Bug 30768

Summary: gimp, gimp3 new security issue CVE-2022-32990
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: davidwhodgins, fri, mageia, nicolas.salguero, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: gimp-2.10.24-1.1.mga8.src.rpm CVE: CVE-2022-32990
Status comment:

Description David Walser 2022-08-23 18:20:55 CEST 
SUSE has issued an advisory on August 22:
https://lists.suse.com/pipermail/sle-security-updates/2022-August/011961.html

The issue is fixed upstream in 2.10.32 (already in Cauldron).  gimp3 in Cauldron will still need the fix.

gimp in Mageia 8 is also affected.
Comment 1 Lewis Smith 2022-08-24 11:13:43 CEST 
Assigning to Stig who is currently the main packager for Gimp; and recently did a CVE patch for Gimp3, so you are on familiar ground.

Assignee: bugsquad => smelror

Comment 2 Nicolas Salguero 2022-09-12 11:06:47 CEST 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). (CVE-2022-32990)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32990
https://lists.suse.com/pipermail/sle-security-updates/2022-August/011961.html
========================

Updated packages in core/updates_testing:
========================
gimp-2.10.24-1.2.mga8
lib(64)gimp2.0_0-2.10.24-1.2.mga8
lib(64)gimp2.0-devel-2.10.24-1.2.mga8

from SRPM:
gimp-2.10.24-1.2.mga8.src.rpm

CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED
Assignee: smelror => qa-bugs
Version: Cauldron => 8
Source RPM: gimp-2.10.24-1.1.mga8.src.rpm, gimp3-2.99.10-4.mga9.src.rpm => gimp-2.10.24-1.1.mga8.src.rpm
CVE: (none) => CVE-2022-32990

Comment 3 PC LX 2022-09-15 18:29:12 CEST 
Installed and tested without issues.


System: Mageia 8, x86_64, Plasma DE, LXQt DE, AMD Ryzen 5 5600G CPU, AMD Radeon RX 6500 XT GPU.


Tested with the crash.xcf test file from:
https://bugzilla.suse.com/show_bug.cgi?id=1201192

Did not crash so the issue seems to be fixed.
Also did some general testing and did not see any regression.

Marking as OK for x86_64.



$ uname -a
Linux jupiter 5.19.7-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Mon Sep 5 18:45:50 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep gimp | sort
gimp-2.10.24-1.2.mga8
lib64gimp2.0_0-2.10.24-1.2.mga8

CC: (none) => mageia
Whiteboard: (none) => MGA8-64-OK

Comment 4 Morgan Leijström 2022-09-15 20:32:40 CEST 
mga8-64, plasma, i7, nvidia-current

Launched our previous version.
Let it open that crash.xcf -> segmentation fault.

Updated, repeated: No crash, a popup saying it read in as much as it could and that the file is damaged.

Keywords: (none) => validated_update
CC: (none) => fri, sysadmin-bugs

Dave Hodgins 2022-09-16 19:54:25 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 5 Mageia Robot 2022-09-16 21:41:35 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0330.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED