Gentoo: GLSA-202405-02: ImageMagick: Security Advisory Updates
Summary
Multiple vulnerabilities have been discovered in ImageMagick. Please
review the CVE identifiers referenced below for details.
Resolution
All ImageMagick 6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.13.0" =media-gfx/imagemagick-6*"
All ImageMagick 7.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-7.1.1.22"
References
[ 1 ] CVE-2021-4219
https://nvd.nist.gov/vuln/detail/CVE-2021-4219
[ 2 ] CVE-2021-20224
https://nvd.nist.gov/vuln/detail/CVE-2021-20224
[ 3 ] CVE-2022-0284
https://nvd.nist.gov/vuln/detail/CVE-2022-0284
[ 4 ] CVE-2022-1115
https://nvd.nist.gov/vuln/detail/CVE-2022-1115
[ 5 ] CVE-2022-2719
https://nvd.nist.gov/vuln/detail/CVE-2022-2719
[ 6 ] CVE-2022-3213
https://nvd.nist.gov/vuln/detail/CVE-2022-3213
[ 7 ] CVE-2022-28463
https://nvd.nist.gov/vuln/detail/CVE-2022-28463
[ 8 ] CVE-2022-32545
https://nvd.nist.gov/vuln/detail/CVE-2022-32545
[ 9 ] CVE-2022-32546
https://nvd.nist.gov/vuln/detail/CVE-2022-32546
[ 10 ] CVE-2022-32547
https://nvd.nist.gov/vuln/detail/CVE-2022-32547
[ 11 ] CVE-2022-44267
https://nvd.nist.gov/vuln/detail/CVE-2022-44267
[ 12 ] CVE-2022-44268
https://nvd.nist.gov/vuln/detail/CVE-2022-44268
[ 13 ] CVE-2023-1906
https://nvd.nist.gov/vuln/detail/CVE-2023-1906
[ 14 ] CVE-2023-2157
https://nvd.nist.gov/vuln/detail/CVE-2023-2157
[ 15 ] CVE-2023-5341
https://nvd.nist.gov/vuln/detail/CVE-2023-5341
[ 16 ] CVE-2023-34151
https://nvd.nist.gov/vuln/detail/CVE-2023-34151
[ 17 ] CVE-2023-34153
https://nvd.nist.gov/vuln/detail/CVE-2023-34153
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-02
Concerns
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been discovered in ImageMagick, the worst
of which can lead to remote code execution.
Background
ImageMagick is a software suite to create, edit, and compose bitmap
images, that can also read, write, and convert images in many other
formats.
Affected Packages
Package Vulnerable Unaffected
--------------------- ------------ ------------
media-gfx/imagemagick < 6.9.12.88 >= 6.9.13.0
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.