1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5628-1] imagemagick security update

    From Moritz Muehlenhoff@21:1/5 to All on Thu Feb 22 20:10:02 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5628-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 22, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : imagemagick
    CVE ID : CVE-2021-3610 CVE-2022-1115 CVE-2023-1289 CVE-2023-1906
    CVE-2023-3428 CVE-2023-5341 CVE-2023-34151
    Debian Bug : 1013282 1036999

    This update fixes multiple vulnerabilities in Imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising
    may result in denial of service, memory disclosure or potentially the
    execution of arbitrary code if malformed image files are processed.

    For the oldstable distribution (bullseye), these problems have been fixed
    in version 8:6.9.11.60+dfsg-1.3+deb11u3.

    For the stable distribution (bookworm), these problems have been fixed in version 8:6.9.11.60+dfsg-1.6+deb12u1.

    We recommend that you upgrade your imagemagick packages.

    For the detailed security status of imagemagick please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/imagemagick

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXXmJoACgkQEMKTtsN8 TjZ4oA//dcUTeog3Pl7y1vg7o0IRWkWMbHtamfOavzrUPt+r9LFc1B0HAxUhrtet r7svk5r2WlQjMjcANg19F1hVqGAx+WVKFz15ydmzugU7TWoudZdSyE0gcAQfW4mg UeiU+MnhcOyIfJJuV+EQD3JvsfLmRzMGG5WzDTkTbe+y78paXrskMY/y5vhSPlnR +3wyqdZ0R1urzoVpShj1fullrmTTUnTr3/kxTXm5S1LBjcMwpdMoRTFJBuOXlPSa jA+dDkpeer/UiBIH0piaUmxByG2BtzDGjvvi6BlohqvpERFrqfsb59+Scimi3arr vYHELehJTqM+jUvg3VehSGTFId6qsGVsM0eKUFtFMdlL016U34LICfP+FDlP1DJ0 VKyab9UDyU6Zf7aWiVnJt6GQdicIQ64hsvVBuj3u90WcI63qR6RybuxmGhBfIJs+ VkG23qv8DjrvRpFesUaTvbOfMOJ3q0OvXIF9TMx5CNimPuEc8esg2Ktzdoaiy7Vj gmNewYaGRqrLDLsK48pJx4qLz4WfvRLVZPWnKuyUaQaRsybsSdFx+r8id/utJ6sW 6I8H9KouHflKPZhzccnMGHZJFD1H/DzQHAbCvUz8yKaA+OMU5RgcsGWawmRhavDW fXzfUyMSJYV57voszyQmrBMOSzQHi/f0SIBqFtK928ATLXHY/bs=
    =KFsb
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)