MGASA-2026-0100 Updated polkit-122 packages fix security vulnerability

Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write. CVE-2025-7519...

CVE-2026-28688

A flaw was found in ImageMagick. Processing commands related to MSL writing, specifically cloning an image structure for output, can cause a heap use-after-free vulnerability and result in a denial of service. Mitigation To mitigate this vulnerability, disable the vulnerable encoder by adding the...

Use After Free

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Infinite loop

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

SUSE-SU-2025:02527-1 Security update for polkit

This update for polkit fixes the following issues: - CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. bsc1246472...

Exploit for CVE-2022-37017

CVE-2022-37017 Authentication bypass for Symantec Endpoint Pro...

CVE-2021-39212

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded...

CVE-2018-19358

GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms involving the busconf...

UBUNTU-CVE-2018-19358

DISPUTED GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms involving th...

USN-2990-1 imagemagick vulnerabilities

Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as "ImageTragick". This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration...