Groups | Search | Server Info | Login | Register

Groups > linux.debian.announce.security > #4807

[SECURITY] [DSA 6240-1] imagemagick security update

Path csiph.com!weretis.net!feeder8.news.weretis.net!news.samoylyk.net!gothmog.csi.it!bofh.it!news.nic.it!robomod
From Moritz Muehlenhoff <jmm@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6240-1] imagemagick security update
Date Fri, 01 May 2026 17:40:02 +0200
Message-ID <MPY8a-1NMg-3@gated-at.bofh.it> (permalink)
X-Original-To debian-security-announce@lists.debian.org
X-Mailbox-Line From debian-security-announce-request@lists.debian.org Fri May 1 15:33:13 2026
Old-Return-Path <jmm@seger.debian.org>
X-Amavis-Spam-Status No, score=-112.191 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FVGT_m_MULTI_ODD=0.02, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no
Old-Dkim-Signature v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=u4K/lzS2H6rJbWjfv2C1vYQPwL3ZH0kmqeSMvLrLcQM=; b=HX R3YzG0vY9KCRMsQ9bgikGngCjnK9BE9r5Xo/hVTFLh/FaF2cglMDxA2lfz/jLoU9oks7SJ0WszrdU vKM8dZhHU2IgQhqJNp+JkYO3XgnpgELjqM4EJvySaC+8qTD0l8iImAFeoDmLSCfqWR4hm0mC8fZAz lxcYo37r5W6cpC7w2jYOgP/E3YhXcMC6WPaAAQ0YffAQOsfERhbf296qhf/2FaZFW9rE48moV++iQ s2eI/mC91gsrXpyqI0nPSfBp9TCJsHO6rq1TTZsd+xOAJIDGNfTvFvEa+tmxlEIpci7X2iURCjG6G URWGv/H/jBQZJg2YQE5BS7xypWla3DJA==;
MIME-Version 1.0
Content-Type text/plain; charset=us-ascii
Content-Disposition inline
X-Debian PGP check passed for security officers
Priority urgent
Reply-To debian-security-announce-request@lists.debian.org
X-Mailing-List <debian-security-announce@lists.debian.org> archive/latest/5165
List-ID <debian-security-announce.lists.debian.org>
List-URL <http://lists.debian.org/debian-security-announce/>
List-Archive https://lists.debian.org/msgid-search/afTHolKpAk0nQ1OW@seger.debian.org
Approved robomod@news.nic.it
Lines 50
Organization linux.* mail to news gateway
Sender robomod@news.nic.it
X-Original-Date Fri, 1 May 2026 15:32:50 +0000
X-Original-Message-ID <afTHolKpAk0nQ1OW@seger.debian.org>
Xref csiph.com linux.debian.announce.security:4807

Show key headers only | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6240-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 01, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : imagemagick
CVE ID         : CVE-2026-32636 CVE-2026-33535 CVE-2026-33536 CVE-2026-33899 
                 CVE-2026-33900 CVE-2026-33901 CVE-2026-33902 CVE-2026-33905 
                 CVE-2026-33908 CVE-2026-34238 CVE-2026-40169 CVE-2026-40183 
                 CVE-2026-40310 CVE-2026-40311 CVE-2026-40312

Multiple security vulnerabilities were discovered in imagemagick, a
software suite used for editing and manipulating digital images, which
could lead to denial of service, information disclosure or potentially
arbitrary code execution if malformed images are processed.

For the stable distribution (trixie), these problems have been fixed in
version 8:7.1.1.43+dfsg1-1+deb13u8.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmn0xHQACgkQEMKTtsN8
TjZBYhAAqV8IhMdxjjh/rxVaIBdh1keDyDZjAx8D+x3BaRsVnUFYkh49AK7SPrFS
RxEGXPM2gVQmzzQy1wjN3HisqrlOHlwBffAuvA0i9q6BOddCVYS3/6n0eHIbeWg/
8UxbvzOKxfW5gyuxudd/WsK9sjnHDlttNdHu6PUlU3WuUqyISOkviDrIU4Wi0iU7
soVcEYq7P0gJDXglvpaWBEfdohxsLmHgL+A35PKN9R6ItuaGTKWXE6usFx6IW3zA
S5KrQiGmxoeKYlqHrMNpq65WJAPkeV++JYwpRlfX4dMH/z7fxRSbTXSurOx82mma
PD7CetBvwUOhDcqgFJUK53pkP2ooVJWjw/1yHMVLy4YWpxzPo+h44Nn3SdKW60xK
H6NHrsfhr3KtidKTjANqR+3kS0rsf8yN1N4QPe9OueNcdHWCjLw+P6etc34YJwr7
XvW7Z9zu9XWgV8beZFO4JcMBaULB9r4eksPtBKXdGMRujhhciZtNuBRxJaXa/GlR
ZBaQa29GuhdeyN/k0rS9G5ICUgNyKStXdqJBQlMkrIJXKr7HYpW0j9z7SKCSQ+oX
aBbBPVExUvdeikma6h1ZwqoQ4Svmb7zM5SfHuzaPYTnRBH7wtgW6G0qr/ijcDWND
1MBCfBH4qU8AECqXk+RAt+SBPokIbu9LTw8G0EU8c0dp0C6mHgA=
=J+FD
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6240-1] imagemagick security update Moritz Muehlenhoff <jmm@debian.org> - 2026-05-01 17:40 +0200

csiph-web