Imagick security issue, theming can't be disabled

šŸ± Features & apps
1

Hi,

Theming app requires imagick package, however it has a vulnerability that can be fixed only with ubuntu pro esm :frowning_face:

Iā€™ve uninstalled the vulnerable packages but now my pretty green all ok changed to orange with the warning:

  • The PHP module ā€œimagickā€ is not enabled although the theming app is. For favicon generation to work correctly, you need to install and enable this module.

Iā€™ve tried to disable the theming app, but

theming can't be disabled.

Is there a way to fix this with free ubuntu 22.04 LTS?
My nextcloud is 27.

2

It has tons of vulnerabilitiesā€¦ :wink: but not all of them are critical, and not all of them do affect all Ubuntu releases, according to your link.

Not an official way, and I wouldnā€™t recommend to manually replace the package, or load it from some random PPA (if any exist), except you know exactley what youā€™re doing. However you can register five computers for freeā€¦ Ubuntu Pro | Ubuntu

Free for personal use

Anyone can use Ubuntu Pro for free on up to 5 machines, or 50 if you are an official Ubuntu Community member.

3

Free for personal use

Thatā€™s the issue, itā€™s not personal use.

4

Well, then you probably have to pay if you want that Extended Security Maintainance. Or you could use a free (as in freedom) distro like Debian which backports a lot of security fixes, and most if not all of the critical ones. Or maybe you could use a derivative of an enterprise distro that you donā€™t have to pay for (openSUSE leap comes to mind).

5

Your problem has nothing to do with imagemagick or with Ubuntu 22.04!

I also donā€™t know why you canā€™t install or update imagemagick. For me, it is present in the regular package sources of Ubuntu 22.04 (even if the Ubuntu web page says otherwise):

# apt list imagemagick*
Auflistungā€¦ Fertig
imagemagick-6-common/jammy-updates,jammy-security,now 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3 all  [Installiert,automatisch]
imagemagick-6-doc/jammy-updates,jammy-security 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3 all
imagemagick-6.q16/jammy-updates,jammy-security,now 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3 amd64  [Installiert,automatisch]
imagemagick-6.q16hdri/jammy-updates,jammy-security 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3 amd64
imagemagick-common/jammy-updates,jammy-security 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3 all
imagemagick-doc/jammy-updates,jammy-security 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3 all
imagemagick/jammy-updates,jammy-security,now 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3 amd64  [installiert]

My understanding is that the theming app is no longer needed, as its features are now hardwired into Nextcloud. However, it was forgotten to remove the corresponding app in existing installations. Thus, the app remains orphaned in existing installations and can no longer be uninstalled in the App Store. Also, the attempt to remove this app on the command line fails with the note that this app is now a fixed component.

This leaves the app Theming as an abandoned relic of times gone by in Nextcloud and we can only wait patiently until someone from the developers notices and then removes it.

6

There is no app called Theming listed.

7

apps/theming is not an abandoned relic. The actual implementation is still there. Itā€™s just not possible to disable the app anymore.

8

This topic was automatically closed after 15 hours. New replies are no longer allowed.