Ubuntu Security Notice 6675-1 - It was discovered that ImageProcessing incorrectly handled series of operations that are coming from unsanitised inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.
d491a79e75514bf25f975567ff41507638e98c09cab54bfb9d5dcf4332bfbb3a
==========================================================================
Ubuntu Security Notice USN-6675-1
March 05, 2024
ruby-image-processing vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
ImageProcessing could be made to crash or run programs as an administrator
if it received specially crafted input.
Software Description:
- ruby-image-processing: High-level image processing wrapper for libvips and
ImageMagick/GraphicsMagick
Details:
It was discovered that ImageProcessing incorrectly handled series of operations
that are coming from unsanitised inputs. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker could
possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
ruby-image-processing 1.10.3-1ubuntu0.22.04.1
Ubuntu 20.04 LTS:
ruby-image-processing 1.10.3-1ubuntu0.20.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6675-1
CVE-2022-24720
Package Information:
https://launchpad.net/ubuntu/+source/ruby-image-processing/1.10.3-1ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/ruby-image-processing/1.10.3-1ubuntu0.20.04.1