[Bug 2004580] Re: Possible arbitrary file leak
David Zuelke
2004580 at bugs.launchpad.net
Mon Feb 27 13:06:31 UTC 2023
The fix committed to bionic applies cleanly to focal:
ubuntu-imagemagick % git checkout origin/applied/ubuntu/focal-security
Previous HEAD position was 9d9d88c18 8:6.9.7.4+dfsg-16ubuntu6.15 (patches applied)
HEAD is now at d5cfbaeb8 8:6.9.10.23+dfsg-2.1ubuntu11.4 (patches applied)
ubuntu-imagemagick % git cherry-pick ff63fb0005ef2b9a35ca0811fcf391824586d0dc
Auto-merging coders/png.c
[detached HEAD 0d1b05180] [PATCH] possible DoS @ stdin (OCE-2022-70); possible arbitrary file
Author: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Date: Thu Feb 9 12:11:42 2023 -0500
1 file changed, 13 insertions(+), 2 deletions(-)
For jammy, the upstream commit (https://github.com/ImageMagick/ImageMagick6/commit/d77c01e560e973177feed4915ffd7dd1a45fd763) applies almost verbatim; the preprocessor conditionals from upstream ("#if 0 /* security risk -- disable for now */") around the removed block in magick/property.c are not in jammy, so that gets rejected:
ubuntu-imagemagick % git checkout origin/applied/ubuntu/jammy
Previous HEAD position was d5cfbaeb8 8:6.9.10.23+dfsg-2.1ubuntu11.4 (patches applied)
HEAD is now at bc5d3ac18 8:6.9.11.60+dfsg-1.3build2 (patches applied)
ubuntu-imagemagick % curl -s https://github.com/ImageMagick/ImageMagick6/commit/d77c01e560e973177feed4915ffd7dd1a45fd763.patch | patch -p1
patching file 'magick/property.c'
Reversed (or previously applied) patch detected! Assume -R? [y] n
Apply anyway? [n] y
1 out of 1 hunks failed--saving rejects to 'magick/property.c.rej'
patching file 'wand/mogrify.c'
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/2004580
Title:
Possible arbitrary file leak
Status in imagemagick package in Ubuntu:
Confirmed
Bug description:
More details can be found here:
https://www.metabaseq.com/imagemagick-zero-days/
Affected versions:
Injection via "-authenticate"
- ImageMagick 6: 6.9.8-1 up to 6.9.11-40
Explotation via MSL:
-ImageMagick 6: 6.9.11-35 up to 6.9.11-40
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/2004580/+subscriptions
More information about the foundations-bugs
mailing list