[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#913120: cups-filters: please favor graphicsmagick-imagemagick-compat over imagemagick

On Wed, Nov 07, 2018 at 08:44:25AM +0100, Jonas Smedegaard wrote:
> Source: cups-filters
> Version: 1.21.3-2
> Severity: important
> Tags: security
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Graphicsmagick is a drop-in replacement for imagemagick which - apart
> from being faster and lighter - also claims that it "suffers from fewer
> security issues and exploits" - which seems to correspond with the
> amount of issues reported at
> https://security-tracker.debian.org/tracker/source-package/imagemagick
> and
> https://security-tracker.debian.org/tracker/source-package/graphicsmagick

Counting CVE IDs is not a useful metric per se, before we migrate things this
should be researched more in depth (and then whatever magick is preferred
should be migrated distro-wide (and the other variant phased out)).

In this specific case other, more promising hardening options would be:
- IM is only used for the braille support, so this could be split into
  a separate binary package, reducing the attack footprint for the non-braille
  installations of cups-filters
- The respective code shells out to convert; the execution of that binary
  could be contained with firejail (e.g. with a profile running imagemagick
  with the seccomp filter and namespaced), mitigating the effect of an
  exploit in imagemagick.

Cheers,
        Moritz
Reply to: