RHBA-2024:8405 - Bug Fix Advisory

Topic

An updated rhel8/gimp-flatpak container image is now available in the Red Hat container registry.

Description

To pull a container image, run the following command:

podman pull registry.redhat.io/<image_name>

Solution

The container image provided by this update can be downloaded from the Red Hat container registry at registry.access.redhat.com using the "podman pull" command.

For more information about the image, search the <image_name> in the Red Hat Ecosystem Catalog: https://catalog.redhat.com/software/containers/search.

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64

Fixes

• BZ - 2124527 - CVE-2022-38784 poppler: integer overflow in JBIG2 decoder using malformed files
• BZ - 2173917 - CVE-2023-24329 python: urllib.parse url blocklisting bypass
• BZ - 2231520 - CVE-2020-36024 poppler: NULL pointer dereference in `FoFiType1C::convertToType1`
• BZ - 2234527 - CVE-2022-37050 poppler: abort in PDFDoc::savePageAs in PDFDoc.c
• BZ - 2234528 - CVE-2022-37051 poppler: abort in main() in pdfunite.cc
• BZ - 2240059 - CVE-2022-48565 python: XML External Entity in XML processing plistlib module
• BZ - 2249755 - CVE-2022-48560 python: use after free in heappushpop() of heapq module
• BZ - 2283508 - CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library

CVEs

(none)

References

• https://catalog.redhat.com/software/containers/search