Fedora alert FEDORA-2026-bef0050737 (ImageMagick)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 44 Update: ImageMagick-7.1.2.13-2.fc44 | |
| Date: | Mon, 13 Apr 2026 21:07:01 +0000 | |
| Message-ID: | <20260413210701.A59016A3F6@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-bef0050737 2026-04-13 21:06:00.498961+00:00 -------------------------------------------------------------------------------- Name : ImageMagick Product : Fedora 44 Version : 7.1.2.13 Release : 2.fc44 URL : https://imagemagick.org/ Summary : An X application for displaying and manipulating images Description : ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work in the original format or a different one. ImageMagick also includes command line programs for creating animated or transparent .gifs, creating composite images, creating thumbnail images, and more. ImageMagick is one of your choices if you need a program to manipulate and display images. If you want to develop your own applications which use ImageMagick code or APIs, you need to install ImageMagick-devel as well. -------------------------------------------------------------------------------- Update Information: LibRaw 0.22.1 and rebuilds Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0 oiiotool: Better type understanding with -i:ch= and other cleanup #5056 texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal Lecocq) (3.1.12.0, 3.0.17.0) IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0) ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0) bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0, 3.0.17.0) heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64 #5095 (by Brecht Van Lommel) ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0, 3.0.17.0) jpeg: Improved safety and error reporting for jpeg and iptc #5081 jpeg2000: Suppress leak when reading with OpenJPH #5098 psd: Fixes against corrupt files with better validation #5089 (3.1.12.0, 3.0.17.0) rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0) tiff: Support GPS fields, and other metadata enhancements #5050 tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of values passed to invert_photometric #5083, check for invalid bit depth in palette images #5091 ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0) fix: Fix UB-sanitizer warning about alignment #5097 fix: Catch exceptions in print-uncaught-messages destructor #5103 fix: Enhanced exception safety for our use of OpenColorIO #5114 fix: Fix possible fmt exceptions where we might have passed null string #5115 build: Test building with clang 22.1, fix warnings uncovered #5067 build: Improve security by pinning auto-build dependencies by hash #5076 build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0) build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058 build(win): Embed manifest in OIIO executables to enable long path handling #5066 (by Nathan Rusch) ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0) ci: For security, replace workflow substitutions with safer env substitutions #5070 ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077 ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0, 3.0.17.0) ci: Bump GitHub Actions to latest versions #5078 #5110 #5119 ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100 #5101 (3.1.12.0, 3.0.17.0) ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0) ci: Turn off nightly workflows for user forks #5042 tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075 #5079 #5099 #5112 docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza) docs: Fix formatting examples for version macros #5073 docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0) docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0, 3.0.17.0) docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0) admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0) ci: Freetype adjustments #4999 Update to 5.1 (#2451401) Update to 5.0 (#2447841) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 8 2026 Gwyn Ciesla <gwync@protonmail.com> - 1:7.1.2.13-2 - Libraw rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2447841 - swayimg-.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2447841 [ 2 ] Bug #2451401 - swayimg-5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451401 [ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454235 [ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454464 [ 5 ] Bug #2455346 - LibRaw-0.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2455346 [ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456557 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new