安全公告详情

NS-SA-2026-0035

2026-03-27 21:27:27

简介

important: expat/ImageMagick security update

严重级别

important

主题

An update for expat/ImageMagick is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

expat:
ImageMagick:


Security Fix(es):
expat: An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.(CVE-2024-45491)
expat: bugfix
ImageMagick: A vulnerability was found in ImageMagick. This issue may allow shell command injection via video:vsync or video:pixel-format options in VIDEO encoding/decoding.(CVE-2023-34153)
ImageMagick: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.06B7.

影响组件

  • expat
  • ImageMagick

影响产品

  • CGSL MAIN 7.02

更新包

{"fix":[{"product":"CGSL MAIN 7.02","pkgs":[{"binary":["expat-static-2.5.0-2.zncgsl7.6.x86_64.rpm","expat-doc-2.5.0-2.zncgsl7.6.noarch.rpm","expat-2.5.0-2.zncgsl7.6.x86_64.rpm","expat-core-2.5.0-2.zncgsl7.6.x86_64.rpm","expat-devel-2.5.0-2.zncgsl7.6.x86_64.rpm"],"source":"expat-2.5.0-2.zncgsl7.6.src.rpm"},{"binary":["ImageMagick-perl-7.1.1.11-2.zncgsl7.3.x86_64.rpm","ImageMagick-c++-devel-7.1.1.11-2.zncgsl7.3.x86_64.rpm","ImageMagick-c++-7.1.1.11-2.zncgsl7.3.x86_64.rpm","ImageMagick-7.1.1.11-2.zncgsl7.3.x86_64.rpm","ImageMagick-djvu-7.1.1.11-2.zncgsl7.3.x86_64.rpm","ImageMagick-devel-7.1.1.11-2.zncgsl7.3.x86_64.rpm","ImageMagick-libs-7.1.1.11-2.zncgsl7.3.x86_64.rpm","ImageMagick-doc-7.1.1.11-2.zncgsl7.3.x86_64.rpm"],"source":"ImageMagick-7.1.1.11-2.zncgsl7.3.src.rpm"}]}]}

CVE

参考