Debian alert DLA-4341-1 (gegl)
| From: | Sylvain Beucler <beuc@beuc.net> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4341-1] gegl security update | |
| Date: | Wed, 22 Oct 2025 18:59:39 +0200 | |
| Message-ID: | <aPkNeyfa0qWuWNVz@mail.beuc.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4341-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Sylvain Beucler October 22, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : gegl Version : 1:0.4.26-2+deb11u1 CVE ID : CVE-2021-45463 CVE-2025-10921 Debian Bug : 1002661 1116470 Multiple vulnerabilities were discovered in GEGL, a graph-based image processing library, which could result in denial of service or the execution of arbitrary code if malformed files or filenames are processed. CVE-2021-45463 load_cache allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. CVE-2025-10921 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. For Debian 11 bullseye, these problems have been fixed in version 1:0.4.26-2+deb11u1. We recommend that you upgrade your gegl packages. For the detailed security status of gegl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gegl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmj5DOoACgkQDTl9HeUl XjBl+RAAxU9AqqD0ldcRpocX+SLKUuJr2XOCFw9dydXJ1O6hP6OtHd8DbHdzAf3z 09Pe/PibmoSawmpuFr2v+m2m1ilmyUSxdFzcsCWfMPwjepSNWDAQeLxGD2h4g36L 1b9SwWR6XfLXfl0VPHQTt9tjOx9Aw7oHoFDtOB49ua2wFD0yisXuJG5ONR7/vLGr soBf9aZ1kZqKFHQCRp8UApmKkwOAiUxwd43Nv5nzsxfAQsrzuTj5Z6hRCHnhCDBV Y9mJTEzTHZoyigCH/OhkgMIaNnMqB6AVMIK2/bBWeORSWO812tg/RlQorCgn5anJ itape+OPCNSvxjJG9+JgS3AgUFAsNtDwIYeP+vhHVaWzip/IpugWSU3QiD9rsvcG nuAZb84teR1zU8bm87JtDMcnCIN7RDIAw6EvQDa+M5y6DBx48qvDADD/vgZeEDLF lAPhrOqS3/3f7H8lJrQBHp2smvwG2ipQuvDTtyZcgXwA6cZ4jGEA9pXMiVCkXkhc iIhV3iR5nMcdU46TiWipiUjmzEsX7zHrmETUjjRbLDioRkCuNFNYNH6xln2tzVgr 3hQNzQQj2K6DlmFoW4911D/nDdgZsZYioNDQZX6x/sY7lyEYch9k3XZsun+9+UX3 vdORHhamb3dfeVGF7C/XiCtU728bHGOLsNP82XU2SUHv4Bbli5Y= =5moU -----END PGP SIGNATURE-----