Debian alert DSA-6310-1 (imagemagick) [LWN.net]


From:
               Moritz Muehlenhoff <jmm@debian.org>
To:
               debian-security-announce@lists.debian.org
Subject:
               [SECURITY] [DSA 6310-1] imagemagick security update
Date:
               Fri, 29 May 2026 18:33:42 +0000
Message-ID:
               <ahncBkrCMwFeRLkD@seger.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6310-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 29, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : imagemagick
CVE ID         : CVE-2026-42050 CVE-2026-42326 CVE-2026-45031 CVE-2026-45359 
                 CVE-2026-45624 CVE-2026-45664 CVE-2026-46520 CVE-2026-46521 
                 CVE-2026-46522 CVE-2026-46523 CVE-2026-46559 CVE-2026-46692 
                 CVE-2026-46693 CVE-2026-47165 CVE-2026-47166

Multiple security vulnerabilities were discovered in imagemagick, a
software suite used for editing and manipulating digital images, which
could lead to denial of service, information disclosure or
potentially arbitrary code execution if malformed images are processed.

For the oldstable distribution (bookworm), these problems have been fixed
in version 8:6.9.11.60+dfsg-1.6+deb12u10.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoZ2PEACgkQEMKTtsN8
TjYzShAAipZgmcu3dgRiC1rT+1XdyqpzL82a7LRo5QfgmQ3Lz09+EmvGNRfJXvbr
VGYwGaGWNzpGJ5P2kTF//G+BR17L4Js9FcPA6VW/I/r6zZJTkG4mX3V4sMhSxg6k
iznOA7o71r4Zr5Ij2EL09BhNt/Fa2xTLVtgdzxggZJHpB3shakr9ZoqOEspMpNk5
m6lwKUIK4MLS3MVeL1ZiISieqxyLvA7MdKVHz0OkUVOq5d1vYgDRxgj5vxHmMr2x
U9vG5GGmenq+GaSywfkmzjtkhcTNFdVLFDMQwi0yaF8CSeZuw9ikpRZjjttX/iw+
HqMWk7LdG1FgglIgSfgYBzX4gdjbFxzoZyPHn2Q8wWFbAvWJ7f354SdB/cSAxuhc
Gz5LAn4lhaHCMgGCmdTzbaWLArBeJc5De+soz2+I33923rmJ+ulGZ1wuiTrUg6Fo
jJIFS0hU7nuZDuoecTW2zhvF3odmecEPt6xtbjcby+xpnx7IrvF7wff/0DLk1x8R
SjRnkRTErjp0lHxis1Fwdt8aKwZ4PzajenYEpoBQ+KT1BLC0PMS9H/xWKCvSDOvP
BAtRNrxZYqtEtQxhzJoljliynoQq62V6zLZBXX1nCKgjjCwncjUgdxP3n2yM/AKl
26h17dEg3WfXkhD2pddClnFgyTw+rEoDHUCF+YK+qJJ+hUzUaY0=
=kflh
-----END PGP SIGNATURE-----
From:		Moritz Muehlenhoff <jmm@debian.org>
To:		debian-security-announce@lists.debian.org
Subject:		[SECURITY] [DSA 6310-1] imagemagick security update
Date:		Fri, 29 May 2026 18:33:42 +0000
Message-ID:		<ahncBkrCMwFeRLkD@seger.debian.org>