[Bug 2004580] Re: Possible arbitrary file leak
Launchpad Bug Tracker
2004580 at bugs.launchpad.net
Tue Feb 28 19:43:04 UTC 2023
This bug was fixed in the package imagemagick -
8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2
---------------
imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2) kinetic-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2022-44267.patch: possible DoS @ stdin (OCE-
2022-70); possible arbitrary file leak (OCE-2022-72) (LP: #2004580)
- CVE-2022-44267
* SECURITY UPDATE: Information Disclosure
- debian/patches/CVE-2022-44268.patch: move -set profile handler to CLI
- CVE-2022-44268
-- Paulo Flabiano Smorigo <pfsmorigo at canonical.com> Fri, 24 Feb 2023
11:21:38 -0300
** Changed in: imagemagick (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: imagemagick (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/2004580
Title:
Possible arbitrary file leak
Status in imagemagick package in Ubuntu:
Fix Released
Bug description:
More details can be found here:
https://www.metabaseq.com/imagemagick-zero-days/
Affected versions:
Injection via "-authenticate"
- ImageMagick 6: 6.9.8-1 up to 6.9.11-40
Explotation via MSL:
-ImageMagick 6: 6.9.11-35 up to 6.9.11-40
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/2004580/+subscriptions
More information about the foundations-bugs
mailing list