important: ImageMagick security update
important
An update for ImageMagick is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
ImageMagick: ImageMagick-devel contains the static libraries and header files you'll need to develop ImageMagick applications using the Magick++ C++ bindings. ImageMagick is an image manipulation program. If you want to create applications that will use Magick++ code or APIs, you'll need to install ImageMagick-c++-devel, ImageMagick-devel and ImageMagick. You don't need to install it if you just want to use ImageMagick, or if you want to develop/compile applications using the ImageMagick C interface, however.
Security Fix(es):
ImageMagick: A flaw was found in ImageMagick. The -authenticate option is mishandled allowing user-controlled password set for a PDF file to possibly inject additional shell commands via coders/pdf.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-29599)
ImageMagick: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F31B4.