gegl-0.2.0-19.el7.1
エラータID: AXSA:2022-2991:01
Release date:
Thursday, January 20, 2022 - 07:01
Subject:
gegl-0.2.0-19.el7.1
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
GEGL (Generic Graphics Library) is a graph-based image processing framework.
Security Fix(es):
* gegl: shell expansion via a crafted pathname (CVE-2021-45463)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE-2021-45463
GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell
expansion when a pathname in a constructed command line is not escaped or
filtered. This is caused by use of the system library function for execution of
the ImageMagick convert fallback in magick-load.
Solution:
Update packages.
CVEs:
CVE-2021-45463
GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load.
GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load.
Additional Info:
N/A
Download:
SRPMS
- gegl-0.2.0-19.el7.1.src.rpm
MD5: c024cd9f5cf4535ef335965e47f41947
SHA-256: fc21a33be6a97c25a93813e4695e1e19973802221092ff1338e58fa11959c411
Size: 7.18 MB
Asianux Server 7 for x86_64
- gegl-0.2.0-19.el7.1.x86_64.rpm
MD5: ff4d60ce4398c4ea6075aecbd59b0070
SHA-256: cdb37404aa079ac07cb348088e90154ff4741848134c17c723c8fa25378c912a
Size: 740.55 kB - gegl-0.2.0-19.el7.1.i686.rpm
MD5: 42a2aa7fafeeb92a9caf25193c871c2e
SHA-256: 94ff8ecbe5f67280f7f6a57f379a7ed40f3e5508f0b769a98cff12d55519906c
Size: 741.02 kB