Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 38 ImageMagick 2023-d53831b69d Moderate Command Injection

fedora
Calendar Grey June 3, 2023
Dist Fedora Esm H88
ImageMagick 7.1.1.11 for Fedora 38 addresses severe command injection vulnerabilities. Upgrade today for improved safety.
Update to 7.1.1.11 (#2210875) ---- Update to 7.1.1.10 (#2207788) Security fix for CVE-2023-34151 Security fix for CVE-2023-34152 Security fix for CVE-2023-34153

Summary

ImageMagick is an image display and manipulation tool for the X

Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,

and Photo CD image formats. It can resize, rotate, sharpen, color

reduce, or add special effects to an image, and when finished you can

either save the completed work in the original format or a different

one. ImageMagick also includes command line programs for creating

animated or transparent .gifs, creating composite images, creating

thumbnail images, and more.

ImageMagick is one of your choices if you need a program to manipulate

and display images. If you want to develop your own applications

which use ImageMagick code or APIs, you need to install

ImageMagick-devel as well.

Update to 7.1.1.11 (#2210875) ---- Update to 7.1.1.10 (#2207788)

Security fix for CVE-2023-34151 Security fix for CVE-2023-34152 Security

fix for CVE-2023-34153

* Mon May 29 2023 Fedora Release Monitoring - 1:7.1.1.11-1

- Update to 7.1.1.11 (#2210875)

* Mon May 22 2023 Fedora Release Monitoring - 1:7.1.1.10-1

- Update to 7.1.1.10 (#2207788)

[ 1 ] Bug #2210657 - CVE-2023-34151 ImageMagick: Undefined behaviors of casting double to size_t in svg, mvg and other coders

https://bugzilla.redhat.com/show_bug.cgi?id=2210657

[ 2 ] Bug #2210659 - CVE-2023-34152 ImageMagick: RCE (shell command injection) vulnerability in OpenBlob with --enable-pipes configured

https://bugzilla.redhat.com/show_bug.cgi?id=2210659

[ 3 ] Bug #2210660 - CVE-2023-34153 ImageMagick: Shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding

https://bugzilla.redhat.com/show_bug.cgi?id=2210660

su -c 'dnf upgrade --advisory FEDORA-2023-d53831b69d' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory moderate update Fedora software fix command injection ImageMagick

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 38
Version: 7.1.1.11
Release: 1.fc38
URL: https://imagemagick.org/
Summary: An X application for displaying and manipulating images

Topics%20covered

Topics Covered

security advisory moderate update Fedora software fix command injection ImageMagick

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here