Debian alert DSA-6240-1 (imagemagick)
| From: | Moritz Muehlenhoff <jmm@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 6240-1] imagemagick security update | |
| Date: | Fri, 01 May 2026 15:32:50 +0000 | |
| Message-ID: | <afTHolKpAk0nQ1OW@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6240-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 01, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2026-32636 CVE-2026-33535 CVE-2026-33536 CVE-2026-33899 CVE-2026-33900 CVE-2026-33901 CVE-2026-33902 CVE-2026-33905 CVE-2026-33908 CVE-2026-34238 CVE-2026-40169 CVE-2026-40183 CVE-2026-40310 CVE-2026-40311 CVE-2026-40312 Multiple security vulnerabilities were discovered in imagemagick, a software suite used for editing and manipulating digital images, which could lead to denial of service, information disclosure or potentially arbitrary code execution if malformed images are processed. For the stable distribution (trixie), these problems have been fixed in version 8:7.1.1.43+dfsg1-1+deb13u8. We recommend that you upgrade your imagemagick packages. For the detailed security status of imagemagick please refer to its security tracker page at: https://security-tracker.debian.org/tracker/imagemagick Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmn0xHQACgkQEMKTtsN8 TjZBYhAAqV8IhMdxjjh/rxVaIBdh1keDyDZjAx8D+x3BaRsVnUFYkh49AK7SPrFS RxEGXPM2gVQmzzQy1wjN3HisqrlOHlwBffAuvA0i9q6BOddCVYS3/6n0eHIbeWg/ 8UxbvzOKxfW5gyuxudd/WsK9sjnHDlttNdHu6PUlU3WuUqyISOkviDrIU4Wi0iU7 soVcEYq7P0gJDXglvpaWBEfdohxsLmHgL+A35PKN9R6ItuaGTKWXE6usFx6IW3zA S5KrQiGmxoeKYlqHrMNpq65WJAPkeV++JYwpRlfX4dMH/z7fxRSbTXSurOx82mma PD7CetBvwUOhDcqgFJUK53pkP2ooVJWjw/1yHMVLy4YWpxzPo+h44Nn3SdKW60xK H6NHrsfhr3KtidKTjANqR+3kS0rsf8yN1N4QPe9OueNcdHWCjLw+P6etc34YJwr7 XvW7Z9zu9XWgV8beZFO4JcMBaULB9r4eksPtBKXdGMRujhhciZtNuBRxJaXa/GlR ZBaQa29GuhdeyN/k0rS9G5ICUgNyKStXdqJBQlMkrIJXKr7HYpW0j9z7SKCSQ+oX aBbBPVExUvdeikma6h1ZwqoQ4Svmb7zM5SfHuzaPYTnRBH7wtgW6G0qr/ijcDWND 1MBCfBH4qU8AECqXk+RAt+SBPokIbu9LTw8G0EU8c0dp0C6mHgA= =J+FD -----END PGP SIGNATURE-----