Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 22.04 LTS: USN-6960-1 Critical: RMagick Memory Crash Risk

ubuntu
Calendar Grey August 14, 2024
Dist Ubuntu Esm H88
Ubuntu Security Announcement USN-6961-1 concerning RMagick stability issue impacting various LTS releases.
RMagick could be made to crash if it received specially crafted input.

Summary

RMagick could be made to crash if it received specially crafted input.

Software Description:

- ruby-rmagick: Ruby Bindings for ImageMagick

Details:

Nick Browning discovered that RMagick incorrectly handled memory

under certain operations. An attacker could possibly

use this issue to cause a denial of service through memory exhaustion.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   ruby-rmagick                    4.2.3-2ubuntu0.22.04.1~esm2
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   ruby-rmagick                    2.16.0-6ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6960-1

  CVE-2023-5349

Severity
critical
Lowest
Low
Medium
High
Critical

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here