Bug#913120: cups-filters: please favor graphicsmagick-imagemagick-compat over imagemagick
On Wed, Nov 07, 2018 at 08:44:25AM +0100, Jonas Smedegaard wrote:
> Source: cups-filters
> Version: 1.21.3-2
> Severity: important
> Tags: security
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Graphicsmagick is a drop-in replacement for imagemagick which - apart
> from being faster and lighter - also claims that it "suffers from fewer
> security issues and exploits" - which seems to correspond with the
> amount of issues reported at
> https://security-tracker.debian.org/tracker/source-package/imagemagick
> and
> https://security-tracker.debian.org/tracker/source-package/graphicsmagick
Counting CVE IDs is not a useful metric per se, before we migrate things this
should be researched more in depth (and then whatever magick is preferred
should be migrated distro-wide (and the other variant phased out)).
In this specific case other, more promising hardening options would be:
- IM is only used for the braille support, so this could be split into
a separate binary package, reducing the attack footprint for the non-braille
installations of cups-filters
- The respective code shells out to convert; the execution of that binary
could be contained with firejail (e.g. with a profile running imagemagick
with the seccomp filter and namespaced), mitigating the effect of an
exploit in imagemagick.
Cheers,
Moritz
Reply to: