Thursday, August 22, 2024

[USN-6980-1] ImageMagick vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEE26yozGlLvY8PLmS9C+du+fOjiEwFAmbHmEsFAwAAAAAACgkQC+du+fOjiEwJ
Ogv9GQSAYSFe52d89w8iSsqAVbay7FTK9cyeW0iZGyGb0NCR+s8Nwr08admOjEQd7ZlgbHIDg/mJ
hBHMAKKGBVZwzPS0zIreJHWFHtvq68W0Rqk0y10IUsF+mU9CakxhQzpSROC2LJYyMjDGPEQ3aJ3j
ngrGx1dXqsxkIhlhqTxvy4Ch2pOjXkbPFdqMu1OUlBynX/DQwSVBEjWf7XzZ/vU7yM0cf+3foRmK
EnaPZx98GJ/w99m+Qemr6OQ99ByshNG5hBY9jUfOIzfGUJ4FdajXpJppQZxiNIc+rLKURuYicPZV
GdEQ765B3nWDFsIA1kMMZs6xsYfuoC16kOoUEFTpOfrExlqDBvi70esjZ3v9zDf+F85pvKGSCIqm
xw3L4Ngk2ZZd6KU6MLGpHZJXiL4QuPQ4n//w2pgcNNnwp3ij/e2QFkIslXaG1AKgEDMTQrPrD3hB
vlT3r6HE9iW0OX12LmLmdPg6FqaA4PYdBsv5FRoiM5x+onhvFPqB0xCWbjZE
=agM4
-----END PGP SIGNATURE-----

==============================

============================================
Ubuntu Security Notice USN-6980-1
August 22, 2024

imagemagick vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in ImageMagick.

Software Description:
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  imagemagick                     8:6.7.7.10-6ubuntu3.13+esm8
                                  Available with Ubuntu Pro
  libmagick++-dev                 8:6.7.7.10-6ubuntu3.13+esm8
                                  Available with Ubuntu Pro
  libmagick++5                    8:6.7.7.10-6ubuntu3.13+esm8
                                  Available with Ubuntu Pro
  libmagickcore-dev               8:6.7.7.10-6ubuntu3.13+esm8
                                  Available with Ubuntu Pro
  libmagickcore5                  8:6.7.7.10-6ubuntu3.13+esm8
                                  Available with Ubuntu Pro
  libmagickcore5-extra            8:6.7.7.10-6ubuntu3.13+esm8
                                  Available with Ubuntu Pro
  libmagickwand-dev               8:6.7.7.10-6ubuntu3.13+esm8
                                  Available with Ubuntu Pro
  libmagickwand5                  8:6.7.7.10-6ubuntu3.13+esm8
                                  Available with Ubuntu Pro
  perlmagick                      8:6.7.7.10-6ubuntu3.13+esm8
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6980-1
  CVE-2017-12805, CVE-2017-12806, CVE-2017-13144, CVE-2018-16412,
  CVE-2018-16413, CVE-2018-17966, CVE-2018-18016, CVE-2018-18024,
  CVE-2018-18025, CVE-2018-20467

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)