Synopsis: Moderate: gimp security, bug fix, and enhancement update Advisory ID: SLSA-2016:2589-2 Issue Date: 2016-11-03 CVE Numbers: CVE-2016-4994 -- The following packages have been upgraded to a newer upstream version: gimp (2.8.16), gimp-help (2.8.2). Security Fix(es): * Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994) Additional Changes: -- SL7 x86_64 gimp-2.8.16-3.el7.x86_64.rpm gimp-debuginfo-2.8.16-3.el7.i686.rpm gimp-debuginfo-2.8.16-3.el7.x86_64.rpm gimp-libs-2.8.16-3.el7.i686.rpm gimp-libs-2.8.16-3.el7.x86_64.rpm gimp-devel-2.8.16-3.el7.i686.rpm gimp-devel-2.8.16-3.el7.x86_64.rpm gimp-devel-tools-2.8.16-3.el7.x86_64.rpm noarch gimp-help-2.8.2-1.el7.noarch.rpm gimp-help-ca-2.8.2-1.el7.noarch.rpm gimp-help-da-2.8.2-1.el7.noarch.rpm gimp-help-de-2.8.2-1.el7.noarch.rpm gimp-help-el-2.8.2-1.el7.noarch.rpm gimp-help-en_GB-2.8.2-1.el7.noarch.rpm gimp-help-es-2.8.2-1.el7.noarch.rpm gimp-help-fr-2.8.2-1.el7.noarch.rpm gimp-help-it-2.8.2-1.el7.noarch.rpm gimp-help-ja-2.8.2-1.el7.noarch.rpm gimp-help-ko-2.8.2-1.el7.noarch.rpm gimp-help-nl-2.8.2-1.el7.noarch.rpm gimp-help-nn-2.8.2-1.el7.noarch.rpm gimp-help-pt_BR-2.8.2-1.el7.noarch.rpm gimp-help-ru-2.8.2-1.el7.noarch.rpm gimp-help-sl-2.8.2-1.el7.noarch.rpm gimp-help-sv-2.8.2-1.el7.noarch.rpm gimp-help-zh_CN-2.8.2-1.el7.noarch.rpm - Scientific Linux Development Team