Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:26168 - Security Advisory
Issued:
2026-06-16
Updated:
2026-06-16

RHSA-2026:26168 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: gimp security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gimp is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.

Security Fix(es):

  • gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image (CVE-2026-4887)
  • gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow (CVE-2026-4154)
  • GIMP: GIMP: Arbitrary code execution via specially crafted PSD file (CVE-2026-4150)
  • gimp: GIMP: Remote Code Execution via PSP file parsing (CVE-2026-4153)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 2451669 - CVE-2026-4887 gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image
  • BZ - 2457530 - CVE-2026-4154 gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow
  • BZ - 2457535 - CVE-2026-4150 GIMP: GIMP: Arbitrary code execution via specially crafted PSD file
  • BZ - 2457536 - CVE-2026-4153 gimp: GIMP: Remote Code Execution via PSP file parsing

CVEs

  • CVE-2026-4150
  • CVE-2026-4153
  • CVE-2026-4154
  • CVE-2026-4887

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
gimp-2.8.22-1.el7_9.6.src.rpm SHA-256: 87db62ef25520ba6a3ae0b2aa57c0225c69a80a2cd3e4bd09f184f6ed635c993
x86_64
gimp-2.8.22-1.el7_9.6.x86_64.rpm SHA-256: 960b41d2dc4e08c8e43c13da41a1ba7014fa68798751f7563fda2c1a92f50e74
gimp-debuginfo-2.8.22-1.el7_9.6.i686.rpm SHA-256: a40befa1363bb25e56f3ac50f0de3c094517f457d0c11a9bf5373b1d180ddd48
gimp-debuginfo-2.8.22-1.el7_9.6.i686.rpm SHA-256: a40befa1363bb25e56f3ac50f0de3c094517f457d0c11a9bf5373b1d180ddd48
gimp-debuginfo-2.8.22-1.el7_9.6.x86_64.rpm SHA-256: 98908ecc8e791fe14271b5a7b1db272ee0dd436ded922c3dfdb599d1cdb55388
gimp-debuginfo-2.8.22-1.el7_9.6.x86_64.rpm SHA-256: 98908ecc8e791fe14271b5a7b1db272ee0dd436ded922c3dfdb599d1cdb55388
gimp-devel-2.8.22-1.el7_9.6.i686.rpm SHA-256: 82f27a55f50cda946b06f51caca826ca4152f716df124e9fcb404b531b3793c7
gimp-devel-2.8.22-1.el7_9.6.x86_64.rpm SHA-256: 9021b81e97fae86613458ced550507813dda1fd392e9ba6f79f8b40debf3bdec
gimp-devel-tools-2.8.22-1.el7_9.6.x86_64.rpm SHA-256: 7d41670aee26c531b8fb512761d118303d17af2b73570c1d7011d689880d3cc2
gimp-libs-2.8.22-1.el7_9.6.i686.rpm SHA-256: b8a92b3f38ddd7192804cfa9ee91cf4499915651b7846e41a3b8c338812a122c
gimp-libs-2.8.22-1.el7_9.6.x86_64.rpm SHA-256: ab30e728788bf498f301a7c466bd68e39c38c7a66bc598f7a2a209878b98fb60

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
gimp-2.8.22-1.el7_9.6.src.rpm SHA-256: 87db62ef25520ba6a3ae0b2aa57c0225c69a80a2cd3e4bd09f184f6ed635c993
s390x
gimp-2.8.22-1.el7_9.6.s390x.rpm SHA-256: bbcb06ff408fe0fc17a6fe9242d96bdc4c98ff6432d7b1a5338fe47ceb3fc7b1
gimp-debuginfo-2.8.22-1.el7_9.6.s390.rpm SHA-256: df45a59763b0aec6351b2a631249eb88cad6a16ae4f6bacc7eb8c083e3a9ee61
gimp-debuginfo-2.8.22-1.el7_9.6.s390x.rpm SHA-256: 3e120d479ada41a5a694791ad13b3d3e33f6d774ddf099bc3f41d80150aa53df
gimp-devel-2.8.22-1.el7_9.6.s390.rpm SHA-256: 3bae29603076339ddcd67125eb98b323598a77b7bcc8803d7e5ceeb07be7b0e4
gimp-devel-2.8.22-1.el7_9.6.s390x.rpm SHA-256: 323c3ec9230bf3b3ad88ae518c66a60d1f5577042d0dc30b59fc66e30235ac36
gimp-devel-tools-2.8.22-1.el7_9.6.s390x.rpm SHA-256: 5e510f9a063362bc89ce5913fdf23892b104bf92f0ac1f52a16d0a47dcc4cdeb
gimp-libs-2.8.22-1.el7_9.6.s390.rpm SHA-256: 57c83dc34f7ef73aa71e04982c8f0a4bc4924add40009fa4511c2e7ae27d8b4b
gimp-libs-2.8.22-1.el7_9.6.s390x.rpm SHA-256: 25e65c1dde2945b2523fbfac5ff222f8ee3eae33dbd74da575766dd0a2842fcc

