e44072134288a3b60509aed314d9b498e9b90bd853 gimp-devel-tools-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: 9d7ce8f5d8632948b663976d1aca2283254b92dd16c20d9958a040fb9bf571da gimp-devel-tools-debuginfo-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: a937aca38c802f14e72cedd7dae540fafc562676eb3be96dfe3738ac244e901a gimp-libs-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: 61f2c3fc0dc09678ed0ea2328bdae72073ce7ad8ec18352341203a1f9e960940 gimp-libs-debuginfo-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: 1d2d528006f81136cbf801a577d0847f6fe896a0a7297e5070a47e45b5bd8ee8 pygobject2-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 0722e0e1eace67230b3b2285cc4d12e0b801510a61a73227d9afafe3c44e4fd4 pygobject2-codegen-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 7b174815b7d3d9d63c6f06a9b9fe9a459b18b1a8fc9d80a2be41d405d9fee116 pygobject2-debuginfo-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 88ebab5bfedabdfdbe90c7bf85189475d98d2b2baf99ced111d0be75c0afa79b pygobject2-debugsource-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 377c821e30723f72e4181bd3e1d7ec7ea6462a269ec155a9b550017910cdeb12 pygobject2-devel-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 612cbce7dfde755d5979b06e47bc9833d9031abb5eec8dbecb510b71222d623d pygobject2-doc-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 238b8c2d865f299dcaae6eb3efa70107f95f4df96fbaaecb27a07afcb584618a pygtk2-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: f78ac06ae306ed1a55700f11a92f2ac2795e452b3d5a7f557f9a40f4342cd3ce pygtk2-codegen-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 1338dba65d7e7eeeb256ebfeeb0a6dc12924fbca39974e28675226004967aa38 pygtk2-debuginfo-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 6e6d246189a688647f8f7124135dfc20ffc1ab719531a77334867f180ebdeb9e pygtk2-debugsource-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 75a540f3d39e9abc528af4d5b8a235ba61cc23168811be7159b218ce43a4f306 pygtk2-devel-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 3adac6418d9e6904666b227251a49508c51dae6c32e8c258856a76f670b959ba pygtk2-doc-2.24.0-25.module+el8.4.0+9382+ff08b506.noarch.rpm SHA-256: 81c28b5b1e14be01cac7c7c93541fcd56b27555d02b2a2c1f58e41745237c6e3 python2-cairo-1.16.3-6.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: ce2b513387d5224348d45ac7cf927a8bbdb18b7999bf43a177c6d10838c95ee8 python2-cairo-debuginfo-1.16.3-6.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: f9a92ae5992e1a3af804aaa8f6bc259a982aa419c099f7d0e1913f2ec12b5642 python2-cairo-devel-1.16.3-6.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 429a1a2f6d367c4eed3ed8411427f2ab99c00f90f2d5a4de0e78d10cd48baa09 python2-pycairo-debugsource-1.16.3-6.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 61abdc30c8d7b66346678ea20f88dd31ef426da5a3e7314aafa0cbaa892b35ba pygtk2-doc-2.24.0-25.module+el8.4.0+9382+ff08b506.noarch.rpm SHA-256: 81c28b5b1e14be01cac7c7c93541fcd56b27555d02b2a2c1f58e41745237c6e3 Red Hat Enterprise Linux Server - TUS 8.8 SRPM gimp-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.src.rpm SHA-256: 1c705d63300d6ea6193f21e64d529b348642e503c95dbb7d755ef8ad57258fff pygobject2-2.28.7-4.module+el8+2760+3d7d61b2.src.rpm SHA-256: 89161d4acfb1217dcc5b4ea4e232eeb8b40d9744cf9c8785ff0183eb4ce1ccb1 pygtk2-2.24.0-25.module+el8.4.0+9382+ff08b506.src.rpm SHA-256: 8ba19510593bf06bd26ab7c9c82b3f457a4facfb0bd901aba696578dce0ae1fb python2-pycairo-1.16.3-6.module+el8+2760+3d7d61b2.src.rpm SHA-256: a56385f162203977deddcf0988d03e5c98855fa3b6bae176eab07ccbf04c8855 x86_64 gimp-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: 4405db3bc7341ba137d3776bcae33c37e6d070d711a4b65f09d39a3c7bc78053 gimp-debuginfo-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: a6948cf33d5473bb88c43797b2ad6cd85064e322089b96935cb67874795f48b0 gimp-debugsource-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: d8d55519e0fd8ec961be88a0066b14056ba3cbeaf8b388f96c07fd99895d9516 gimp-devel-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: 02ee88636cfbf66f6ae7d4e44072134288a3b60509aed314d9b498e9b90bd853 gimp-devel-tools-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: 9d7ce8f5d8632948b663976d1aca2283254b92dd16c20d9958a040fb9bf571da gimp-devel-tools-debuginfo-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: a937aca38c802f14e72cedd7dae540fafc562676eb3be96dfe3738ac244e901a gimp-libs-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: 61f2c3fc0dc09678ed0ea2328bdae72073ce7ad8ec18352341203a1f9e960940 gimp-libs-debuginfo-2.8.22-26.module+el8.8.0+24316+5c5e4d76.7.x86_64.rpm SHA-256: 1d2d528006f81136cbf801a577d0847f6fe896a0a7297e5070a47e45b5bd8ee8 pygobject2-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 0722e0e1eace67230b3b2285cc4d12e0b801510a61a73227d9afafe3c44e4fd4 pygobject2-codegen-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 7b174815b7d3d9d63c6f06a9b9fe9a459b18b1a8fc9d80a2be41d405d9fee116 pygobject2-debuginfo-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 88ebab5bfedabdfdbe90c7bf85189475d98d2b2baf99ced111d0be75c0afa79b pygobject2-debugsource-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 377c821e30723f72e4181bd3e1d7ec7ea6462a269ec155a9b550017910cdeb12 pygobject2-devel-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 612cbce7dfde755d5979b06e47bc9833d9031abb5eec8dbecb510b71222d623d pygobject2-doc-2.28.7-4.module+el8+2760+3d7d61b2.x86_64.rpm SHA-256: 238b8c2d865f299dcaae6eb3efa70107f95f4df96fbaaecb27a07afcb584618a pygtk2-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: f78ac06ae306ed1a55700f11a92f2ac2795e452b3d5a7f557f9a40f4342cd3ce pygtk2-codegen-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 1338dba65d7e7eeeb256ebfeeb0a6dc12924fbca39974e28675226004967aa38 pygtk2-debuginfo-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 6e6d246189a688647f8f7124135dfc20ffc1ab719531a77334867f180ebdeb9e pygtk2-debugsource-2.24.0-25.module+el8.4.0+9382+ff08b506.x86_64.rpm SHA-256: 75a540f3d39e9abc528af4d5b8a235ba61cc23168811be7159b218ce43a4f306 pygtk2-devel-2.24.0-25.module+el8.4.0+9382+ff08b506.x86