Multiple security vulnerabilities have been discovered in the GIMP image processing library used in IGEL OS. This affects the following IGEL products:
IGEL OS 11 (not in the default configuration)
Details
GIMP is vulnerable to crafted files in several formats: Processing DDS, PSP or PSD files can cause overflows and enable remote code execution (CVE-2023-44441, CVE-2023-44442, CVE-2023-44443). This is rated as high. Crafted XCF files can exhaust memory or trigger an unhandled exception, which may lead to a denial of service (CVE-2022-30067, CVE-2022-32990), which is rated as medium.
Mitigation
GIMP is not active in the IGEL OS 11 default configuration. It is only mounted if you activate Scanner Support / SANE (Limited Support …) in System > Firmware Customization > Features in Setup. If you have it activated, you can deactivate it to mitigate this vulnerability.
Update Instructions
OS 11: Update to IGEL OS version 11.09.210 or newer