Release date:
2026-03-20 09:52:54 UTC
Description:
* SECURITY UPDATE: stack buffer overflow in msl.c (attribute handling),
path traversal bypass of security policy, XSS in HTML coder output,
and MSL attribute overflow
- debian/patches/CVE-2026-25797_CVE-2026-25965_CVE-2026-25968_CVE-2026-25982.patch: Fix memory leaks,
stack overflows, integer overflows and out‑of‑bounds reads; add bounds
checks, validate DCM entry sizes, sanitize PostScript filenames,
canonicalize paths and free resources; escape user-controlled strings
written as raw HTML in the HTML coder; cause was unsafe header and
filename parsing, incorrect assumptions about byte counts, path
resolution, unnormalized path matching allowing policy bypass, and
unescaped HTML output enabling cross-site scripting.
- CVE-2026-25797
- CVE-2026-25965
- CVE-2026-25968
- CVE-2026-25982
* SECURITY UPDATE: null pointer dereference in msl.c (repage/roll handlers)
- debian/patches/CVE-2026-25983.patch: move image null‑checks before
accessing image attributes in the repage and roll MSL tag handlers;
cause was dereferencing the image pointer for page geometry and
dimensions before verifying the image was defined.
- CVE-2026-25983
* SECURITY UPDATE: infinite recursion via crafted MSL/SVG/MVG files
- debian/patches/CVE-2026-25971.patch: add global Splay tree guards in
MSL and SVG coders to detect and reject recursive image references;
block dangerous protocols (ftp, http, mvg, vid) in DrawPrimitive;
cause was unbounded recursion through nested image reads.
- CVE-2026-25971
* SECURITY UPDATE: null pointer dereference in msl.c (comment/label handlers)
- debian/patches/CVE-2026-23952.patch: add image null-checks before
accessing image properties in the comment and label MSL end-element
handlers; cause was dereferencing the image pointer for
DeleteImageProperty before verifying the image was defined.
- CVE-2026-23952
* SECURITY UPDATE: MSLPushImage return value not captured
- debian/patches/CVE-2026-25988.patch: change MSLPushImage to return
the new image index and capture the return value in the MSL image
tag handler; cause was the local index variable not being updated
after pushing a new image onto the stack.
- CVE-2026-25988
Updated packages:
-
imagemagick_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:9a3c0bc52451992cd632996192f47b435a8911cf
-
imagemagick-6-common_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_all.deb
sha:4f67119d9f85b103d4a3f16f74dfd4153524c7eb
-
imagemagick-6-doc_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_all.deb
sha:3bd95232c3b5ffa1f078f92ace46f44517244e13
-
imagemagick-6.q16_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:9c41694cd136795953ef91dc285dec3527eb160d
-
imagemagick-6.q16hdri_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:d2c7f11cd96fca615377b21775933c0b9ad7c6f8
-
imagemagick-common_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_all.deb
sha:db445435faec4fe15d69ddce4a32110eb9a276ef
-
imagemagick-doc_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_all.deb
sha:345f9ff9c524533c9bab821c71a0f3379fbfc751
-
libimage-magick-perl_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_all.deb
sha:f5b8365b7eabc83e5038adfdda32b70562f52737
-
libimage-magick-q16-perl_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:c6977671e040a782ed1980f2ec12fb29bf131289
-
libimage-magick-q16hdri-perl_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:04e4c4d806a140d7c6331108946630a87b5d85fb
-
libmagick++-6-headers_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_all.deb
sha:459d7f2637ae3e371c28741d3a4912b73418374f
-
libmagick++-6.q16-7_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:bcd0c60668d1820d69be8bc4b917c39907225e5f
-
libmagick++-6.q16-dev_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:b9db522350f46ace75fd78afdc37ad4f9bed7391
-
libmagick++-6.q16hdri-7_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:44b197de936ab8d65a331a4c270ec4fad274066a
-
libmagick++-6.q16hdri-dev_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:09ba85b95dd19a655211fbe89389d1946a8939d3
-
libmagick++-dev_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_all.deb
sha:2d6c13deba8c32160a9d84ca065b7784f7e5022f
-
libmagickcore-6-arch-config_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:3a4abe12519ffcf488bcf1de109301951f379d0b
-
libmagickcore-6-headers_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_all.deb
sha:c5ffdb7276c17dd7f845482289a46e6883aa31e6
-
libmagickcore-6.q16-3_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:1146e54112958b68688814aa463f89315a8b1dce
-
libmagickcore-6.q16-3-extra_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:c2b1dace91e79cd70f1e4290cf4509d457468d52
-
libmagickcore-6.q16-dev_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:2d773069653e0aeaaeaa058cb1c44c8745fd2ed7
-
libmagickcore-6.q16hdri-3_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:f592e3420739bbfe7381e9ca735f6f16aa9ef43e
-
libmagickcore-6.q16hdri-3-extra_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:6e997d041522ba6fc17c1f85aab53bd5471aa4e9
-
libmagickcore-6.q16hdri-dev_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:c12a51580912160e8188e5190ebe011206eb3d43
-
libmagickcore-dev_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_all.deb
sha:8b0be2d4a40cfee25d5a0b72bec1f94655967576
-
libmagickwand-6-headers_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_all.deb
sha:f880c80b12dc7e70138ef1ea95ba9a13d6aea731
-
libmagickwand-6.q16-3_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:2b5071827c3654eb6b72df9b9494af75f6029bb9
-
libmagickwand-6.q16-dev_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:5f7ac098ed898b1b6ca281eea7f523ef248519ab
-
libmagickwand-6.q16hdri-3_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:058500687874efb8923b2b6e35d28aba61dd581b
-
libmagickwand-6.q16hdri-dev_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_amd64.deb
sha:f1ce339202c1db192db282903b47ef817c8a7d78
-
libmagickwand-dev_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_all.deb
sha:a0c5ec811ede3061a914e8f520f99a7fac98ec08
-
perlmagick_6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23_all.deb
sha:c22c7164f32cf288d915d450c1fa7144d1615897
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
