[SECURITY] [DSA 6210-1] imagemagick security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6210-1] imagemagick security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 14 Apr 2026 20:29:08 +0000
Message-id: <[🔎] ad6jlOAxWOzj0hee@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6210-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 14, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : imagemagick
CVE ID         : CVE-2026-25796 CVE-2026-25985 CVE-2026-26284 CVE-2026-26983 
                 CVE-2026-28494 CVE-2026-28686 CVE-2026-28687 CVE-2026-28688 
                 CVE-2026-28689 CVE-2026-28690 CVE-2026-28691 CVE-2026-28692 
                 CVE-2026-28693 CVE-2026-30883 CVE-2026-30936 CVE-2026-30937 
                 CVE-2026-31853 CVE-2026-32259 CVE-2026-32636 CVE-2026-33535 
                 CVE-2026-33536

Multiple security vulnerabilities were discovered in imagemagick,
a software suite used for editing and manipulating digital images, which
could lead to symlink races, information leaks, denial of service
and potentially arbitrary code execution.

For the oldstable distribution (bookworm), these problems have been fixed
in version 8:6.9.11.60+dfsg-1.6+deb12u8.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmneo3gACgkQEMKTtsN8
TjZKAA/+J1ZZzoAriBsmizfuwF/PX6ZFuld3ykVKgjDtDTMAKDuaxk8F3QD5cQd2
Vtqv76+cnIITlYT1G96PHySzH6uiwY89BigE+gmIU0U3sTyb2lJiQoIj83XL42DM
ARsGYpXfl7Mw5Nyt4PZJJ3il8uqPZEYx+ku3zswnSXIKLA6+JSB2NxanPsRcLyRh
EUBPQCkzILCEnu7zTFAtQoQdooMlFQJl8RfcuHPH8CfmGYUEikRAPo0dfohBTe8t
mn4OU2KmK63Z+Vvk7x+48bBfbYZZ+egql1ZywpgRa/ULTdUCbKm1lOjGEFPSpq7n
d5dGUC9kSmkj+yCk8MO2jJ6Kf24ndm50U5p3zslHI64zHz48ZN73ILPAV5Uk/qco
A/trlRASThGWJSjqEdGLXgUa/jIew09QMDAI2ilJysumCjR7Ce5V2Yc5O18+1Tbo
nj/uKVoX6l6leM5QvpjdDq3XdYop+I1xvCjB/It83ZaZVXDwWmQ5f3hfaDgeCQRF
daBHdVOwkWlGTl4YuBIAZxFLof0ihiyK7D3V+ER9iElSfgHV9Pwq1h+W9qLi71nm
qzzqvwcubk56FsjyEvuBbFPf2PySxebK6MF27xjg6XEwMHD/rQCrYQZt9kw94DQm
SkLVFpgAtr1cVRdFdbaYWbQ9LPvPU7uCCjV/Flr5g+qLFFUqrNM=
=tPm3
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6209-1] xdg-dbus-proxy security update
Next by Date: [SECURITY] [DSA 6211-1] thunderbird security update
Previous by thread: [SECURITY] [DSA 6209-1] xdg-dbus-proxy security update
Next by thread: [SECURITY] [DSA 6211-1] thunderbird security update
Index(es):
- Date
- Thread