Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 22.04 LTS USN-6675-1 High: ruby-image-processing Remote Code Exec

Calendar Mar 05, 2024 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory high remote code exec ubuntu ruby
ImageProcessing could be made to crash or run programs as an administrator if it received specially crafted input. 
==========================================================================
Ubuntu Security Notice USN-6675-1
March 05, 2024

ruby-image-processing vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

ImageProcessing could be made to crash or run programs as an administrator
if it received specially crafted input.

Software Description:
- ruby-image-processing: High-level image processing wrapper for libvips and 
ImageMagick/GraphicsMagick

Details:

It was discovered that ImageProcessing incorrectly handled series of operations
that are coming from unsanitised inputs. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker could
possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
   ruby-image-processing           1.10.3-1ubuntu0.22.04.1

Ubuntu 20.04 LTS:
   ruby-image-processing           1.10.3-1ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6675-1
   CVE-2022-24720

Package Information:

Ubuntu 22.04 LTS USN-6675-1 High: ruby-image-processing Remote Code Exec

ubuntu
Calendar Grey March 5, 2024
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-6675-1 highlights a vulnerability within ruby-image-processing that could result in unapproved execution of code.
ImageProcessing could be made to crash or run programs as an administrator if it received specially crafted input.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: ImageProcessing could be made to crash or run programs as an administrator if it received specially crafted input. Software Description: - ruby-image-processing: High-level image processing wrapper for libvips and ImageMagick/GraphicsMagick Details: It was discovered that ImageProcessing incorrectly handled series of operations that are coming from unsanitised inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.

Topics%20covered

Topics Covered

security advisory high remote code exec ubuntu ruby

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: ruby-image-processing 1.10.3-1ubuntu0.22.04.1 Ubuntu 20.04 LTS: ruby-image-processing 1.10.3-1ubuntu0.20.04.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6675-1

CVE-2022-24720

Ubuntu Security Notice USN-6675-1

Topics%20covered

Topics Covered

security advisory high remote code exec ubuntu ruby

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here