Tuesday, March 5, 2024

[USN-6675-1] ImageProcessing vulnerability

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEELRdhz3KY7FGicMD8Vjg+NdFTuLIFAmXnWlYFAwAAAAAACgkQVjg+NdFTuLKr
egwAkG90fKbrxo7q4GY2wxWYKrGYV5zeXvNfkN0oaR4prhYCdMkVMuWOPCrKb7FMiX1KE51C6IiW
RcHPZSfmEBH0mmI11brTTFOmM/JoNEWItylUS/3VuQCJV/Zf5hti2XjqI++MRsR1pnj5iARZnV6d
XPIwV5lbwnjMitrM7n+XjRHefx009HXtKeSQCY6XZdvTtXdc59qKgb79Nh3CV0j6dxdJUSQS6EWz
Qkqd/BZeU8pQX300/ElzgKZ0xQmiBmkS/KwcqdJx9Uw71KCEcCqj9atr07x/RAAkG23Rt9429bYb
/7cEYmPSFJB1vaOBxxU+E38068I9Lj3x+wY2mwcpnKK7e4UUHdlWHyfhhGnDJPQk6RxsVJR1RdYi
eXuNkQcZ/1rkK84up9a4PuTmf87mB0OI/MDmgu+kMX17bxCevq99SY0nVJ+JZzLOQvolUvBteiFS
bkyjzF3nL5rkBSw2outo0Xk8wskF82uR3NP+sKFnJzFHrlpMxVuA9ZwWpnIs
=dPVW
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6675-1
March 05, 2024

ruby-image-processing vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

ImageProcessing could be made to crash or run programs as an administrator
if it received specially crafted input.

Software Description:
- ruby-image-processing: High-level image processing wrapper for libvips and
ImageMagick/GraphicsMagick

Details:

It was discovered that ImageProcessing incorrectly handled series of operations
that are coming from unsanitised inputs. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker could
possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
ruby-image-processing 1.10.3-1ubuntu0.22.04.1

Ubuntu 20.04 LTS:
ruby-image-processing 1.10.3-1ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6675-1
CVE-2022-24720

Package Information:

https://launchpad.net/ubuntu/+source/ruby-image-processing/1.10.3-1ubuntu0.22.04.1

https://launchpad.net/ubuntu/+source/ruby-image-processing/1.10.3-1ubuntu0.20.04.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)