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
gimp-2.8.22-1.el7_9.6.src.rpm SHA-256: 87db62ef25520ba6a3ae0b2aa57c0225c69a80a2cd3e4bd09f184f6ed635c993
ppc64
gimp-2.8.22-1.el7_9.6.ppc64.rpm SHA-256: 2b4227fc8e18c1c64c6448c2d4899a4266903231ede760922e93421d93d146b3
gimp-debuginfo-2.8.22-1.el7_9.6.ppc.rpm SHA-256: 422cb72c2ec70083e6104e0271aa29e2963d0e1c81b004781a1f7c299ff4f129
gimp-debuginfo-2.8.22-1.el7_9.6.ppc64.rpm SHA-256: 775325b31545c7c3fd4c4214f9b67f70489f06a964acdb26fef1775730891dbf
gimp-devel-2.8.22-1.el7_9.6.ppc.rpm SHA-256: b1deca9bd9ab699be17b53ab01bf2f79cf62779c3ad6e173832c96eb04be0c17
gimp-devel-2.8.22-1.el7_9.6.ppc64.rpm SHA-256: 3e7caeaeeb370c851b3a373e9a4fece1b48dfffc62da317fe2c7bfc39533d844
gimp-devel-tools-2.8.22-1.el7_9.6.ppc64.rpm SHA-256: 16f9accaef03c207b96865ebbef9faacbfb92738d2e60227b0a6bbf6959f1f3c
gimp-libs-2.8.22-1.el7_9.6.ppc.rpm SHA-256: d783a4ffb6a62c63e3ff6ec86dc1232828da912c8a5375b004e92248e5701d32
gimp-libs-2.8.22-1.el7_9.6.ppc64.rpm SHA-256: b5197b96f393a58b0ce1743b587454b27e7b0a923e18d3e5ce1c5945fd84797e

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
gimp-2.8.22-1.el7_9.6.src.rpm SHA-256: 87db62ef25520ba6a3ae0b2aa57c0225c69a80a2cd3e4bd09f184f6ed635c993
ppc64le
gimp-2.8.22-1.el7_9.6.ppc64le.rpm SHA-256: ef0dd731a40b3afcf9f96c7440cac1f22c5f1c268d10b9c8e56f22dd8f4ac36d
gimp-debuginfo-2.8.22-1.el7_9.6.ppc64le.rpm SHA-256: 7057390dc4bc62c48c4b988ad6fc65f2b6d588ab96783210683ab46b363d8899
gimp-debuginfo-2.8.22-1.el7_9.6.ppc64le.rpm SHA-256: 7057390dc4bc62c48c4b988ad6fc65f2b6d588ab96783210683ab46b363d8899
gimp-devel-2.8.22-1.el7_9.6.ppc64le.rpm SHA-256: 15b49fbde4f3ba33cc8e43d16682abc06a634945d769b2e31978c8af3d345f24
gimp-devel-tools-2.8.22-1.el7_9.6.ppc64le.rpm SHA-256: 45250a8a118b56145d51def6802f8b64e1607b3ce7701508d7f0a7c1a231d87c
gimp-libs-2.8.22-1.el7_9.6.ppc64le.rpm SHA-256: 09752827344c28f885391edda5169c84a6c4a8c03f2e43cda842417a6f8862a3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility