30768 – gimp, gimp3 new security issue CVE-2022-32990

Bug 30768 - gimp, gimp3 new security issue CVE-2022-32990

Summary: gimp, gimp3 new security issue CVE-2022-32990

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2022-08-23 18:20 CEST by David Walser
Modified:	2022-09-16 21:41 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	gimp-2.10.24-1.1.mga8.src.rpm
CVE:	CVE-2022-32990
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-08-23 18:20:55 CEST

SUSE has issued an advisory on August 22:
https://lists.suse.com/pipermail/sle-security-updates/2022-August/011961.html

The issue is fixed upstream in 2.10.32 (already in Cauldron).  gimp3 in Cauldron will still need the fix.

gimp in Mageia 8 is also affected.

Comment 1 Lewis Smith 2022-08-24 11:13:43 CEST

Assigning to Stig who is currently the main packager for Gimp; and recently did a CVE patch for Gimp3, so you are on familiar ground.

Assignee: bugsquad => smelror

Comment 2 Nicolas Salguero 2022-09-12 11:06:47 CEST

Suggested advisory:
========================

The updated packages fix a security vulnerability:

An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). (CVE-2022-32990)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32990
https://lists.suse.com/pipermail/sle-security-updates/2022-August/011961.html
========================

Updated packages in core/updates_testing:
========================
gimp-2.10.24-1.2.mga8
lib(64)gimp2.0_0-2.10.24-1.2.mga8
lib(64)gimp2.0-devel-2.10.24-1.2.mga8

from SRPM:
gimp-2.10.24-1.2.mga8.src.rpm

CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED
Assignee: smelror => qa-bugs
Version: Cauldron => 8
Source RPM: gimp-2.10.24-1.1.mga8.src.rpm, gimp3-2.99.10-4.mga9.src.rpm => gimp-2.10.24-1.1.mga8.src.rpm
CVE: (none) => CVE-2022-32990

Comment 3 PC LX 2022-09-15 18:29:12 CEST

Installed and tested without issues.


System: Mageia 8, x86_64, Plasma DE, LXQt DE, AMD Ryzen 5 5600G CPU, AMD Radeon RX 6500 XT GPU.


Tested with the crash.xcf test file from:
https://bugzilla.suse.com/show_bug.cgi?id=1201192

Did not crash so the issue seems to be fixed.
Also did some general testing and did not see any regression.

Marking as OK for x86_64.



$ uname -a
Linux jupiter 5.19.7-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Mon Sep 5 18:45:50 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep gimp | sort
gimp-2.10.24-1.2.mga8
lib64gimp2.0_0-2.10.24-1.2.mga8

CC: (none) => mageia
Whiteboard: (none) => MGA8-64-OK

Comment 4 Morgan Leijström 2022-09-15 20:32:40 CEST

mga8-64, plasma, i7, nvidia-current

Launched our previous version.
Let it open that crash.xcf -> segmentation fault.

Updated, repeated: No crash, a popup saying it read in as much as it could and that the file is damaged.

Keywords: (none) => validated_update
CC: (none) => fri, sysadmin-bugs

Dave Hodgins 2022-09-16 19:54:25 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 5 Mageia Robot 2022-09-16 21:41:35 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0330.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.