Ubuntu alert USN-7433-1 (graphicsmagick)
| From: | Bruce Cable <bruce.cable@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7433-1] GraphicsMagick vulnerabilities | |
| Date: | Mon, 14 Apr 2025 12:52:34 +1000 | |
| Message-ID: | <6683c71e-d6cb-41ec-b5b1-0a5581fdf3b8@canonical.com> |
========================================================================== Ubuntu Security Notice USN-7433-1 April 14, 2025 graphicsmagick vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in GraphicsMagick. Software Description: - graphicsmagick: collection of image processing tools Details: It was discovered that GraphicsMagick did not properly limit image dimensions, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-27795) It was discovered that GraphicsMagick did not properly handle certain memory operations, which could lead to a out-of-bounds memory access. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 24.10. (CVE-2025-27796) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 graphicsmagick 1.4+really1.3.45-1ubuntu0.1 Ubuntu 24.04 LTS graphicsmagick 1.4+really1.3.42-1.1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS graphicsmagick 1.4+really1.3.38-1ubuntu0.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7433-1 CVE-2025-27795, CVE-2025-27796 Package Information: https://launchpad.net/ubuntu/+source/graphicsmagick/1.4+r...
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmf8eHIFAwAAAAAACgkQuGrtzot7pOcR rQv/TDow5ON8nZY1I9coZ0vS9LlNgmT53Kbsrw3Oa/0DMc7S0QMzBOMBJJc4iSEm/rQNE5zo2qKF EnZoPn+ZJwwnKLoFHIA/4SJ68s+YQw/BTnTG+8D0ukXuaZBkM1he9aCqCsaq+SPKexJwmeuM8/ni UY1W9p/PpRHvsSxRq5k+6cSNVYgiMM/OnH38SeE6urACNSZyGpHY8Pl1stBnG6zlr/hHE5f9uCso tq94PTH716q1Mkwdeq1TLuy11cmAyK+giy/7V106Svo4maTz2Hrf0ISm7z5D10eH1VAWMXn57SQq z6Kh4DIh5w9N6FLv3r9St/kgGoi+KGTRA7ZfAhtsNuCPVoTWkT3u3jtB22TEjDPzaXqIXFyWXd4g I+Vk13U8wKfsjRBoEOd2etClhxAgisgiLpRfT06/HvwYg1Mm+D54k7N0cNNEp4m5XM6DbLMkUTHx fNo06ueHjRNH8fnezdMgMZJ7FSim0GqLa1UYuWMo98cWQN5WRQCE9lDTD+E6 =Vgxc -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)